Creator Marketplace: Improving Model Safety

I don’t think this is the right attitude here. Maybe they don’t care, but regardless they should be forced to care for the greater good of consumers; this is why versioning exists! There’s nothing wrong with using an old version of a package if it still works, that’s what most developers do. On the contrary, if an auto updating package gets malware in it, and the development is inactive, the game is now infected. This isn’t about personal security - I’m sure your team has strict security - but about the fundamental issue.

I believe regulars have the ability to post Bug Reports and Feature Requests, but promotions to regular have been “on hold” since 2020 when the Post Approval program ended.

I disagree that its worse. Its better for the models to not be included in search rather than the models not existing at all.

Also, what you described isn’t a shadowban.

Are you kidding? That’s even worse! I dont want my model removed from search…

In my opinion, it’s a nice compromise

Most developers use direct links to link models rather than asking for people to search for something, so the cutoff isn’t that extreme

Overall, not a fan of this update for a couple of reasons:

1. I feel like there could have been a more passive solution to solve this rather than straight up removing models that contain these from the creator marketplace. I’ve noticed Roblox has started taking this approach (like they did with the audio privacy changes where they straight up privatised all audio) and I am not very happy with it.

2. We were not given any prior notice to this update, it was just released out of the blue which gives us no time to update any code that could conflict with these changes.

3. How do you get your model whitelisted for use in the marketplace while still containing this code? We weren’t given any information or ability to try and get our assets approved, instead Roblox seemed to just handpick the most popular assets that rely on this.

Pretty much all of these points have been picked up on by other people but have not received any official response from Roblox themselves, I can only hope they will answer these questions and others.

Yes, however these are the main models that use require() and are already confirmed to be safe.

No code will “conflict” with these changes, they only affect the marketplace, not the actual content in experiences / models.

I can confirm that 2018 Adonis barely functions and does not hold the quality standards we have today.

This is Roblox. We need solutions to be as idiot proof as possible for the consumer. HD Admin is a standard in “free admin” games because it’s just what’s done. I can’t wait for Nanoblox to deprecate that cursed system.

On the contrary, if an auto updating package gets malware in it, and the development is inactive, the game is now infected.

Again, security fixes take precedence over the possibility of the asset becoming infected. We’ve had dozens of patches yet not one hijacking. How would a user know if when they manually update the package is not infected? People had to install the node-ipc package update manually. Your point has some sense but is ultimately flawed in the market and context of Roblox where people don’t do things they should do. HD, Kohls, SimpleAdmin and Adonis still get people commenting on the damn thing claiming it’s malware, they should probably have checked!

I should probably clarify, when I said conflict, I did not mean it would break existing code, I just meant models containing this code would clash with these new marketplace rules.

I haven’t looked through all the posts, so I am just going to state my thoughts about require(id): I benefit from this with my less popular Nexus Admin and with my much more important Nexus VR Character Model. Being able to push out major updates to fix major issues has been super important, which is why I use it. It isn’t something I and a lot of others wouldn’t want to give up. The downsides that others have stated are severe though: loading in malicious code directly through an update. See SolarWind’s supply chain attack in 2020.

I saw mentions of free model versioning, and I would love to see this. The problem for me is it would prevent me from pushing out major fixes to people who don’t know to care about updating models. Migrating from Nexus VR Character Model V1 to V2 was hell for me and required dozens of hours of just messaging people to update. I can see the models I have listed above still appear in the marketplace search when the… shouldn’t(?), which is good for now. The point where this will cost me a lot of time in replying to messages is when the MainModule or old versions being the only thing that comes up when searching becomes the normal reality with this update.

Reusable Packages will become the go-to solution for this if they can just slightly enhance Access Permissions. I’ve written up a feature request for this including more details here:

That seems wrong, marking this post as a “solution”.

Roblox is a communitydrifen game and nearly every developer who replied here, says that this Update is bad.
Just because one of the “Creator Marketplace” Team got Ideas (which are bad), now those Assets are banned from the toolbox.
I‘m wondering (like @iGottic) how much time went into planning this.
And no, this feature won’t be revert, our lovely “Creator Marketplace Team” wont undo this.
Hearing Feedback is the most important thing. And… Roblox doesn’t hear us.

I wish (like hopefully everyone here) that Roblox gets transparent towards the community.

There many, many other solutions (that even other developers suggested!).

“We are not disabling any Assets”
→ Well, if you remove them, you certainly are disabling those.

Summery: Roblox needs to listen to the Community, or else everyone quits. Just do a voting before implementing Features next time.
So easy.

That’ll be Roblox in moderation I need to go in I have to be administration
Turn on Roblox that are used I want you to accept me from in the group Official of group Roblox

How about just making a option to whitelist certain require Id’s you trust, shouldn’t be that hard right?

I have to do official of Group Roblox
But I think they will accept you from application

that property is currently bricked and doesn’t work for anything but Lua assets made by the game owner or Roblox

Correct me if I am misunderstanding something here.

Instead of creating tools within Studio providing granular permissions to control third party code (this has already been done with HttpService), the Creator marketplace is now censoring these assets?

I get it’s somewhat of a difficult situation to allow legitimate developers who don’t abuse these features along with the shear amount of malicious users, but these limitations make the Creator Marketplace almost pointless for legitimate closed source products. As it currently stands, it would be better to distribute such products outside the Creator Marketplace, such as a website or Discord …

I have to come back to this and bump it since I’ve just updated a plugin now that I’m in the Plugin Marketplace program, and I can’t see it in Studio or on create.roblox.com.

Does removing any references of require() stop your plugin from showing up still? I checked with a virus scanner that scans anything that has require code and I confirmed I removed the require() yet it still does not show up:

image2096×792 57 KB

@tubin_tubs it would be incredibly appreciated if I could get a reason for this behaviour by search or get it fixed.

Or even better make it so you can select a certain id in the model page that can use it to import into games, It will prevent other people from calling it / using it ingame meaning it will be locked to one person or more depending on whoevers id is there!