Since plugins use the internet, security is a top priorty. Writing thread-safe, protected, and working code is very important, and we want to uphold those standards as much as possible
- Do not use any other version or server API than what is explicitly stated in the
README
. - If you are fearful, refrain from using any content that is in pre-release status or recently merged from an external user
- Look for any open security issues on a plugin before downloading. If there are any open, refrain from using it.
- Refrain from editing source code unless you know what you are doing
- Use common sense and instinct, if necessary
If you find any sort of security, immediately open an issue in the Issues
tab and add the label
If the vulnerability is super important and dangerous, add the
and
labels
If a security problem was already picked up by the Codacy Security Scan
in the Security
tab, it is known, and there is no need to report it; it is being worked on