Category guide

Custom nodes & extensions — ComfyUI, Automatic1111, helper scripts

This category covers ComfyUI custom nodes (Python packages under the ComfyUI custom_nodes folder), Automatic1111 / SD WebUI extensions, and small installable utilities that extend open-source UIs. Buyers search ComfyUI custom node download, ControlNet node pack, or sell A1111 extension; Truve gives them a store with payments and delivery instead of zip files in forum threads. Below is a long-form reference on supply-chain risks, reproducible installs, licensing, and how Truve’s USDC on Base checkout fits next to GitHub Sponsors — aimed at ranking for serious queries like ComfyUI extension marketplace and buy ControlNet preprocess nodes.

Why ComfyUI custom nodes deserve a dedicated marketplace lane

Open-source UIs move fast: upstream renames inputs, CUDA wheels change, and community nodes fork overnight. Power users tolerate git pulls; paying customers want receipts. When someone types ComfyUI custom node download they are often mid-project with a deadline, weighing whether to trust a random Mega link. Truve standardizes listing metadata, pricing, and encrypted delivery after a successful wallet payment, while sellers keep 95% of revenue after a transparent 5% fee. That structure nudges the ecosystem toward documented releases instead of ephemeral Discord uploads.

This category sits adjacent to ComfyUI workflows: if your primary artifact is a graph JSON with minimal glue code, list there; if buyers must pip install or drop a Python tree into custom_nodes, you are in the right place here.

Buyer due diligence: treating nodes like any other dependency

Before you execute a purchased node pack, skim the requirements.txt equivalent: declared torch builds, optional CUDA extensions, and any post-install scripts. Prefer listings that link to public git history or provide SHA256 hashes for shipped zips. Run first in a disposable venv or container if your studio policy requires it. Check whether the seller supports Windows-only wheels if your artists use Macs — CUDA-specific binaries are a frequent mismatch. Ask in advance how updates propagate when ComfyUI core changes queue APIs.

Map the node surface area to your threat model: does it read arbitrary paths from user input, shell out to ImageMagick, or download remote models at runtime? Each “yes” is not automatically disqualifying but should be reviewed with the same rigor as internal code. Keep an allowlist of approved Truve sellers if your studio onboards multiple packs over time.

What professional node authors document for B2B buyers

Studio buyers love semantic versioning, migration guides between minor releases, and explicit statements about thread safety when nodes touch the filesystem or network. Provide a minimal reproduction graph that only uses your nodes plus stock primitives so QA can validate installs without your entire secret sauce. If you monetize support hours, separate SLA tiers in the README from the base SKU so finance teams understand what they bought.

ComfyUI-Manager compatibility, git URLs, and manual install paths

Many users install via ComfyUI-Manager when a git URL is public; others air-gap machines and need offline zip instructions. Document both flows: clone depth, whether submodules exist, and how to verify the checkout matches your tested commit. If your node registers new server routes or opens ports, disclose that prominently — corporate security scanners flag surprises.

Automatic1111 extensions and other WebUI ecosystems

Extensions that add tabs, scripts, or API wrappers to A1111 WebUI belong here when sold as downloadable code. Clarify Python version, gradio coupling, and whether the extension expects torch 2.1 vs 2.4 stacks. If you ship cross-UI helpers (shared preprocessors usable in both Comfy and WebUI), say so — it widens legitimate search traffic without confusing buyers at install time.

When your extension touches img2img batch folders or rewrites PNG metadata, document edge cases around symlinks and UNC paths on Windows network shares — those bugs are rare but memorable when they corrupt a shoot day.

Security norms: checksums, signing, and why obfuscation erodes trust

Malware risk is real because nodes execute arbitrary Python. Truve’s roadmap includes stronger review signals; today, sellers should publish checksums and prefer readable source over minified blobs. If you must ship compiled extensions, explain why and provide a reproducible build recipe. Buyers correlating downloads with cryptominer incidents will torch reputations quickly — transparency wins SEO and revenue long-term.

Fees, delivery, and sustainable support after crypto checkout

Payments settle in USDC on Base; files unlock via the same Lit-backed delivery model described on the Truve homepage. The low fee leaves margin for maintainers to ship bugfix tags without resenting every buyer. Cross-link complementary automation scripts when your “node pack” is mostly standalone CLI glue rather than in-graph operators.

What sellers should ship

• Git commit hash or version tag — so buyers can reproduce bugs.
• Dependencies — torch, xformers range, extra pip packages.
• ComfyUI manager compatibility — manual install path + optional git URL.
• License — MIT, GPL, or commercial; must match bundled code.

Typical listings

Risk & reputation

Arbitrary code is sensitive. Truve’s roadmap includes review signals and optional verification; at minimum, listings should link to public source or checksums so buyers aren’t running unknown binaries.

Open-source licenses: GPL, MIT, and dual-licensing for commercial studios

If your node extends repositories under copyleft licenses, explain how buyers can comply when they ship internal forks. MIT-style permissive licenses simplify adoption but may undercut dual-license upsell — pick a strategy and disclose it. Avoid mixing incompatible licenses in one zip without a NOTICE file; legal reviewers in enterprises actually read those.

Dual-licensing stories work when the value line is crisp: community edition on GitHub with AGPL, commercial tarball on Truve with indemnification-friendly terms. Whatever you choose, mirror the same version tags across channels so diff-happy buyers can audit parity. If you accept third-party contributions, maintain a CLA or DCO note so downstream corporations are not surprised by contributor IP chains.

CI, automated tests, and regression graphs sellers can attach

Advanced listings sometimes include a tiny pytest suite that mocks torch tensors to validate node registration without a GPU farm. Even a five-test harness signals professionalism. Attach a golden Comfy workflow that must execute green on tagged releases — buyers can run it in CI after upgrades. Document expected wall time on a named GPU so QA budgets cluster minutes realistically.

When upstream breaks your nodes, publish migration commits with human-readable summaries (“rename `mask` input to `mask_opt` following ComfyUI #1234”). Those commit messages become searchable long-tail documentation that helps both Google and frustrated users.

Glossary: terms buyers search with “ComfyUI custom nodes”

Preprocessor nodes turn RGB images into control signals (canny edges, depth maps). Latent nodes manipulate tensors before VAE decode. VRAM estimation helpers sometimes ship as nodes that profile subgraph memory peaks. Group nodes bundle subgraphs for UX; breaking changes to group serialization have historically caused upgrade pain — mention if your pack relies on them.

Bookmark this page when you compare ComfyUI extension marketplace options — Truve publishes category-level guidance so you are not guessing policy from a tweet thread. We will keep this guide updated as install tooling and fee structures evolve toward public launch.

FAQ — nodes & extensions