How can I make sure that a third-party module (MMM) is safe to use?

TagTube

Hi everyone,

I’m starting to explore third-party MagicMirror modules (MMMs), and I’ve found some really cool ones. However, before I install anything, I want to make sure I’m not putting my system or data at risk.

What are your tips for checking whether a third-party module is safe and trustworthy?
Are there any red flags I should look out for in the code or repository?
Do you only use modules from specific sources?

Thanks in advance 😊

sdetweil

@TagTube there are no advisories . examining the code is the only way. no tests you can run

so far because of opensource we have not had any bad actor developers

BKeyport

@sdetweil … depends on how to define bad actor. We’ve not had any developers that have used the platform in a bad way with their modules, yes…

sdetweil

@BKeyport i know, didn’t want to go down that rat hole

i proposed some module standards, (based on that experience) no minified code, so that bad actors cant hide.

there are currently only 7 modules w minified code, but they were all generated from typescript source. so minified in that case is unimportant.

we dont have a way to enforce any such standards
makes me think of some vault to keep things from disappearing too