[farawayea]

https://github.com/home-assistant/core/blob/dev/requirements... lists all the direct dependencies installed in the container.

It's enough for just a single direct or indirect dependency to be compromised to have a botnet or turn it into something used for surveillance against the users.

Preventing it from exfiltrating data by isolating it from the network with Internet access is the only option if you want to run it. This requires local only devices.

Accessing it through the web UI or through the mobile app will still load icons from https://brands.home-assistant.io. The details are in this ticket https://github.com/home-assistant/frontend/issues/18549

[goodpoint]

omg one THOUSAND dependencies.

[farawayea]

Those are just the direct dependencies as far as I can tell.

The frontend has its own dependencies.