Modrinth

Go to file

docs(frontend): add security.txt (#2252 )

* feat: add security.txt

Security.txt is a well-known (pun intended) file among security researchers, so they don't have to go scavenging for your security information. More information is available on [securitytxt.org](https://securitytxt.org/).

I've set the following values:

- The email to contact with issues, `jai@modrinth.com`. This is the email stated in the security policy. If you wish to not include it here due to spam, you should also not have it as a `mailto` link in the security policy.
- Expiry is set to 2030. By this time Modrinth has become the biggest Minecraft mod distributor, and having expanded into other games. By this time they should also have updated this file.
- English is the preferred language
- The file is located at modrinth.com/.well-known/security.txt
- The security policy is at https://modrinth.com/legal/security

The following values have been left unset:

- PGP key, not sure where this would be located, if there is one
- Acknowledgments. Modrinth does currently not have a site for thanks
- Hiring, as it wants security-related positions
- CSAF, a Common Security Advisory Framework ?

* fix(docs): reduce security.txt expiry

This addresses a concern where the security.txt has a long expiration date. Someone could treat this as "use this until then", which we don't want since it's a long time. The specification recommends no longer than one year, as it is to mark as stale.

From the RFC:

> The "Expires" field indicates the date and time after which the data contained in the "security.txt" file is considered stale and should not be used (as per Section 5.3). The value of this field is formatted according to the Internet profiles of [ISO.8601-1] and [ISO.8601-2] as defined in [RFC3339]. It is RECOMMENDED that the value of this field be less than a year into the future to avoid staleness.

Signed-off-by: Erb3 <49862976+Erb3@users.noreply.github.com>

* fix(frontend): extend security.txt expiry

It takes so long to merge the PR :(

Signed-off-by: Erb3 <49862976+Erb3@users.noreply.github.com>

* docs(frontend) careers link in security.txt

Signed-off-by: Erb3 <49862976+Erb3@users.noreply.github.com>

---------

Signed-off-by: Erb3 <49862976+Erb3@users.noreply.github.com>
Co-authored-by: Erb3 <49862976+Erb3@users.noreply.github.com>

2025-07-09 15:51:46 -07:00

.cargo

Update config.toml (#3832 )

2025-06-23 22:40:16 +00:00

.github

ci(theseus): assorted tweaks and fixes (#3949 )

2025-07-08 21:02:17 +00:00

.idea

Migrate Java code to Gradle (#3833 )

2025-06-26 14:56:35 +00:00

.vscode

Add server unzipping (#3622 )

2025-05-07 19:08:38 -07:00

apps

docs(frontend): add security.txt (#2252 )

2025-07-09 15:51:46 -07:00

packages

Add coventry europe region support (#3956 )

2025-07-09 22:27:59 +00:00

patches

Migrate to Turborepo (#1251 )

2024-07-04 21:46:29 -07:00

.dockerignore

dist(docker): add curl package to Labrinth image, some other minor tweaks (#3915 )

2025-07-08 19:22:15 +00:00

.editorconfig

Migrate Java code to Gradle (#3833 )

2025-06-26 14:56:35 +00:00

.gitattributes

fix(theseus): make SQLx migration checksums match the deployed ones on Windows (#3899 )

2025-07-05 03:39:52 +00:00

.gitignore

Pyro Integration (#2503 )

2024-11-02 21:14:00 -07:00

.npmrc

Initial commit

2024-07-03 00:18:35 -07:00

.nvmrc

enh(ci): optimize Turbo CI check workflow, track Rust and Node toolchain versions in well-known files (#3776 )

2025-06-12 16:47:28 -07:00

Cargo.lock

ci: revamp app build workflow, introduce a new one for release deployment (#3921 )

2025-07-06 21:41:52 +00:00

Cargo.toml

Make tauri-plugin-http a workspace dependency (#3886 )

2025-07-02 23:12:10 +00:00

clippy.toml

Rust dependency updates (#3849 )

2025-06-27 09:54:51 +00:00

COPYING.md

Migrate to Turborepo (#1251 )

2024-07-04 21:46:29 -07:00

docker-compose.yml

Small CI flakiness fix and performance tweak (#3780 )

2025-06-13 21:34:40 +00:00

package.json

Small CI flakiness fix and performance tweak (#3780 )

2025-06-13 21:34:40 +00:00

pnpm-lock.yaml

Skins improvements/fixes (#3943 )

2025-07-09 21:41:36 +00:00

pnpm-workspace.yaml

App redesign (#2946 )

2024-12-11 19:54:18 -08:00

README.md

Update readmes

2024-10-19 19:46:40 -07:00

rust-toolchain.toml

Rust dependency updates (#3849 )

2025-06-27 09:54:51 +00:00

rustfmt.toml

Version updates (#3626 )

2025-05-09 12:27:55 +00:00

turbo.jsonc

Small CI flakiness fix and performance tweak (#3780 )

2025-06-13 21:34:40 +00:00

web-types.json

App redesign (#2946 )

2024-12-11 19:54:18 -08:00

README.md

Modrinth Monorepo

Welcome to the Modrinth Monorepo, the primary codebase for the Modrinth web interface and app. It contains lines of code and has contributors!

If you're not a developer and you've stumbled upon this repository, you can access the web interface on the Modrinth website and download the latest release of the app here.

Development

This repository contains two primary packages. For detailed development information, please refer to their respective READMEs:

Contributing

We welcome contributions! Before submitting any contributions, please read our contributing guidelines.

If you plan to fork this repository for your own purposes, please review our copying guidelines.

Security

If you discover a security vulnerability within our codebase, please follow our responsible disclosure guidelines.

Support

If you need help with the Modrinth web interface or app, please visit our support page. For general inquiries, you can also join our Discord server.

License

All packages in this repository are licensed under their respective licenses. Refer to the LICENSE file in each package for more information.

Languages

Rust 44.6%

Vue 38.6%

TypeScript 8.2%

HTML 5.1%

JavaScript 1.9%

Other 1.5%