Conversaciones » Comentarios y opiniones sobre Greasy Fork
External script code is frequently changed
Greasy Fork is not safer than Github. Both cannot review scripts before allowing them to be released, and both rely on reports to deal with malware.
If the use of CDN is prohibited, the author needs to copy the Github project to Greasy Fork. In this way, the author is easy to infringe copyright, and if the author adds malicious code, it will be harder for users to detect. It is better to allow the use of CDN.
External scripts need to follow some rules. Regarding the rules of minified, I said in another discussion (External script code is minified). I want to request the addition of another rule here. I hope the external script must specify a version. In this way, the code of the external script cannot be changed.
If the CDN link specifies the version of the file, the file cannot be changed and cannot become the latest version. You can look at this: https://www.jsdelivr.com/features
Let me give an example. jQuery is stored on npm and Github. Its CDN links are as follows.
- https://cdn.jsdelivr.net/npm/jquery@3.2.1/dist/jquery.min.js
- https://cdn.jsdelivr.net/gh/jquery/jquery@3.2.1/dist/jquery.min.js
I can't find the location of "jquery.min.js" on npm, but I can find the location of "jquery.min.js" on GitHub: https://github.com/jquery/jquery/blob/3.2.1/dist/jquery.min.js.
"3.2.1" it is the label (or nickname) of the branch "f71eeda0fac4ec1442e631e90ff0703a0fb4ac96" (or the commit "f71eeda0fac4ec1442e631e90ff0703a0fb4ac96"). Actually you can use the link https://cdn.jsdelivr.net/gh/jquery/jquery@f71eeda0fac4ec1442e631e90ff0703a0fb4ac96/dist/jquery.min.js.
So I think the code of "jquery.min.js" cannot be changed.
Greasy Fork's policy on external scripts
The above are the requirements for the website. Greasy Fork does not turn them into the requirements for scripts.
About "Even if someone were to check an external script and determine it to be legitimate, that would be no guarantee that that script always has been or always will be legitimate." and "Will not have their contents change frequently". The author can write the following code to use the latest version of the external script. If the author does not specify a version for the external script, the code is actually changed frequently.