-
Notifications
You must be signed in to change notification settings - Fork 189
Security and Hyper plugins
Currently, the plugins and themes that we list on the Hyper Store have a security model similar to npm. We offer for users visiting the Hyper Store to install plugins or themes that have been created by individuals not always related to ZEIT. These plugins and themes are submitted to this repo but the content comes from the npm registry. Due to the fact that the plugins and themes we list are not directly hosted by ZEIT, we can not guarantee that the underlying code of said plugins and themes will always be safe.
Though we can not guarantee safety from content not directly hosted by ZEIT, we are aware that npm has extensive security measures to prevent malicious activity.
Other than this, if you prefer, you can read the source code of each plugin/theme directly from the Hyper Store and evaluate its intent yourself. If you then determine that the current version of that plugin/theme is safe for usage, you can pin the plugin/theme to that version within your .hyper.js config file. Here's an example of doing that:
# .hyper.js
plugins: [
"hyperpower#0.2.2"
]The best thing to do would be to submit an issue on this repo. Include which plugin or theme contains malicious content, we will review it and take the necessary action.
Looking for information about how to create a plugin or theme? Take a look at the PLUGINS.md file in the Hyper repo.