How do you vet open source software if you don't know code well? (lemmy.cafe)

submitted 5 days ago by cm0002@lemmy.cafe to c/opensource@programming.dev

9 comments fedilink hide all child comments

There are oodles of neat and singular programs on github and similar. Curious what steps people take to vet for malware before downloading and trying stuff, especially if you’re not very familiar with the coding language it’s written in.

OQB @reallykindasorta@slrpnk.net

you are viewing a single comment's thread
view the rest of the comments

[-] jimmy90@lemmy.world 4 points 4 days ago* (last edited 4 days ago)

this is a small-ish problem with FOSS that doen't have an easy solution. the open source supply chain of code, libraries, tools and apps needs constant peer review, validation and enforcement

i think the tech behind NixOS will go some way to automating this but a coordinated human collaborative effort will be required too

dare i say it even AI might be able to lend a hand

this post was submitted on 17 Jan 2026

32 points (97.1% liked)

Opensource

4835 readers

126 users here now

A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!

Credits

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

⠀

founded 2 years ago

MODERATORS

pylapp@programming.dev