ynode
by iamyureka
Overview
Ynode is an open-source platform for visual workflow automation, allowing users to create, manage, and execute node-based automation workflows.
Installation
pnpm --filter ynode-server devEnvironment Variables
- CREDENTIAL_ENCRYPTION_KEY
- JWT_SECRET
- NODE_ENV
- PORT
- DB_PATH
- JWT_EXPIRES_IN
Security Notes
CRITICAL VULNERABILITY: The 'ifElse' built-in node (packages/ynode-core/src/nodes/ifElse.ts) uses `new Function()` to evaluate user-provided `config.condition`. This allows for arbitrary JavaScript code execution (Remote Code Execution - RCE) within the main Node.js process if a malicious user can control the 'condition' configuration of an 'ifElse' node. Although custom nodes leverage `isolated-vm` for sandboxing, this core built-in node does not. Other components include strong authentication (Argon2, JWT), credential encryption (AES-256-GCM), rate limiting, and network access controls for custom nodes, but the `new Function` vulnerability is paramount.
Similar Servers
n8n
AI-powered workflow automation platform, enabling users to build and run workflows using various integrations, with a focus on AI models and tools for task execution and conversational agents.
activepieces
An all-in-one AI automation platform designed to be extensible, serving as an open-source replacement for Zapier. It enables users to build AI-driven workflows and integrations using a type-safe TypeScript framework, and functions as a comprehensive MCP toolkit for connecting LLMs to various services.
flow-like
Flow-Like is a visual workflow automation platform that focuses on building AI-powered workflows, data integration, and business process automation with transparency and type safety.
gemini-flow
An AI workflow orchestration and execution platform that enables visual programming and integrates with Google's Gemini and Vertex AI services.