If you don’t want to go full Cloudflare you can mitigate DDOS using these kind of technique locally.
https://blog.nginx.org/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus
Cloudflare will be a lot more effective in case of attack. But I don’t think most people need more than a few mitigation rules. If DDOS really come, there are very few things you could do to mitigate anyway.
The first pass of elm ecosystem solved it. Before elm, it was also solved by other frameworks. But people wanted to be able to reuse their components and not rebuild new ones. React provided the ability to reuse css, and dirty js code in the middle of your application. You already had an way bigger ecosystem because you didn’t have to learn and built a complete new system again.
Personally if I had the choice I believe a new start should start at the browser level. Stop supporting HTML/CSS/JS. Create a new app-centric DSL and not a document centric one like html/css/js.
Ideally something inspired from cocoa layout. And I am dreaming but not accept generic code on the client side and only support a small controlled API. It would solve so many security issues. Sure, the creativity in such an ecosystem will be severely reduced. But we will have a so much improved UX.