Skip to content

Security: KROFN/packguard

Security

SECURITY.md

Security Policy

PackGuard is being migrated from a personal Electron prototype into a safety-first, manifest-based sync toolkit. The current repository is early-stage and should not be treated as a finished security boundary.

Supported Versions

No production-ready PackGuard release is supported yet.

Version Status
Unreleased Active migration and hardening
Existing Electron prototype Legacy/experimental; security-sensitive behavior is being reviewed

Security reports are still welcome during migration.

Reporting a Vulnerability

Please do not open a public issue for a vulnerability that could put users' files at risk.

Until a dedicated private advisory process is published, contact the maintainer privately through the repository owner's preferred contact channel. Include:

  • a short description of the issue
  • affected commit, branch, or release if known
  • reproduction steps
  • the manifest or filesystem layout needed to reproduce, using fake files when possible
  • expected impact
  • whether the issue can write, replace, move, or delete files outside the intended target folder

If private contact is not available, open a minimal public issue stating that you need a private security contact, without exploit details.

Threat Model Summary

PackGuard treats external input as untrusted. Security-sensitive areas include:

  • malicious manifests that attempt to influence downloads or filesystem paths
  • path traversal such as ../, absolute paths, Windows drive paths, UNC paths, and normalized escapes
  • unsafe download URLs, including insecure HTTP, local file URLs, and unsupported protocols
  • hash mismatches between downloaded files and manifest SHA-512 values
  • rollback failures that could leave users without a recoverable state
  • arbitrary filesystem writes outside the selected target folder

The intended architecture validates manifests, applies source policy, enforces a target path jail, verifies hashes, backs up before replacement, records transactions, and supports rollback. Not all of that architecture is implemented yet.

Safety Boundary

PackGuard does not validate mod safety. It only aims to validate file integrity and sync behavior.

Hash verification proves that a file matches the manifest-provided hash. It does not prove that a mod is safe, legal, or trustworthy.

There aren't any published security advisories