We rebuilt the foundation of hub.lightchain.ai β the dApp catalogue is now properly documented, properly secured, and properly contributable.
GitHub - lightchain-protocol/lcai-dApp-hub Β· GitHub
PR: docs+fix: massively expand README, add BUGS.md catalogue, apply 7 safe fixes by lightchainai Β· Pull Request #16 Β· lightchain-protocol/lcai-dApp-hub Β· GitHub (merged)
What just shipped
README went from 16 lines β 400+ lines β full project guide: tech stack, local dev, build, deploy, official-badge mechanics, image guidelines, tag taxonomy, security model, contributing flow.
BUGS.md is now live β we audited the entire codebase and catalogued 16 named issues with severity, file refs, repro steps, and suggested fixes. 7 are fixed in this PR. The other 9 are publicly documented for community PRs.
Security hardened:
β’ External URL validation β javascript:, data:, file: schemes now rejected at build time
β’ Image paths constrained to repo-local (/images/dapp-item-{logo,thumb}/...)
β’ Content-Security-Policy on /_next/image responses
β’ Defense-in-depth headers (X-Frame-Options, Referrer-Policy, Permissions-Policy, no X-Powered-By)
β’ Per-file try/catch in the loader β one malformed JSON no longer blanks the entire catalogue
Want to list your dApp?
The path is now stupid simple β open one PR with a JSON file + two images:
Schema, image dimensions, tag taxonomy, all spelled out.
Letβs build the most documented, most contributor-friendly dApp hub in crypto 