lvl0/incr
lvl0/incr
1
0
Fork 0
Code Issues 4 Pull requests Projects Releases 3 Packages Wiki Activity Actions

Look for security vulnerabilities #29

New issue
Closed
opened 2026-05-01 20:53:31 +02:00 by myrmidex · 0 comments
myrmidex commented 2026-05-01 20:53:31 +02:00
Owner
Copy link

Security review of the incr app before moving it to the public lvl0 group.

Areas to check

  • Input validation and mass assignment protection (Eloquent $fillable)
  • CSRF protection on all state-changing routes
  • Auth / no-auth boundaries (app currently uses User::first() — ensure no unintended data exposure)
  • Dependency vulnerabilities (composer audit, npm audit)
  • Sensitive data in logs or API responses
  • Any hardcoded secrets or credentials

Output

A list of findings with severity, to be triaged into fix tickets before making the repo public.

Security review of the incr app before moving it to the public lvl0 group. ## Areas to check - Input validation and mass assignment protection (Eloquent `$fillable`) - CSRF protection on all state-changing routes - Auth / no-auth boundaries (app currently uses `User::first()` — ensure no unintended data exposure) - Dependency vulnerabilities (`composer audit`, `npm audit`) - Sensitive data in logs or API responses - Any hardcoded secrets or credentials ## Output A list of findings with severity, to be triaged into fix tickets before making the repo public.
myrmidex added this to the v0.3.0 milestone 2026-05-01 20:53:31 +02:00
myrmidex added the
bug
 label 2026-05-01 20:53:31 +02:00
myrmidex self-assigned this 2026-05-01 20:53:31 +02:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
release/0.3.0
feature/onboarding
v0.3.0
v0.2.0
v0.1.15
v0.1.14
v0.1.13
v0.1.12
v0.1.11
v0.1.10
v0.1.9
v0.1.8
v0.1.7
v0.1.6
v0.1.5
v0.1.4
v0.1.3
v0.1.2
v0.1.1
v0.1.0
Labels
Clear labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
good first issue

Interested in contributing? Get started here.

  
help wanted

Need some help

  
question

More information is needed

No labels
bug
duplicate
enhancement
good first issue
help wanted
question
Milestone
Clear milestone
No items
No milestone
v0.3.0
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
myrmidex
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: lvl0/incr#29
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?