Security Risks with Observable Framework Local Servers

Hello all, I’ve been creating dashboards for my company for the past few weeks, but this has been shut down due to concerns over security. As told by my IT team, any locally hosted server is a security risk, and thus is not allowed.

This to me would seem to mean that this software couldn’t be used for any company, but that doesn’t seem accurate to me. Are there any articles or information that talk about this more? Or how to mitigate risks to local servers?

Thanks for raising this. It would be great to learn a bit more about this, but it would probably involve details that you may not want to share on the public forum. Please email us at so that we can get into some more details.

From your message, it was not completely clear what your workflow is, and what they are concerned about. It could either be concerns about the dev server on your local machine while you are developing, or it could be concerns about the server where you are deploying your dashboards for your company to view.

Development server
We have heard about some companies who do not allow any development on local machines, and they have been developing their dashboards inside docker containers on AWS. It is a more complicated setup, and if that is the policy of a company, I would expect it to apply to any application development environments.

Hosted server
Perhaps this is what their concerns are about, but I am not sure what you mean exactly by ‘locally hosted server’. If they have concerns with any web servers on the internal network, then you should find out what options they would suggest for hosting your app. All you need is a webserver and a place to push the static site to. Perhaps they have a preferred hosting provider (inside your network or cloud provided). There are many hosting options for Framework generated applications (including hosting them on Observable…). Let’s discuss in email at

1 Like

I sent an email, thank you

1 Like