54 lines
1.1 KiB
Markdown
54 lines
1.1 KiB
Markdown
# Security Review
|
|
|
|
## Scope
|
|
|
|
Project:
|
|
|
|
```text
|
|
Warium NeoForge 1.21.1 Port
|
|
```
|
|
|
|
Reviewed version or commit:
|
|
|
|
```text
|
|
Unreleased scaffold
|
|
```
|
|
|
|
## Code Patterns Checked
|
|
|
|
- [x] No secrets committed.
|
|
- [x] Generated original assets are ignored.
|
|
- [x] Decompiled source output is ignored.
|
|
- [x] Original jar artifacts are ignored.
|
|
- [x] Private integration jars are ignored.
|
|
- [x] External network calls are documented.
|
|
|
|
## Dependency Review
|
|
|
|
Command:
|
|
|
|
```bash
|
|
./gradlew --no-daemon build
|
|
```
|
|
|
|
Result:
|
|
|
|
```text
|
|
Pending runner execution.
|
|
```
|
|
|
|
## Runtime Review
|
|
|
|
- [x] Gitea publishing uses `REGISTRY_TOKEN` secret only.
|
|
- [x] Package download is private/internal pending rights clearance.
|
|
- [x] Source Warium jar is downloaded from Modrinth and verified by SHA1.
|
|
- [x] Required private integrations are shimmed until real NeoForge 1.21.1 jars exist.
|
|
|
|
## Release Notes
|
|
|
|
Known residual risks:
|
|
|
|
```text
|
|
The current scaffold preserves registry IDs and resources but does not yet fully port the original MCreator behavior procedures, block entities, GUI logic, entities, AI, weapons, ordnance, nuclear effects, or external integration APIs.
|
|
```
|