Community
    • Login

    are plugins listed in PluginsManager safe/verified

    Scheduled Pinned Locked Moved
    General Discussion
    2
    2
    732
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G DevG
      G Dev
      last edited by

      Hi

      Are plugins listed in PluginsManager safe/verified?"

      Especially I’m wondering:

      • does anyone (before particular plugin appears in PluginsManager- verify code of this plugin?
      • how looks procedure (if there is such) of verifying plugins in N++ PluginsManager

      Big thanks for info ;]

      BTW. N++ is great ;]

      Cheers
      GT

      PeterJonesP 1 Reply Last reply Reply Quote 0
      • PeterJonesP
        PeterJones @G Dev
        last edited by

        @G-Dev ,

        If you are talking about the old plugin called Plugins Manager which hasn’t been supported in recent Notepad++ versions for more than 2 years (v7.5.9 was the last Notepad++ that Plugins Manager was compatible with), there is no support for that tool.

        If you are talking about the builtin tool called Plugins Admin, which is now part of the Notepad++ source code: as far as I know, there is no stringent vetting or code analysis – plugins can be written in any programming language which can create a DLL (which means virtually any compiler-based language), and the developers of Notepad++ cannot be expected to be security experts in all languages. Neither the official docs (https://npp-user-manual.org/docs/plugins/#plugin-list) nor the repo that Plugins Admin uses for generating the list of plugins (https://github.com/notepad-plus-plus/nppPluginList) describes the official decision process for how the developers decide what plugins to include.

        That said, the Plugins Admin dialog lists the homeapge for each plugin it links to (or you can look in the repo for the list of pages and download links for each included plugin), so for any that are open source, you can feel free to check the source code yourself. I’d recommend more caution for any plugin that has a DLL but no source code shown. But there is the benefit that the Notepad++ community is reasonably large, and I am sure there would be a quick outcry if any plugin was poorly behaved or did something malicious.

        1 Reply Last reply Reply Quote 3
        • First post
          Last post
        The Community of users of the Notepad++ text editor.
        Powered by NodeBB | Contributors