How to make a require module work for everyone without making it public

Hello there developers!

I am having a small problem. I am trying to make a require script to insert a module but I want it to work for everyone without needing to put the module public as I don’t want others to steal it.
For now, when I try to use it in a place that I don’t own it says that “It’s not trusted for this place”. I am pretty sure this is possible as I already saw other people making this.

Thanks in advance!

I don’t believe there is any way to do this. I’d be grateful if you sent me examples of the ones you’ve seen. Honestly, I believe that this would be a great addition, but it could also be harmful, as you can’t tell if it’s going to run malicious code or not.

Edit: I believe you were referring to “Private Modules,” a deprecated and removed feature that was quite nice.

As this article here shows (just before you get to the properties), if you upload a module to ROBLOX named MainModule it should work.

Make sure it is named “MainModule”

If I remember correctly this was possible on Roblox but they removed it because the toolbox got infected with a ton of backdoor models which contained scripts with only require(SOME ID) and devs couldn’t see if that code was malicious or not.

Yes, I remember correctly

Looks like you are correct. They should update the module article.


hmm. I see. Do you maybe know an alternative solution?

As far as I know there are no alternative solutions (at least something I have heard of).
Obviously making private modules possible again would be a security risk because of the thing I just explained.

I think the concept you are trying to use is called Private Modules. It was a feature where developers could publish modules that were private but named MainModule and they could be required by scripts. This practice was used by developers who wanted to keep their modules closed-source. Approximately a year ago, they were removed. You can read about this in this official DevForum post. I believe @EmeraldSlash had a post discussing the update.

There are a few ways to keep people from taking your modules, but I personally wouldn’t recommend them.

The first one would be obfuscation. This is when you make a code really obscure and illegible to the point where the reader has no clue what’s going on with the code.
Another way would be to run the bytecode, either by storing it somewhere in the loader or importing it from a third-party API when wanting to compile it.

The module article doesn’t need to be updated because it’s not inaccurate. Private modules still exist: third party private modules have had support dropped for them. At best, a warning banner about them would be fine to include for the sake of information.

Nope, wasn’t me. Although, one of these may be relevant…

You can use Obfuscator so that no one can steal and edit your encoding.