How do I go about trusting a 3rd party plugin?

The Challenge

Hi Obsid-fam, I’d like to use all these neat community plugins. The challenges is, how do I check a plugin for security concerns?

What I’m trying to do

I’d like to check a community plugin for any trust concerns. I can imagine three ways of I’d normally do something like this

  1. Have a public space where reviews and ratings can be aggrigated.
  2. Use some security scanning tool to check a plugin’s github page.
  3. A review site where any inclined or trusted specialist reviews and shares what they found about the plugin.

I only know enough to be concerned and not trust currently, but I’d love to hear how any of you are going about checking any plugin for concerning behaviors.

Just as an example; I’d like to use Customizable Page Header and Title Bar to make my mobile experience a bit easier. Is it safe? How could I tell? I couldn’t find any clear-cut approaches on the forums here, on github, or the wider internet.

Thanks for any help gang.

I have the same thoughts. I try to use “social proof” - GitHub Stars count and Obsidian download counts primarily.

1 Like

Right. I’ve been reading through github pages just to get a feel for how they present and approach the project and transparency. And there’s always the challenge of a project pulling from sources that are inherently not-data-security-friendly.

I was imagining something like an online virus scan that looks for code snippets that phone home or perform other questionable behaviors. It might exist, I just don’t program or know enough about the github space.

You are making me worried and curious at the same time

1 Like