NexVyd Project: Missing Requirements.txt File Bug

Hey everyone! We've found a bug in the NexVyd project that we wanted to bring to your attention. Specifically, it's about a missing requirements.txt file, which makes setting up the project a bit of a headache. Let's dive into the details!

Bug Summary

The main issue is that the project is missing a requirements.txt file. This file is crucial because it lists all the Python dependencies needed to run the project. Without it, installing these dependencies becomes error-prone. More importantly, this violates the Bug Bounty Round requirements, which state that the setup instructions should be complete.

Think of the requirements.txt file as a shopping list for all the Python packages your project needs. When it's missing, it's like trying to cook a recipe without knowing all the ingredients. It makes the whole process much harder and increases the chances of something going wrong. For those participating in the Bug Bounty Round, remember that providing complete setup instructions is a key requirement, and the absence of this file definitely impacts that.

Having a requirements.txt file ensures that anyone can easily replicate the project environment, making collaboration and troubleshooting much smoother. It's a standard practice in Python development and helps maintain consistency across different machines and environments. The file typically includes the names of the required packages along with their specific versions. This is super important because different versions of the same package can sometimes have incompatible features or bug fixes. Specifying the versions in the requirements.txt file guarantees that everyone is using the same versions, preventing unexpected issues.

Furthermore, the absence of this file can lead to dependency conflicts and other installation problems. When dependencies are not explicitly managed, it becomes more difficult to track and resolve issues related to package versions. This can significantly increase the time and effort required to set up and run the project, especially for new contributors or users. Therefore, including a requirements.txt file is not just a matter of convenience; it's essential for ensuring the stability and reliability of the project.

Steps to Reproduce

Alright, so how do you see this bug in action? Here’s how:

1. Head over to the project repository. You know, the place where all the code lives.
2. Look for the requirements.txt file in the root directory. This is usually where it should be.
3. Notice that the file isn't there. Yep, it's missing!
4. Try following the README instructions. You'll see a long pip install command listing the dependencies manually.

Basically, instead of a neat requirements.txt file, the README has a lengthy pip install command. This isn't ideal because it's not the standard way to handle dependencies.

To further elaborate on these steps, let's break down why each one is crucial for identifying the bug. First, navigating to the project repository is the starting point. Once there, the presence (or absence) of the requirements.txt file should be immediately apparent. The root directory is the standard location for this file, so if it's not there, it's a red flag. Next, attempting to follow the README instructions will highlight the alternative method used for dependency installation. This is where you'll encounter the long pip install command, which, while functional, is less maintainable and more prone to errors compared to using a requirements.txt file.

This manual installation process is not only less convenient but also makes it harder to manage dependencies in the long run. For instance, if you need to update a specific package, you would have to manually modify the pip install command in the README, which is not scalable. Additionally, it doesn't provide a clear way to specify version numbers, potentially leading to compatibility issues. By following these steps, anyone can quickly confirm the absence of the requirements.txt file and understand the implications of this missing component.

Expected Behavior

Ideally, there should be a requirements.txt file chilling in the root directory. This file should list all the Python dependencies, along with their version numbers. This makes sure everyone can install the exact same versions, leading to reproducible installations. That's the dream, right?

Imagine it like this: you're building a Lego set, and the requirements.txt file is the instruction manual. It tells you exactly which pieces (dependencies) you need and how to put them together (install them). Without it, you're just guessing which pieces to use, and the final result might not be what you expected. In the world of Python development, this translates to potential compatibility issues, unexpected errors, and a lot of unnecessary troubleshooting.

The presence of a requirements.txt file also simplifies the process of setting up a development environment. Instead of manually installing each dependency, you can simply run the command pip install -r requirements.txt, and all the required packages will be installed automatically. This saves a lot of time and effort, especially when dealing with projects that have many dependencies. Furthermore, it ensures that everyone working on the project is using the same versions of the packages, which is crucial for maintaining consistency and avoiding conflicts. This collaborative aspect is particularly important in team environments, where multiple developers may be working on the same codebase.

Actual Behavior

Unfortunately, there's no requirements.txt file to be found. Instead, the dependencies are listed as a single pip install command in the README. This isn't a standard practice and makes managing versions a real pain.

Think of it like getting a recipe that lists all the ingredients but doesn't tell you how much of each to use. You might end up with a dish that's not quite right. Similarly, without specific version numbers, you might install versions of the dependencies that are incompatible with the project, leading to errors and unexpected behavior. This is especially problematic when dealing with older projects that may rely on specific versions of certain packages.

The use of a single pip install command also makes it difficult to track which dependencies are actually required by the project. Over time, some dependencies may become obsolete or unnecessary, but they may still be included in the installation command. This can lead to bloat and potentially introduce security vulnerabilities. A requirements.txt file allows you to easily review and update the list of dependencies, ensuring that only the necessary packages are installed. This not only improves the efficiency of the project but also reduces the risk of encountering issues related to outdated or unnecessary dependencies.

Environment Details

• Browser / Platform: Windows 11
• Deployment Link / Local Setup: Local Setup
• Date & Time of Testing: 10-Oct-25 00:27

Evidence (Screenshots / Videos)

Here are some screenshots to show what's going on:

Root Cause (if known)

Basically, the team forgot to create a requirements.txt file. According to Bug Bounty Rule 1.2.c, teams need to provide