dependabot[bot] on npm_and_yarn
dependabot[bot] on npm_and_yarn
Bump node-fetch from 2.6.1 to 2… (compare)
Nah, you pretty much summed it up. Stripe does have 'solution' you can implement for your site for exactly what you mentioned (as far as I know). Basically the issue arises when you transmit credit card information to your server, I believe. Or at least that was my understanding. That as long as the transmission is user -> Stripe, it's okay but user -> server -> Stripe is no go.
But that makes me wonder if even user -> Stripe is "breaking" PCI rules. I didn't study deeply into PCI-DSS, just that it costs a bunch of money, is a hassle and using a third-party (like Stripe) alleviates that issue as long as you never transmit CC info to your server.
You are right though that it doesn't entirely belong as a default feature.