alt Hacker NewsEvery update is scanned, and we will be regularly re-scanning all the latest versions of every plugin as we improve the system. The review system is based on our eslint plugin which itself open source and reproducible, so anyone can contribute to improving it: https://github.com/obsidianmd/eslint-plugin
And since plugins are open source, users can also audit the code and flag issues via the Community site.
Replies
chrisweekly • yesterday at 8:17 PM
Longtime (early adopter) Obsidian user here. Thank you for such an amazing tool. And congrats on the launch!
Curious if you considered oxlint^1? (It's a a faster, simpler, near drop-in replacement for eslint.)
➕ show 1 reply
That's very cool - using a linter as a standardization system removes a lot of the guesswork out of submitting! But it's an unenviable challenge to guard against bad actors here - there's now an open-source oracle that an attacker could use to see if their technique would sneak by the review process, and they can have a coding agent iterate until successful.
I might encourage adding things like https://ofriperetz.dev/articles/eslint-plugin-security-is-un... or https://github.com/mozilla/eslint-plugin-no-unsanitized as things that flag for further review - and likely adding even more that you might not publicize as part of the eslint-plugin repository, so there's a more obscure level of protection that might catch a would-be attacker!