A free model that reposts a another gun model could modify the gun controller module that so happens to be another model (like the official ROBLOX RPG models do) to spam fake require messages after some real log output from different things that will happen like the raycast debug output and then require the real module in the middle.
The malicious script can spam enough so that the require print gets erased because there’s a limit to how many logs the console shows before it starts removing older ones so this is not true.
But as another person pointed out, the printing could be from the script that required it and not the module which would be much harder to identify the module that was required.
However, I want to mention this. If for any reason your game is having this activity, shut it down immediately and review your game content. Do a recursive search through all content in the game for scripts of any type and look through them all. If you are careful enough, this issue shouldn’t really be happening in your game in the first place, but I do understand that it is easy to overlook something, especially if you are a beginner developer.
either way this would be far more useful a feature if it was displayed in its own developer console tab instead where there is a guarantee that it won’t ever get cut off or not shown to the user. As of right now, I’d say my own plugin I made a while back does a better job at showing what code in your game is using requires.
Absolutely love this, will help a lot in reducing the spread of malicious assets!
I would, even more, love it if there was a place in the console (serverside) that would list all required modules in a specific game, so a malicious module can’t fill the server logs in an attempt to hide, as well as the order in which they were required and if they were required by another module.
Either way, keep up the great work! Love seeing these sorts of things get added.
This is an amazing feature and I am happy it was implemented! From what I have seen from previous replies, having these in a different printing category would make it so much easier to find the sneaky requires. I’d even love to see it in a different colour to ensure that it cannot be mistaken for a print, warn, or error.
Appreciate it. I hope that in the future the next step is allowing us to disable MainModule requires in our experiences entirely. Roblox has made a few updates in order to secure us against backdoors, but I think the most important step that should’ve been done from the start is allowing us to cut off the source to begin with and reject third party requires in our experiences if we wish.
They aren’t ‘undetectable’. Client sided anti-cheats and honeypots are a good way to weed out a lot of exploiters, particularly common cheats that are used in lots of games.
This change won’t affect cheats, and they don’t use the require(id) method anyway, generally pulling information and code from external sources
Honestly, this is just annoying. I don’t see where you get the idea that people actually still hide viruses in requires, in my five years on Roblox I’ve only ever seen this happen a couple of times.
This almost seems like fearmongering at this point.
Make an option to disable this or print it elsewhere / a new category so it’s easier to hide / ignore.
– That’s a great idea. It’s owned by another team, but I’ll bring it up with them for consideration.
Make a mechanism to disallow some / all requires in a per place or universe mechanism.
– This is on our agenda, but introspection and other features come first.
Provide more information about the asset than just the id (name, creator).
– We wanted to do this, but chose not to do this now for performance reasons because the network requests needed could delay place startup.