And auto-dependency resolution also doesn't seem any larger a security concern, all it's doing is skipping an "npm install" command.
And as for automatic dependency resolution, this means you're not even aware of what transitive dependencies you're pulling in, what version they are and have no way to vet anything - everything is hidden behind a wall of magic.
Automatic dependency resolution however... Fantastic for experimentation, but that's a dealbreaker for production. Maybe it would be OK if it actually wrote the package-lock.json to the application directory, I'd have to think about that.
I think this framework hasn't been written with security in mind at all.
For instance, Rails has a public/ folder for files that are going to be served. And jekyll hides files by pattern-matching them.
Zero doesn't seem to have exclude folders by default. The solution would be to run Zero is a subfoler and require file in the parent folder which would act as the tree's root.