It's a static, client-side app with no server component, so it's not surprising that someone noticed that it works just as well if the same files are served from IPFS.
Sadly, the social component of wordle is a big part of it, and that URL looks like something the average person would be scared of giving them a virus.
Not disagreeing with you about appearances, but in reality it's not any riskier than any other web site you might visit.
Someone could create a friendlier URL via Cloudflare's public IPFS gateway and DNSLink[0], though that does introduce a potential point of failure (DNS). (Those with the IPFS Companion extension or the Brave browser would be redirected to their local IPFS node, so it would only be partly dependent on Cloudflare. However, someone has to pay for the domain.)
You just need the index.html file and the main.[bundle_hash].js file. You can scrape out the Google Tag Manager import from index.html if you want, though I didn't check to see what tracking it was importing (probably basically analytics).
But so long as you have those two files in a folder, you can open index.html and it'll work fine. My friends and I have been putting in joke words in a shared clone for each other and hosting it on GitHub Pages.
Yes, the entire app is in the front end. It's not talking to a server to get new words of the day or checking answers. When you click the link and the game loads, it just loaded everything you needed to play it now, tomorrow, or some day in 2025.
