I would like to suggest the addition of a secure, read-only version of Script.Source, accessible only from the server, and only for ModuleScript instances.
Why this is needed:
Currently, there is no official way to access the actual source code of a ModuleScript from the server side. In many advanced systems, especially tools like plugin frameworks, custom module managers, or cloud script version checkers, this kind of read-only access could be extremely helpful for:
- Debugging purposes
- Security scanning for malicious or injected code
- Code syncing/version control for development pipelines
- Reading & caching scripts dynamically without executing them
Security Considerations:
- This feature should not expose the code of
Script(regular server-side scripts) to avoid any exploitation risk. - It should only be accessible from the server environment, and never from the client.
- The returned
Sourceproperty should be read-only and not modifiable. - An optional
ReadSourcemethod instead of a direct.Sourceproperty could further clarify its purpose.
Example Usage:
local module = script.Parent:FindFirstChild("ExampleModule")
if module and module:IsA("ModuleScript") then
local source = module:GetSource() -- or module.Source (read-only)
print("Module source:\n" .. source)
end
Final Thoughts:
This change would open the door for many advanced backend systems while maintaining security boundaries. Server-side only read-access to the script source is a powerful tool for developers without compromising the security of the game or engine.
Thanks for considering this!