How can I make sure that a third-party module (MMM) is safe to use?

Reply to How can I make sure that a third-party module (MMM) is safe to use? on Fri, 04 Apr 2025 22:39:57 GMT

sdetweil — Fri, 04 Apr 2025 22:39:57 GMT

@BKeyport i know, didn’t want to go down that rat hole

i proposed some module standards, (based on that experience) no minified code, so that bad actors cant hide.

there are currently only 7 modules w minified code, but they were all generated from typescript source. so minified in that case is unimportant.

we dont have a way to enforce any such standards
makes me think of some vault to keep things from disappearing too

BKeyport — Fri, 04 Apr 2025 22:27:07 GMT

@sdetweil … depends on how to define bad actor. We’ve not had any developers that have used the platform in a bad way with their modules, yes…

sdetweil — Fri, 04 Apr 2025 20:48:12 GMT

@TagTube there are no advisories . examining the code is the only way. no tests you can run

so far because of opensource we have not had any bad actor developers