Roadmap/Plans

[slfhstr]

First off, thank you @pawelmalak for a great app.
I have been using it on self-hosted VPS in native Docker for 2 years.
It's a really useful resource.

I'm moving most of my self-hosted to the Cloudron PaaS (https://cloudron.io) as it's a great platform for self-hosting.
I've just packaged Snippet-Box for deployment on Cloudron (https://git.cloudron.io/timconsidine/snippet-box-cloudron) for my own use and to help others if you want to deploy it.
Packaging on Cloudron adds an 'out of the box' authentication.

Would you be able to share if you have plans for further development or added features ?

[go-compile]

This project appears to be abandoned and contain security vulnerabilities.

[aljawaid]

This project appears to be abandoned and contain security vulnerabilities.

it seems so, any open source alternatives that you know about?

[slfhstr]

In my understanding the only issue is lack of user login / authentication.
Then the vulnerability doesn't exist (correct me if I'm wrong).
My package with authentication seems to address this.

Even without further development, it's still a useful app which can continue to be used with some authentication in front of it. I used it for a while with just HTTP Auth via nginx reverse proxy.

[go-compile]

User authentication is another issue, however, simply adding such authentication would not automatically patch vulnerability (CVE-2023-23277), although it would limit it's exploitability. I will also add that this project's packages are not being updated, which could potentially introduce more vulnerabilities.

Update:

This repository contains dependencies with serious vulnerabilities (see Table 1).

Table 1: OSV scanner results for snippet-box

OSV URL	CVSS	ECOSYSTEM	PACKAGE	VERSION	SOURCE
https://osv.dev/GHSA-93q8-gq69-wqmw	7.5	npm	ansi-regex	4.1.0	snippet-box\package-lock.json
https://osv.dev/GHSA-4gxf-g5gf-22h4	7.5	npm	dottie	2.0.2	snippet-box\package-lock.json
https://osv.dev/GHSA-pfrx-2q88-qq97	5.3	npm	got	9.6.0	snippet-box\package-lock.json
https://osv.dev/GHSA-rc47-6667-2j5j	7.5	npm	http-cache-semantics	4.1.0	snippet-box\package-lock.json
https://osv.dev/GHSA-896r-f27r-55mw	9.8	npm	json-schema	0.2.3	snippet-box\package-lock.json
https://osv.dev/GHSA-f8q6-p94x-37v3	7.5	npm	minimatch	3.0.4	snippet-box\package-lock.json
https://osv.dev/GHSA-xvch-5gv4-984h	9.8	npm	minimist	1.2.5	snippet-box\package-lock.json
https://osv.dev/GHSA-8hfj-j24r-96c4	7.5	npm	moment	2.29.1	snippet-box\package-lock.json
https://osv.dev/GHSA-wc69-rhjr-hc9g	7.5	npm	moment	2.29.1	snippet-box\package-lock.json
https://osv.dev/GHSA-56x4-j7p9-fcf9		npm	moment-timezone	0.5.33	snippet-box\package-lock.json
https://osv.dev/GHSA-v78c-4p63-2j6c		npm	moment-timezone	0.5.33	snippet-box\package-lock.json
https://osv.dev/GHSA-hrpp-h998-j3pp	7.5	npm	qs	6.5.2	snippet-box\package-lock.json
https://osv.dev/GHSA-hrpp-h998-j3pp	7.5	npm	qs	6.7.0	snippet-box\package-lock.json
https://osv.dev/GHSA-p8p7-x288-28g6	6.1	npm	request	2.88.2	snippet-box\package-lock.json
https://osv.dev/GHSA-c2qf-rxjj-qqgw	5.3	npm	semver	5.3.0	snippet-box\package-lock.json
https://osv.dev/GHSA-c2qf-rxjj-qqgw	5.3	npm	semver	5.7.1	snippet-box\package-lock.json
https://osv.dev/GHSA-c2qf-rxjj-qqgw	5.3	npm	semver	6.3.0	snippet-box\package-lock.json
https://osv.dev/GHSA-c2qf-rxjj-qqgw	5.3	npm	semver	7.3.5	snippet-box\package-lock.json
https://osv.dev/GHSA-wrh9-cjv3-2hpw	10	npm	sequelize	6.6.5	snippet-box\package-lock.json
https://osv.dev/GHSA-8c25-f3mj-v6h8	5.3	npm	sequelize	6.6.5	snippet-box\package-lock.json
https://osv.dev/GHSA-vqfx-gj96-3w95	9.9	npm	sequelize	6.6.5	snippet-box\package-lock.json
https://osv.dev/GHSA-f598-mfpv-gmfx	10	npm	sequelize	6.6.5	snippet-box\package-lock.json
https://osv.dev/GHSA-g4rg-993r-mgx7	9.8	npm	shell-quote	1.7.2	snippet-box\package-lock.json
https://osv.dev/GHSA-9qrh-qjmc-5w2p	7.5	npm	sqlite3	5.0.2	snippet-box\package-lock.json
https://osv.dev/GHSA-jqv5-7xpx-qj74	8.1	npm	sqlite3	5.0.2	snippet-box\package-lock.json
https://osv.dev/GHSA-3jfq-g458-7qm9	8.2	npm	tar	2.2.2	snippet-box\package-lock.json
https://osv.dev/GHSA-r628-mhmh-qjhw	8.2	npm	tar	2.2.2	snippet-box\package-lock.json
https://osv.dev/GHSA-9r2w-394v-53qc	8.2	npm	tar	2.2.2	snippet-box\package-lock.json
https://osv.dev/GHSA-5955-9wpr-37jh	8.2	npm	tar	2.2.2	snippet-box\package-lock.json
https://osv.dev/GHSA-qq89-hq3f-393p	8.2	npm	tar	2.2.2	snippet-box\package-lock.json
https://osv.dev/GHSA-72xf-g2v4-qvf3	6.5	npm	tough-cookie	2.5.0	snippet-box\package-lock.json
https://osv.dev/GHSA-qgmg-gppg-76g5	5.3	npm	validator	13.6.0	snippet-box\package-lock.json
https://osv.dev/GHSA-xx4c-jj58-r7x6	5.3	npm	validator	13.6.0	snippet-box\package-lock.json

[mikebgrep]

Can someone fork the repo and update the packages.
Also, if it is used only locally. Is it still a risk?
Btw. This fork had updates before 6 months. https://github.com/kaysgericht/snippet-box