And maybe it’s a good idea to configure the server to NOT show the stack, it’s not very secure
Traditionally, this is true, but if your entire stack is open source like ours, there are no real secrets. The entire codebase is publicly available on GitHub. If you want to learn our technology stack in the hopes of identifying an attack vector, a quick perusal of package.json in the root of the project provides a nice outline based on the npm packages installed with the app — right down to the version number.
The only thing in the error that’s not public is the path to the app on the web server, but anybody who gains access to the file system has defeated several layers of security and already has the keys to the kingdom.
From a UX perspective, the errors are ugly. That just comes down to time and priorities.