Removing Support for Third Party Closed Source Modules


It is just terrible that if you put modules on the group and require it in the group that it still gives the warning message that you are using a module from someone else this needs to be fixed asap for groups or have a way to make it work for groups since when they are gonna remove it completely then group games cant use hidden code anymore


I will grant that being able to see the code makes it easier to tell if the code is malicious as opposed to working with a black box. However, you can choose to use an open source project without taking a tool away from the community.

The second part, is not accurate. Regardless of if the module is private or public, if you are requiring someone else’s code via this method they could update that code at any time, without your knowledge. There is no change in this behavior with the proposed change.

There was nothing stopping anyone from making projects open source before and utilizing any of the tools available for open source projects. There are already a bunch out there including one of the popular admins since you were using that as a reference. If you would like an open source project where one does not exist, be the one to start it, but again it is not necessary to take a tool away from the community.


Hello! I had a question about the removal of Private Modules. My friend owns a group, however I dev for it. I have my own closed source modules that I made, and they are being used in the game. You said that private modules can still be used in our own games, but can they be used in other people’s groups that we have dev access for? It would be awful if not because I don’t own the group however I made the place and module script. Thank you.


I had the exact same situation, but unfortunately the answer is no - a group you have edit access for cannot use your closed source module. I was receiving the warnings in F9 logs and I had to publish the module to the group.


Think of the new module restrictions like the changes to InsertService back in 2011. If you publish something under the Group models, it can be inserted at any of that Group’s games, but not necessarily at that Group’s members’ games. You can always send the Group owner a closed-source copy of your module to re-upload under the Group. Only high-ranking members with asset-editing permissions will be able to view your code.


That’s outrageous! ROBLOX really messed up on this one.


So basically I can’t even use private modules in a friend’s group that I dev for. I made the place but I can’t insert a module into it. Absolutely awful.


That’s the issue. I don’t want high ranking members to take my code. But its my game, and I can’t insert a private module. ROBLOX better be re thinking this.


I agree.

I have a model which uses HTTP requests which must be hidden otherwise, well, bad.
I was just thinking, maybe if there was things like that, the model could be read only and the author could decide whether the links were hidden from the client, and whether it works in the editor.

Just a potential thought, but I’m sure there are a lot of things which could be said against it.


I don’t know your story, but I wouldn’t be working with people that I don’t trust with my code.


I understand the intentions behind closing third party closed sourced modules however all it would take if for the abuser of these modules to make the module public and then the game is once again infected. As most users who infect their games with these modules are newer developers who don’t know about what is wrong they won’t check the source code. I understand many developers want to see the source code and I 100% agree but I also believe there is a bar between what should and should not be shared. If someone creates a products that uses things like API keys using HTTP Service they should not be allowed to view those credentials as they are usually used for the serves themselves.

I have an idea, maybe if your game has a closed source module in it when you insert the script with it it will give a popup saying something like “Model includes a closed source module, do you trust?” and from there the developer has control over it without any worries about accidentally inserting a model with an infected script.


Exploiters and the like also have the same mind as the majority of the scripters here, they actually don’t want their source code leaked as well. Albeit, not every exploiter has that mindset but if they didn’t care about their source being spread around, why didn’t they just make it public?

Yes, it might be easy for them to simply make the code open-sourced, but it also makes the rest of us easier to realize that this code is a harmful one and anyone that has the script that requires it in their game is able to do malicious actions within the game.

A warning that pops up when something is inserted that involves a closed source module makes no difference, people will click yes regardless of the code. For example, every time you sign up for an account on a website, you will most likely click the I agree to the Terms and Conditions box without even bothering to look at any of the terms or conditions. The same concept is applied here, many people will simply click yes regardless of the outcome and the warning is thus redundant.


Like Optikk pointed out, I simply do not get how you can trust high ranking members with edit permissions but not trust them with a private module…? Your entire game could be leaked by a simple download button but yet you’re trying to fight for a single script? :thinking:

Worst case scenario you take their edit permissions away. Have them share individual games with you if they are part of development and use what they share with you from there.


Exploiters will do whatever to infect games even if it means that their code is at stake. Also a simple popup would help because Terms and Conditions are usually 20 pages of information that no one cares about, while a popup that could explain what could happend might help as now you would be informed on a private module being inserted into your game rather than you inserting a model and not knowing the effects.


Even if a warning shows up for private modules, ultimately it will do nothing as the developers are simply provided with absolutely no information on the private module that is being added to their game. Unless they are given the source code of the private module, in which they can then read through like the terms and conditions, the warning serves practically no purpose.


It would serve the purpose of allowing the user to know that an unknown private module is being inserted. If I were to insert a private module like CheckMeIn and got the notification I would be like alright! But if I insert say a mountain model from the toolbox and get the popup I would be suspicious and check it out. Part of the notification would hopefully be a button to go to the script itself and see what it is and so you can delete it. But will this stop exploiter completly? No, Will this maybe cut back on exploiters and give developers the freedom of Private Modules? Yes.


Well, its my friend that is holding the group. We both founded it and I created a good code for it and he said he wanted it. I am afraid he will come on the game and take it which I do not want.


This post was flagged by the community and is temporarily hidden.


If you feel as though your friend, who founded the group with you and should have mutual trust with you, will betray you and run off with the code, then sell it to them for a price you feel reasonable and say that it is a price that they must give for protection of your services.


See, I wouldn’t have to do that if ROBLOX simply didn’t remove private modules.