Browser-based long-form writing app for the Nostr protocol — NIP-23 editor, feed reader, and publishing tool
The published CLI starts an HTTP static-file server with a path-traversal flaw. Untrusted request paths are normalized against `build/` but are not checked to remain inside it, allowing reads of files outside the intended asset directory.
Package source references child process execution.
scripts/dev-tauri.mjsView on unpkg · L1Package source invokes a package manager install command at runtime.
scripts/dev-tauri.mjsView on unpkg · L34Manifest entrypoint contains risky behavior absent from dist/build output.
scripts/serve.mjsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
scripts/spa-http-server.pyView on unpkgPackage source references child process execution.
scripts/dev-tauri.mjsView on unpkg · L1Package source invokes a package manager install command at runtime.
scripts/dev-tauri.mjsView on unpkg · L34Package ships non-JavaScript build or shell helper files.
scripts/spa-http-server.pyView on unpkgManifest entrypoint contains risky behavior absent from dist/build output.
scripts/serve.mjsView on unpkg · L1