One of the strong points of comfyUI is the ease with which you can add user contributed nodes to your workflow. For example if you want to create every combination of a set of prompts you can use my boolean nodes. However until now this reliance on addons created and maintained by volunteers also introduced a vulnerability. Using addons requires you to trust that the nodes behave as described and their creators do not have nefarious purposes. In order to remedy this issue ComfyUI has introduced the ComfyUI Registry.
The registry allows for versioning of nodes. It also ensures that certain basic checks are performed on nodes. This is done before they are allowed to be added to the registry. Checks are also conducted when nodes are updated. This should provide several advantages. Versioning means that workflows should be able to use pinned versions of nodes to avoid being broken by updates. Enforcement of basic security standards should reduce the likelihood of malicious code. The testing and registration of nodes means that nodes can be more easily marked as checked or flagged as unsafe to give some extra security. As always with open sources software usage is at the users’ risk, but the risks should be reduced. There is further information on the registry in the ComfyUI Registry documentation.
This does impose a small amount of extra overhead on node developers. However this is not severe and the whole process took me less than an hour including reading through the docs. There are a few things you need to do (full instructions are at https://docs.comfy.org/registry/publishing):
- You will need to add a pyproject.toml file to your repo. This can be created from the comfyUI CLI using the command comfy node init. This file goes in the root of your project. Note that you will need to edit this file with your repo’s details.
- Next you need to add a GitHub action which can be used to push your code to the repository. The GitHub action to push new versions of your nodes when you update the version number of your nodes can be found here. it needs to be placed in .github/workflows/publish.yml in your repo
- Register as a developer at https://registry.comfy.org/ by clicking “sign up” and then link your google or GitHub account. I normally object to this form of account linking, but here I think it makes sense to increase the friction for bad actors
- Create a publisher ID on the site and add it to the TOML file.
- Create a secret on the site and add it to your repo secrets for the ComfyUI repo (note that this is not a GitHub authorisation secret, this is a secret from https://registry.comfy.org/ which you will store in GitHub to authenticate that you are the originator of any code changes attributed to your publisher ID. If you are unsure how to add a repo secret to a GitHub repo read these instructions. The secret must be named REGISTRY_ACCESS_TOKEN to work with the GitHub action.
- If not already done, write your nodes and merge them to the main branch of your repo.
- Run the workflow to commit version 1.0.0 of your nodes to the repository
If you do all this correctly you should then be able to see your nodes in the repository like this:
If you run into any issues with the process you can reach out to the comfyUI team using the comfyUI Discord server.
