Skip to content

Add ComfyUI-CustomNodeKit to custom-node-list.json#2917

Open
user2318 wants to merge 1 commit into
Comfy-Org:mainfrom
user2318:add-to-manager-v2
Open

Add ComfyUI-CustomNodeKit to custom-node-list.json#2917
user2318 wants to merge 1 commit into
Comfy-Org:mainfrom
user2318:add-to-manager-v2

Conversation

@user2318
Copy link
Copy Markdown

@user2318 user2318 commented May 26, 2026

Pull Request: Add user2318/ComfyUI-CustomNodeKit

Description

Add ComfyUI-CustomNodeKit to the custom node list.

A set of custom nodes for ComfyUI, covering video generation (WanLoop), pose processing (SDPose), image interaction operations, and other common workflow needs.

Security Overview

Routes in this custom node

Endpoint Method Type Security Characteristics
/interactive_crop/get_source_info GET File I/O Rate limited; reads image metadata only
/interactive_crop/get_preview GET File I/O Rate limited; format-validated image reading
/interactive_crop/get_tensor_preview GET Cache only Reads in-memory cache, no file system access
/interactive_crop/select_folder POST User interaction tkinter file dialog, requires desktop interaction
/interactive_crop/select_files POST User interaction tkinter file dialog, requires desktop interaction
/multi_file_picker/select POST User interaction tkinter file dialog, requires desktop interaction

Total: 6 routes (down from 9 in initial submission)

Security Measures Implemented

  1. Route consolidation: 5 file I/O routes merged into 2 unified endpoints (get_source_info and get_preview), reducing the attack surface
  2. Rate limiting: All GET file I/O routes have IP-based rate limiting (120 requests / 60s window) to prevent abuse
  3. Image format validation: All file reads through get_preview verify the file is a valid image format (PNG/JPEG/WebP/BMP/TIFF)
  4. Path traversal protection: custom_video_nodes.py includes path traversal detection for relative paths and null byte injection prevention
  5. No dynamic execution: No eval(), exec(), __import__(), or compile() usage
  6. Safe subprocess calls: All ffmpeg invocations use a fixed binary path (from imageio_ffmpeg), explicit argument lists (no shell=True), and sanitized parameters

Node List

  • WanAnimateToVideoCustom — WanAnimate video generation core node
  • Draw SDPose Keypoints (V2) — Pose keypoint visualization
  • Save/Load/Slice/Concat/Resize/Resample SDPose Keypoints — Pose data processing pipeline
  • Estimate Yaw (Simple/Advanced) — Yaw angle estimation from pose data
  • Reference Image Selector — Auto-select reference images by yaw angle
  • VideoFrameCounter — Video frame and fps info
  • ImageSequenceToVideo — Image sequence to video via ffmpeg
  • InteractiveBatchCrop — Graphical batch crop with UI
  • PathCollector / IndexSelector / PathValidator — Path utilities
  • FolderImageLoader / ImageBatchConcat / ImageBatchResize — Image batch tools
  • Custom Context Windows (Manual) — Sliding window context scheduling for video generation
  • Integer Setting — Integer alignment utility

Dependencies

  • torch, numpy, Pillow, aiohttp (typically provided by ComfyUI)
  • imageio-ffmpeg (bundled ffmpeg, no system installation needed)

@user2318 user2318 closed this May 27, 2026
@user2318 user2318 force-pushed the add-to-manager-v2 branch from b467f84 to 66617e0 Compare May 27, 2026 10:40
@user2318 user2318 reopened this May 27, 2026
@user2318 user2318 closed this May 27, 2026
@user2318 user2318 force-pushed the add-to-manager-v2 branch from af17901 to 66617e0 Compare May 27, 2026 10:45
@user2318 user2318 reopened this May 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@user2318