I wanted to make a security system for my client side. But I am scared that exploiters can edit module scripts. So the question I want to ask is if exploiters can edit module scripts. If they can, then how would they achieve it?
No, they cant. But I’m pretty sure they can require it if the module script is meant for client-sided stuff.
Exploiters can edit anything on their client. They have access to the debug library and other types of stuff for reverse engineering/hooking/editing your local or module scripts. You can make your client-side anti-cheat really annoying to bypass but it can still be bypassed if the exploiter knows what they’re doing (which most don’t)
Exploiters will only be able to manipulate your ModuleScripts if you require them locally (from local scripts).
They can’t because exploits are Client Sided and if they edit ModuleScript in Client it only changes to Client, so It shows on hackers screen only, and If you really wan’t to prevent this you can check if Modules value is higher than maximum because hackers always have “craving” to make every value math.huge or infinite
Exploiters have full control over the local environment, so even if they can’t now, they definitely could in the future (and since the return values of ModuleScripts are cached, they can be “modified” with regular LocalScripts). That being said, these changes would only be reflected on the client- any server scripts requiring modules would not see any changes.