Browser-based long-form writing app for the Nostr protocol — NIP-23 editor, feed reader, and publishing tool
The executable static server does not validate request paths before resolving and reading them. If a user runs the server and it is reachable by an attacker, traversal-style paths may disclose readable files outside `build/`.
Package source references child process execution.
scripts/dev-tauri.mjsView on unpkg · L1Package source invokes a package manager install command at runtime.
scripts/dev-tauri.mjsView on unpkg · L34Manifest entrypoint contains risky behavior absent from dist/build output.
scripts/serve.mjsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
scripts/spa-http-server.pyView on unpkgPackage source references child process execution.
scripts/dev-tauri.mjsView on unpkg · L1Package source invokes a package manager install command at runtime.
scripts/dev-tauri.mjsView on unpkg · L34Package ships non-JavaScript build or shell helper files.
scripts/spa-http-server.pyView on unpkgManifest entrypoint contains risky behavior absent from dist/build output.
scripts/serve.mjsView on unpkg · L1