issues Search Results · language:Dune language:JavaScript language:JavaScript language:JavaScript language:CSS
Filter by
20.6M results
pipe2() pipelines have no overall timeout and kill children with SIGTERM only
- Severity: P3 (robustness)
- Problem: Unlike run() (which SIGKILLs a stuck child so it can t hang us forever ), pipe2() ...
audit-followup
bug
P3
Masashi-Ono0611
--backend arweave put() buffers the whole file into one signed tx → opaque HTTP 400 on a brain-sized snapshot, yet
durability.md steers users there
- Severity: P3 (backend correctness / error UX, on ...
audit-followup
documentation
P3
Identity private key is written as a bare plaintext age key (0600 only); offer passphrase-wrapping + document FDE
- Severity: P3 (key-at-rest defense-in-depth)
- Problem: age-keygen writes an unwrapped ...
audit-followup
P3
security
Arweave JWK wallet gets weaker hygiene than the age identity (no perms check, CIPHER_BRAIN_HOME 0755, ungitignored,
under-stated as low-value) (merges: Turbo JWK bearer-key hygiene + .gitignore wallet ...
audit-followup
P3
security
Docs misrepresent the shipped arweave/turbo backends and over-claim content-addressed (merges: README Usage frames
Arweave as later + MANAGEMENT.md stale cadence/table/content-addressed overclaim)
- ...
audit-followup
documentation
P2
Paid Arweave/Turbo push has no pre-upload cost estimate or spend cap before an irreversible permanent store
- Severity: P2 (cost control)
- Problem: The recommended cadence does a full snapshot nightly ...
audit-followup
enhancement
P2
Recovery has no durable locator: index.tsv (the only record of which snapshots exist) lives solely on the always-on box
and is never backed up
- Severity: P2 (recovery architecture)
- Problem: durability.md/MANAGEMENT.md ...
audit-followup
enhancement
P2
Bundled pull needlessly requires the arweave npm package, breaking the documented fresh machine restores with just the
tx id
- Severity: P2 (backend correctness / recoverability)
- Problem: arweaveBackend() ...
audit-followup
bug
P2
Snapshot output and restore extraction are non-atomic, so a mid-pipeline failure leaves a partial artifact (truncated
*.age even passes push) (merges: snapshot --out no failure cleanup + restore partial-tree) ...
audit-followup
bug
P2
Fetched Arweave/Turbo bytes are bound to neither content nor integrity (garbage, rollback, and chosen-content
substitution all pass verify) (merges: gateway promotes any HTTP-200 body without age check ...
audit-followup
P2
security
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.