mirror of https://github.com/Comfy-Org/ComfyUI-Manager.git synced 2026-03-26 17:00:02 +08:00

Files

Dr.Lt.Data 92e05fc767 fix(security): add litellm supply chain attack detection (PYSEC-2026-2) (#2732 )

Add litellm==1.82.7 and litellm==1.82.8 to pip_blacklist and remediation
guide in security_check.py to detect compromised packages that harvest
credentials and exfiltrate via attacker-controlled server.

Also fixes two pre-existing issues in pip_blacklist scanning:
- Remove `break` that caused only the first blacklist match to be
  detected, missing additional threats in multi-infection scenarios
- Replace substring matching with set-based exact matching to prevent
  false positives on similar version strings (e.g. 1.82.70 vs 1.82.7)

Bump version to 4.1.

2026-03-26 04:17:50 +09:00

common

fix(security): add litellm supply chain attack detection (PYSEC-2026-2) (#2732 )

2026-03-26 04:17:50 +09:00

data_models

feat: Add Pydantic validation to import_fail_info_bulk endpoint

2025-07-31 14:15:21 +09:00

glob

fix: Windows git clone failures — URL reinstall + pipe deadlock + file lock (#2726 )

2026-03-22 20:21:03 +09:00

refactor: remove preview_method and component legacy features

2025-12-19 22:39:59 +09:00

legacy

fix: Windows git clone failures — URL reinstall + pipe deadlock + file lock (#2726 )

2026-03-22 20:21:03 +09:00

__init__.py

Fix for peername tuple size variability in get_client_ip (#2427 )

2025-12-27 04:53:17 +09:00

alter-list.json

Merge branch 'main' into draft-v4

2025-09-03 01:24:47 +09:00

channels.list.template

fixed: missing channels.list.template

2025-04-23 08:58:47 +09:00

custom-node-list.json

Merge branch 'main' into manager-v4

2025-11-26 22:14:11 +09:00

extension-node-map.json

Merge branch 'main' into manager-v4

2025-11-26 22:14:11 +09:00

extras.json

Merge branch 'main' into draft-v4

2025-09-03 01:24:47 +09:00

github-stats.json

Merge branch 'main' into manager-v4

2025-11-26 22:14:11 +09:00

model-list.json

Merge branch 'main' into manager-v4

2025-11-26 22:14:11 +09:00

prestartup_script.py

feat(deps): add unified dependency resolver using uv pip compile (#2589 )

2026-03-07 06:51:53 +09:00

README.md

Merge branch 'main' into draft-v4

2025-06-01 06:23:11 +09:00

README.md

ComfyUI-Manager: Core Backend (glob)

This directory contains the Python backend modules that power ComfyUI-Manager, handling the core functionality of node management, downloading, security, and server operations.

Directory Structure

glob/ - code for new cacheless ComfyUI-Manager
legacy/ - code for legacy ComfyUI-Manager

Core Modules

manager_core.py: The central implementation of management functions, handling configuration, installation, updates, and node management.
manager_server.py: Implements server functionality and API endpoints for the web interface to interact with the backend.

Specialized Modules

share_3rdparty.py: Manages integration with third-party sharing platforms.

Architecture

The backend follows a modular design pattern with clear separation of concerns:

Core Layer: Manager modules provide the primary API and business logic
Utility Layer: Helper modules provide specialized functionality
Integration Layer: Modules that connect to external systems

Security Model

The system implements a comprehensive security framework with multiple levels:

Block: Highest security - blocks most remote operations
High: Allows only specific trusted operations
Middle: Standard security for most users
Normal-: More permissive for advanced users
Weak: Lowest security for development environments

Implementation Details

The backend is designed to work seamlessly with ComfyUI
Asynchronous task queuing is implemented for background operations
The system supports multiple installation modes
Error handling and risk assessment are integrated throughout the codebase

API Integration

The backend exposes a REST API via manager_server.py that enables:

Custom node management (install, update, disable, remove)
Model downloading and organization
System configuration
Snapshot management
Workflow component handling