Read the statement by Michael Teeuw here.
How can I make sure that a third-party module (MMM) is safe to use?
-
Hi everyone,
I’m starting to explore third-party MagicMirror modules (MMMs), and I’ve found some really cool ones. However, before I install anything, I want to make sure I’m not putting my system or data at risk.
What are your tips for checking whether a third-party module is safe and trustworthy?
Are there any red flags I should look out for in the code or repository?
Do you only use modules from specific sources?Thanks in advance 😊
-
@TagTube there are no advisories . examining the code is the only way. no tests you can run
so far because of opensource we have not had any bad actor developers
-
@sdetweil … depends on how to define bad actor. We’ve not had any developers that have used the platform in a bad way with their modules, yes…
-
@BKeyport i know, didn’t want to go down that rat hole
i proposed some module standards, (based on that experience) no minified code, so that bad actors cant hide.
there are currently only 7 modules w minified code, but they were all generated from typescript source. so minified in that case is unimportant.
we dont have a way to enforce any such standards
makes me think of some vault to keep things from disappearing too
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login