Creator Marketplace: Improving Model Safety

I disagree that its worse. Its better for the models to not be included in search rather than the models not existing at all.

Also, what you described isn’t a shadowban.

1 Like

Are you kidding? That’s even worse! I dont want my model removed from search…


In my opinion, it’s a nice compromise

Most developers use direct links to link models rather than asking for people to search for something, so the cutoff isn’t that extreme


Overall, not a fan of this update for a couple of reasons:

  1. I feel like there could have been a more passive solution to solve this rather than straight up removing models that contain these from the creator marketplace. I’ve noticed Roblox has started taking this approach (like they did with the audio privacy changes where they straight up privatised all audio) and I am not very happy with it.

  2. We were not given any prior notice to this update, it was just released out of the blue which gives us no time to update any code that could conflict with these changes.

  3. How do you get your model whitelisted for use in the marketplace while still containing this code? We weren’t given any information or ability to try and get our assets approved, instead Roblox seemed to just handpick the most popular assets that rely on this.

Pretty much all of these points have been picked up on by other people but have not received any official response from Roblox themselves, I can only hope they will answer these questions and others.

Yes, however these are the main models that use require() and are already confirmed to be safe.

No code will “conflict” with these changes, they only affect the marketplace, not the actual content in experiences / models.


I can confirm that 2018 Adonis barely functions and does not hold the quality standards we have today.

This is Roblox. We need solutions to be as idiot proof as possible for the consumer. HD Admin is a standard in “free admin” games because it’s just what’s done. I can’t wait for Nanoblox to deprecate that cursed system.

On the contrary, if an auto updating package gets malware in it, and the development is inactive, the game is now infected.

Again, security fixes take precedence over the possibility of the asset becoming infected. We’ve had dozens of patches yet not one hijacking. How would a user know if when they manually update the package is not infected? People had to install the node-ipc package update manually. Your point has some sense but is ultimately flawed in the market and context of Roblox where people don’t do things they should do. HD, Kohls, SimpleAdmin and Adonis still get people commenting on the damn thing claiming it’s malware, they should probably have checked!

1 Like

I should probably clarify, when I said conflict, I did not mean it would break existing code, I just meant models containing this code would clash with these new marketplace rules.

I haven’t looked through all the posts, so I am just going to state my thoughts about require(id): I benefit from this with my less popular Nexus Admin and with my much more important Nexus VR Character Model. Being able to push out major updates to fix major issues has been super important, which is why I use it. It isn’t something I and a lot of others wouldn’t want to give up. The downsides that others have stated are severe though: loading in malicious code directly through an update. See SolarWind’s supply chain attack in 2020.

I saw mentions of free model versioning, and I would love to see this. The problem for me is it would prevent me from pushing out major fixes to people who don’t know to care about updating models. Migrating from Nexus VR Character Model V1 to V2 was hell for me and required dozens of hours of just messaging people to update. I can see the models I have listed above still appear in the marketplace search when the… shouldn’t(?), which is good for now. The point where this will cost me a lot of time in replying to messages is when the MainModule or old versions being the only thing that comes up when searching becomes the normal reality with this update.


Reusable Packages will become the go-to solution for this if they can just slightly enhance Access Permissions. I’ve written up a feature request for this including more details here:


That seems wrong, marking this post as a “solution”.

Roblox is a communitydrifen game and nearly every developer who replied here, says that this Update is bad.
Just because one of the “Creator Marketplace” Team got Ideas (which are bad), now those Assets are banned from the toolbox.
I‘m wondering (like @iGottic) how much time went into planning this.
And no, this feature won’t be revert, our lovely “Creator Marketplace Team” wont undo this.
Hearing Feedback is the most important thing. And… Roblox doesn’t hear us.

I wish (like hopefully everyone here) that Roblox gets transparent towards the community.

There many, many other solutions (that even other developers suggested!).

“We are not disabling any Assets”
→ Well, if you remove them, you certainly are disabling those.

Summery: Roblox needs to listen to the Community, or else everyone quits. Just do a voting before implementing Features next time.
So easy.

1 Like

That’ll be Roblox in moderation I need to go in I have to be administration
Turn on Roblox that are used I want you to accept me from in the group Official of group Roblox

How about just making a option to whitelist certain require Id’s you trust, shouldn’t be that hard right?

1 Like

I have to do official of Group Roblox
But I think they will accept you from application

that property is currently bricked and doesn’t work for anything but Lua assets made by the game owner or Roblox

Correct me if I am misunderstanding something here.

Instead of creating tools within Studio providing granular permissions to control third party code (this has already been done with HttpService), the Creator marketplace is now censoring these assets?

I get it’s somewhat of a difficult situation to allow legitimate developers who don’t abuse these features along with the shear amount of malicious users, but these limitations make the Creator Marketplace almost pointless for legitimate closed source products. As it currently stands, it would be better to distribute such products outside the Creator Marketplace, such as a website or Discord …


I have to come back to this and bump it since I’ve just updated a plugin now that I’m in the Plugin Marketplace program, and I can’t see it in Studio or on

Does removing any references of require() stop your plugin from showing up still? I checked with a virus scanner that scans anything that has require code and I confirmed I removed the require() yet it still does not show up:

@tubin_tubs it would be incredibly appreciated if I could get a reason for this behaviour by search or get it fixed.


Or even better make it so you can select a certain id in the model page that can use it to import into games, It will prevent other people from calling it / using it ingame meaning it will be locked to one person or more depending on whoevers id is there!

I just was pointed to this recently due to issues regarding my model too and its general use. If Roblox’s goal is to help its developers then similar to the individual far above who mentioned he spends hours per day making models for the marketplace, his work is all in vain.

Though I’m certain Roblox has its reasons for the update namely in choosing average inexperienced developer experience over powerful tools that allow models to do something as important as auto-update, I do think that it’s taking away an important feature from developers and like me, half of them probably don’t even know this is happening to their models.

I just happened to realize about half a year later that my model is not displayed on the marketplace when I put a ton of time (about half a year lol) into developing models for general use. I’ve made many incredibly useful updates to the model and it utilizes an auto-updating style system that I planned to have used at a more general level until I realized this was a thing.

Having an individual staff team to whitelist certain models may seem like a waste but if you make it possible yet difficult, the people that are actually trying to get their models used in the marketplace will be the ones that get through.

There are various other methods that people here discussed as well such as warning about required scripts and having people trust the author. Plugins are far more dangerous than half of the free models thrown around to inexperienced developers but are filtered much more loosely.

Few to no developer believes this to be a good way of solving the issue because it doesn’t just end the “virus issue” (which is it does not solve… the people who fell for these fall for ANY type of ‘virus’ related script it takes one line to insert even worse ‘viruses’ but you took away something seriously important for developers like me and those above.

It’s discouraging in the fact that this update not only doesn’t stop any issue but it in fact can make things worse. Since my model will not be displayed in the marketplace but if people are aware my model is FREE to use, if they search it up on the marketplace they will see FAKE versions of my model and MINE will not even exist in the marketplace - making it even EASIER for people to get fooled.

Not to mention if I delve into the marketplace now there’s still equally ridiculous “virus’” flying around that have the exact same impact as require does. This update has ONLY harmed real developers while not even improving the inexperienced developer’s understanding of marketplace use with free models.

thanks for coming to my slightly salt infused ted talk
just 6 months thats all

that’s so true
but this doesn’t prevent that. it makes it harder for someone who knows what theyre doing to see it
and people who know what they’re doing, if warned, will know not to allow it

the people that don’t know what they’re doing will have a malicious script inserted plain as could be and be none the wiser. it’s not prevention.