Skip to content

civitai-hub v0.2.0

Choose a tag to compare

View all tags
@mr8bit mr8bit released this 16 Jun 19:08
· 6 commits to main since this release
v0.2.0
03dd010
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Security-hardening + review-fixes release.

Security

  • Reject path-traversal / absolute API filenames before building any path.
  • Validate the download host (civitai.com only) — closes SSRF + token exfiltration.
  • Send the token via the Authorization header, never a ?token= URL.

Robustness

  • Transport failures wrap to a catchable NetworkError (exit 10) with retry.
  • --force restarts instead of resuming a stale partial.

Packaging / docs

  • Single-source version + version↔tag publish guard, slim sdist, Dependabot.
  • Fixed phantom library-API params, documented find_base_models, scoped config table.

Breaking (minor): removed the dead no-op params download(progress=), model_info(cache_dir=), find_base_models(cache_dir=).

Install: pipx install civitai-hub · docker run --rm ghcr.io/mr8bit/civit-ai-cli:0.2.0 info <url>

Assets 4
Loading