As a Roblox developer, it is now too hard to make accurate version checkers due to the marketplace update.
Due to this change we can no longer use require() or getfenv() for other assets not in game.
This breaks a lot of actually real modules, because now we cant get a version to check for updates without using the MarketPlaceService and checking a description, and that could use up one of your public model uploads, how fun!
My idea:
There could be a button to get it verified by a Roblox admin, the admin will be sent all scripts in the module to check and make sure that the require() or getfenv() is not being used for bad purposes. If it fails, it can be removed from the marketplace until fixed, or it could just block use of the feature.
If it is approved, it will have the permission to use require() and getfenv() granted, if failed, then it will not have the permission to do so.
Comments received via DMs
Nothing yet, if you wish to make a comment or suggest a change to this and you cant reply to this then shoot me a DM!
If Roblox is able to address this issue, it would improve my development experience because I would have the ability to use require() in my modules.
This would require a dedicated team for what is essentially moderating thousands or who knows how many scripts regularly just to retain old, arguably unwanted behavior. Not to mention these people would need to know Lua to some degree and be able to identify suspicious code.
I think the better solution would be leveraging packages and their updating features to allow distributable models that the game owner can update at their discretion. Unprompted updates are just a security nightmare overall.
Sorry, I was running latei n the morning to school, so I only have time to reply now.
Roblox has thousands (it’s in one of their reports, i think earnings???) of moderators, so yes, it could impact it, but my idea is a bot/AI could look through a script and flag some parts of it, and the admin has to decide if it’s not being used for good intents. The report could also include the asset that’s being required, for example, something named “Version” that just has this inside of it;
local module = {}
module.Version = "2.1"
return module
from an 4 y/o account with a ton of purchase history, and little moderation could probably pass, while something like this
local module = {}
--some backdoor
from a relatively new account that has never got a gamepass, or purchased Robux/BC/Premium would be blocked or flagged for further moderation.
