These are not bugs that prevent the usage of PasswordMaker, but I investigated the encryption of the master password when stored on disk to see if I could recover it (I typed it once and even forgot about it a few months after... :-).
First, the aes encryption key is not 256 bits as advertised at
https://passwordmaker.org/passwordmaker.html but only 128 bits as set in variable keySizeInBits in aes.js. As a proof, the key stored on disk is only 32 characters (16 hex bytes or 128 bits).
Second, the key is only made of digits in the range 0 to 9 and not hexadecimal digits. It reduces the key space.
Although it would not improve the security of the master password if all the key space and aes-256 were used, it may be a concern if they are reused in some other part of the code that should be more secure...
Frederic