How do you vet open source software if you don't know code well? (lemmy.cafe)

submitted 5 days ago by cm0002@lemmy.cafe to c/opensource@programming.dev

9 comments fedilink hide all child comments

There are oodles of neat and singular programs on github and similar. Curious what steps people take to vet for malware before downloading and trying stuff, especially if you’re not very familiar with the coding language it’s written in.

OQB @reallykindasorta@slrpnk.net

you are viewing a single comment's thread
view the rest of the comments

[-] SMillerNL@piefed.social 0 points 4 days ago

Not disagreeing with you, but since the author is asking about GitHub… the XZ GitHub didn’t actually have any malicious code. Only the website tarbal did.

this post was submitted on 17 Jan 2026

32 points (97.1% liked)

Opensource

4835 readers

126 users here now

A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!

Credits

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

⠀

founded 2 years ago

MODERATORS

pylapp@programming.dev