Are ModuleScripts Server-sided or Client-sided?

I’ve been working on securing my game more and more by adding ModuleScripts, but I’m wondering if ModuleScripts are even worth the trouble if they don’t do much.

I have a LocalScript in the StarterGui of every player called MouseManager.

Screen Shot 2020-09-19 at 1.04.45 PM

This script gives the player the ability to delete stuff with their cursor depending on the properties of that part. I only use UserInputService within the LocalScript, and then require the actual code through a ModuleScript, which is located in the ReplicatedStorage.

Is this a good idea, or is this a security breach? If so, where else can I place the MouseManager?

ModuleScripts are server-sided if required in a Script and client-sided if required in a LocalScript.

4 Likes

ModuleScripts are both Client and Server-sided, as explained by @COUNTYL1MITS. Exploiters can still read through module code if required by the server or not, although, if you want to have your managers share code but not copy-paste, I’d suggest using ModuleScripts. You can’t stop exploiters fully.
I’d suggest having your MouseManager in StarterPlayerScripts, though, alongside your other managers.
If you want to “hide” your ModuleScripts from the client, have them be in ServerStorage.

2 Likes

As said @COUNTYL1MITS, If you call function by localscript the code will run in local,
When you call function by Server Script the code will run in Server!

2 Likes

The server will see the module script as it is initially.

Each client sees their own version of a module script, without affecting it to the server.

A module can be safely placed in ReplicatedStorage without exploitation since the server will not see client-sided modules. Often, modules are placed in ReplicatedStorage to provide easy access as client-required modules or modules that can support both client-side and server-side.

6 Likes