This app is safe to use for its intended purpose (reading teleprompter scripts locally). However:
⚠️ Only load trusted scripts - Don't paste scripts from untrusted sources- ✅ The app only runs locally and doesn't connect to the internet
- ✅ No data is collected or transmitted
This app uses nodeIntegration: true and contextIsolation: false for simplicity. These settings are generally considered insecure for apps that:
- Load remote content
- Browse external websites
- Handle untrusted user input
Why it's acceptable here:
- The app only loads local, static HTML files
- No remote content is ever loaded
- User input is limited to text display only
If you plan to extend this app with features like:
- Loading external content
- Web browsing capabilities
- Network requests
You should:
- Enable
contextIsolation: true - Disable
nodeIntegration - Use
preloadscripts with IPC for secure communication - Implement Content Security Policy (CSP)
Run npm audit regularly to check for vulnerabilities in dependencies.
If you discover a security vulnerability, please report it privately using one of these methods:
- GitHub Security Advisories (Recommended): Go to the Security tab and click "Report a vulnerability"
- GitHub Issues: Open an issue and mention
@SQLtattoo- I'll get notified directly
Please do not report security vulnerabilities through public GitHub issues without marking them as security advisories first.