> ## Documentation Index > Fetch the complete documentation index at: https://docs.comfy.org/llms.txt > Use this file to discover all available pages before exploring further. # Standards > Security and other standards for publishing to the Registry ## Base Standards ### 1. Community Value Custom nodes must provide valuable functionality to the ComfyUI community Avoid: * Excessive self-promotion * Impersonation or misleading behavior * Malicious behavior * Self-promotion is permitted only within your designated settings menu section * Top and side menus should contain only useful functionality ### 2. Node Compatibility Do not interfere with other custom nodes' operations (installation, updates, removal) * For dependencies on other custom nodes: * Display clear warnings when dependent functionality is used * Provide example workflows demonstrating required nodes ### 3. Legal Compliance Must comply with all applicable laws and regulations ### 5. Quality Requirements Nodes must be fully functional, well documented, and actively maintained. ### 6. Fork Guidelines Forked nodes must: * Have clearly distinct names from original * Provide significant differences in functionality or code Below are standards that must be met to publish custom nodes to the registry. ## Security Standards Custom nodes should be secure. We will start working with custom nodes that violate these standards to be rewritten. If there is some major functionality that should be exposed by core, please request it in the [rfcs repo](https://github.com/comfy-org/rfcs). ### eval/exec Calls #### Policy The use of `eval` and `exec` functions is prohibited in custom nodes due to security concerns. #### Reasoning These functions can enable arbitrary code execution, creating potential Remote Code Execution (RCE) vulnerabilities when processing user inputs. Workflows containing nodes that pass user inputs into `eval` or `exec` could be exploited for various cyberattacks, including: * Keylogging * Ransomware * Other malicious code execution ### subprocess for pip install #### Policy Runtime package installation through subprocess calls is not permitted. #### Reasoning * First item ComfyUI manager will ship with ComfyUI and lets the user install dependencies * Centralized dependency management improves security and user experience * Helps prevent potential supply chain attacks * Eliminates need for multiple ComfyUI reloads ### Code Obfuscation #### Policy Code obfuscation is prohibited in custom nodes. #### Reasoning Obfuscated code: * Impossible to review and likely to be malicious