are plugins listed in PluginsManager safe/verified



  • Hi

    Are plugins listed in PluginsManager safe/verified?"

    Especially I’m wondering:

    • does anyone (before particular plugin appears in PluginsManager- verify code of this plugin?
    • how looks procedure (if there is such) of verifying plugins in N++ PluginsManager

    Big thanks for info ;]

    BTW. N++ is great ;]

    Cheers
    GT



  • @G-Dev ,

    If you are talking about the old plugin called Plugins Manager which hasn’t been supported in recent Notepad++ versions for more than 2 years (v7.5.9 was the last Notepad++ that Plugins Manager was compatible with), there is no support for that tool.

    If you are talking about the builtin tool called Plugins Admin, which is now part of the Notepad++ source code: as far as I know, there is no stringent vetting or code analysis – plugins can be written in any programming language which can create a DLL (which means virtually any compiler-based language), and the developers of Notepad++ cannot be expected to be security experts in all languages. Neither the official docs (https://npp-user-manual.org/docs/plugins/#plugin-list) nor the repo that Plugins Admin uses for generating the list of plugins (https://github.com/notepad-plus-plus/nppPluginList) describes the official decision process for how the developers decide what plugins to include.

    That said, the Plugins Admin dialog lists the homeapge for each plugin it links to (or you can look in the repo for the list of pages and download links for each included plugin), so for any that are open source, you can feel free to check the source code yourself. I’d recommend more caution for any plugin that has a DLL but no source code shown. But there is the benefit that the Notepad++ community is reasonably large, and I am sure there would be a quick outcry if any plugin was poorly behaved or did something malicious.


Log in to reply