this post was submitted on 17 Jan 2026
23 points (96.0% liked)

Opensource

4817 readers
100 users here now

A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!

CreditsIcon base by Lorc under CC BY 3.0 with modifications to add a gradient


founded 2 years ago
MODERATORS
pylapp@programming.dev
23
How do you vet open source software if you don't know code well? (lemmy.cafe)
submitted 2 days ago by cm0002@lemmy.cafe to c/opensource@programming.dev
8 comments fedilink hide all child comments
 

There are oodles of neat and singular programs on github and similar. Curious what steps people take to vet for malware before downloading and trying stuff, especially if you’re not very familiar with the coding language it’s written in.

OQB @reallykindasorta@slrpnk.net

you are viewing a single comment's thread
view the rest of the comments
[–] treadful@lemmy.zip 13 points 1 day ago* (last edited 1 day ago)

There's not a ton you can do, but you can look out for indicators of a healthy project.

A good sign is if the repo has a lot of different contributors. If something has hundreds or thousands of contributors, there's more eyes on it to catch something malicious. Also other activity as well, like bug reports demonstrates a strong user base, which is like crowdsourcing trust.

Another thing is, if your distro packages it in one of their main repos that's a reasonable indicator that you can trust it. Def not 100% but when you don't have a lot to go on, it's something.

Any other tips I think I have are more technical.