Read the statement by Michael Teeuw here.
How can I make sure that a third-party module (MMM) is safe to use?
-
Hi everyone,
I’m starting to explore third-party MagicMirror modules (MMMs), and I’ve found some really cool ones. However, before I install anything, I want to make sure I’m not putting my system or data at risk.
What are your tips for checking whether a third-party module is safe and trustworthy?
Are there any red flags I should look out for in the code or repository?
Do you only use modules from specific sources?Thanks in advance 😊
-
@TagTube there are no advisories . examining the code is the only way. no tests you can run
so far because of opensource we have not had any bad actor developers
-
@sdetweil … depends on how to define bad actor. We’ve not had any developers that have used the platform in a bad way with their modules, yes…
-
@BKeyport i know, didn’t want to go down that rat hole
i proposed some module standards, (based on that experience) no minified code, so that bad actors cant hide.
there are currently only 7 modules w minified code, but they were all generated from typescript source. so minified in that case is unimportant.
we dont have a way to enforce any such standards
makes me think of some vault to keep things from disappearing too