Ulas
3d2604bab9
Fix stored XSS in tasks (titles/subtasks) and settings (member list) by applying escHtml(). Harden trust proxy to loopback default, add OAuth state parameter for Google Calendar CSRF protection, sanitize CSV export against formula injection, invalidate sessions on user deletion, restrict usernames to alphanumeric chars, and require admin role for calendar sync triggers. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Oikos
Self-hosted family planner for small households
Tasks · Shopping Lists · Meal Planning · Calendar Sync · Budget · Notes · Contacts
|
|
|
Toggle GitHub light/dark mode to see both themes.
Highlights
📋 Task Management: Shared tasks with deadlines, priorities, subtasks, recurring schedules, and Kanban view
🛒 Shopping Lists: Collaborative lists with aisle categories and one-click import from meal plans
🍽️ Meal Planning: Weekly drag-and-drop planner with ingredient lists and shopping export
📅 Calendar Sync: Two-way sync with Google Calendar (OAuth) and Apple iCloud (CalDAV)
💰 Budget Tracking: Income and expenses, recurring entries, monthly trends, CSV export
📌 Notes & Contacts: Colored sticky notes with Markdown, contact directory with vCard import/export
⚡ Zero Build Step: Pure ES modules, no bundler, no transpiler, no framework. Ships what you write.
🔒 Privacy First: SQLCipher AES-256 encrypted database, fully self-hosted, zero telemetry
📱 PWA Native Feel: Installable on any device, works offline, dark mode, responsive from phone to desktop
🌍 Multilingual: German and English UI with automatic locale detection
Quick Start
git clone https://github.com/ulsklyc/oikos.git && cd oikos
cp .env.example .env # then edit .env - set SESSION_SECRET and DB_ENCRYPTION_KEY
docker compose up -d --build
docker compose exec oikos node setup.js
Then open http://localhost:3000 and log in. Add family members from Settings.
New to Docker? The Installation Guide walks you through every step: From installing Docker to HTTPS setup, backups, and troubleshooting.
Tech Stack
-F7DF1E?style=flat-square&logo=javascript&logoColor=black){kind=icon}
Documentation
| 🚀 Installation | 📖 Spec & Data Model | 🤝 Contributing | 🔒 Security | 📋 Changelog | 📌 Backlog |
|---|
Roadmap
✅ Core modules - Dashboard, Tasks, Shopping, Meals, Calendar, Notes, Contacts, Budget
✅ Calendar sync - Google Calendar + Apple iCloud bidirectional sync
✅ PWA - Service worker, offline mode, install prompt
📋 Push notifications for deadlines and reminders
📋 Household inventory tracking