Blacklist modules
Giving the most recent critical security vulnerability detected, https://www.drupal.org/sa-core-2023-006, a question arose regarding the possibility to backlist a module, until a patch is applied.
After investigation, it appears out of the box, this feature is not possible, however there's a module which provides said functionality.
I propose we add to our distribution https://www.drupal.org/project/module_blacklist. The module allows site administrators to block certain module from being installed, based on a blacklist set on settings.php file.
In this case simply adding the mentioned module, results in blocking fresh installations of said module.
$settings['module_blacklist'] = [
'jsonapi',
];
Block ludwig.