PackGuard is being migrated from a personal Electron prototype into a safety-first, manifest-based sync toolkit. The current repository is early-stage and should not be treated as a finished security boundary.
No production-ready PackGuard release is supported yet.
| Version | Status |
|---|---|
| Unreleased | Active migration and hardening |
| Existing Electron prototype | Legacy/experimental; security-sensitive behavior is being reviewed |
Security reports are still welcome during migration.
Please do not open a public issue for a vulnerability that could put users' files at risk.
Until a dedicated private advisory process is published, contact the maintainer privately through the repository owner's preferred contact channel. Include:
- a short description of the issue
- affected commit, branch, or release if known
- reproduction steps
- the manifest or filesystem layout needed to reproduce, using fake files when possible
- expected impact
- whether the issue can write, replace, move, or delete files outside the intended target folder
If private contact is not available, open a minimal public issue stating that you need a private security contact, without exploit details.
PackGuard treats external input as untrusted. Security-sensitive areas include:
- malicious manifests that attempt to influence downloads or filesystem paths
- path traversal such as
../, absolute paths, Windows drive paths, UNC paths, and normalized escapes - unsafe download URLs, including insecure HTTP, local file URLs, and unsupported protocols
- hash mismatches between downloaded files and manifest SHA-512 values
- rollback failures that could leave users without a recoverable state
- arbitrary filesystem writes outside the selected target folder
The intended architecture validates manifests, applies source policy, enforces a target path jail, verifies hashes, backs up before replacement, records transactions, and supports rollback. Not all of that architecture is implemented yet.
PackGuard does not validate mod safety. It only aims to validate file integrity and sync behavior.
Hash verification proves that a file matches the manifest-provided hash. It does not prove that a mod is safe, legal, or trustworthy.