ships with essential
ryleu opened this issue ยท 6 comments
the latest version of craftify ships with essential, a closed source mod that poses a significant security vulnerability because of a possible man in the middle related to the bootstrapper / installer
why the heck is this in craftify? it makes no sense
Craftify uses it for several of its APIs including cross-version/platform rendering, config, and utilities, if you have a complaint about how essential operates you can take that up with them and their parent company sparkuniverse because I highly doubt they would want to tarnish their reputation, also their installer very much does checksums on its downloads.
So if you would like it to not use it just make a crossplatform/version rendering and config API so it does makes sense :)
it could possibly be changed to use the libraries directly without the need of essential but will increase the jars size by like 10x
will lose some features if done so because there are certain apis not in the libraries that essential includes by default and are in essential itself
well remember the mod itself is ARR but the library behind it is MIT here's the library that handles the getting and controls https://github.com/ThatGravyBoat/Jukebox