packages icon indicating copy to clipboard operation
packages copied to clipboard
verified publisher icon nim-lang

Cross site scripting in Nimble Directory website

Open spearphishing opened this issue 10 months ago • 8 comments 

https://nimble.directory/search?query="><script>alert(1)</script>

spearphishing avatar Mar 11 '25 09:03 spearphishing

cc @FedericoCeratto

narimiran avatar Mar 11 '25 13:03 narimiran

I apologize for the lack of explanation, but I honestly couldn't think of much to say about it.

spearphishing avatar Mar 12 '25 02:03 spearphishing

Doesn't seem to be maintained anymore. Use npacks.pages.dev instead.

navid-m avatar May 29 '25 10:05 navid-m

Federico has moved the repo to https://codeberg.org/FedericoCeratto/nim-package-directory but it has seen no development there either.

@navid-m Where is the source for your site? Let's keep it public so we don't have a repeat of the problem.

esafak avatar Jul 30 '25 14:07 esafak

You can also use

https://nimpkgs.dayl.in https://github.com/nimpkgs

ringabout avatar Jul 30 '25 14:07 ringabout

We really need one directory that is maintained and open to submissions; we shouldn't have to hound its owner.

@daylinmorgan Are you open to patches for nimpkgs?

esafak avatar Jul 30 '25 15:07 esafak

Federico has moved the repo to https://codeberg.org/FedericoCeratto/nim-package-directory but it has seen no development there either.

@navid-m Where is the source for your site? Let's keep it public so we don't have a repeat of the problem.

I'm not open sourcing it, feel free to use nimpkgs.

navid-m avatar Jul 30 '25 15:07 navid-m

I'll try to fix the issue but if there are volunteers that want to run the service please email me.

FedericoCeratto avatar Jul 30 '25 20:07 FedericoCeratto