now read those flaws, compare them to the worst in 2004 and tell me they're the same. They're not the same because the internet was insecure as fuck in 2004 and these days security researchers motivations to receive bounties result in considerably more situational (and significantly less severe) security issues.

create-react-app has been discouraged to use for a couple of years now, not really sure if the React team is still supporting it.

April 2022 was the last maintenance release.

Out of curiosity, why is it discouraged?

I’m not really in the React world, but have been fixing up a Create React App for a client recently, so learned a bit more about it.

So how are you supposed to create static react app now?

They no longer want you to create a React app by itself[1], but instead use Next.js, Remix, Gatsby, or Expo.

[1]: https://react.dev/learn/start-a-new-react-project

None of which are static. How are you supposed to create a static React app?

You can use vite for that