How do I know if a community built plug in is safe?

Hey everyone,

I’m currently going through the bubble tutorials and I’m super excited to start building. As I’m browsing to see what plugins are available, I want to understand how would I know that a plugin is safe to use. That it doesn’t collect information or preform malicious activity in the back-end.
For example this ethereum blockchain plugin looks awesome and has over 500 app using it. But that’s all I can tell. How do I know it’s safe enough to use to send crypto?
Are plugins vetted by bubble or communities?

Just to be clear I haven’t noticed anything specific of this plugin, I haven’t even used it. This is just me being extra cautious if I were to build an app that moves crypto.

Perhaps an expert on the forum will share some advice on what to look for.

But as a non-coder, if I were building an app that touched anyone’s money or had sensitive client information, and I needed a third party plugin, to be safe I would be hiring a developer to examine the plugin (and my app).

Bubble does not vet third party plugins, so it’s buyer beware.

  1. Free plugins source is available for review
  2. Paid plugins are inspected by Bubble.

I agree with Ed there, all commercial plugins which you see in the plugin store, are checked over by Bubble but only so that they meet their own standards if you will, so we have to have demo pages, documentation etc and keys all in the right places, but I don’t think Bubble undertake any checks for malicious activity… well not that I’m aware of anyway but I could be wrong.

I’d say 90% of people on the Bubble forum are super friendly anyway and I personally haven’t come across any plugins that are like this. Reach out to the developer, see if they can advise etc. If they come back to you then great!

Of course, as Ed suggests, I’m sure there’s some dev chaps out there that will look over the code for you too.


Thank you all for the insight and explanations. :raised_hands:

As it’s been said above - better to ask some trusted devs to check the code. Especially if you are going to make crypto related project cause it’s a space full of scammers. For ethereum blockchain you need a solidity dev to check the code.

Also as I remember Zeroqode (one of the oldest company building on Bubble) has some blockchain related plugins.

P.S. I don’t know if everyone has the same problem but I can’t find pages for plugins from the screenshot. Nor in the marketplace by name, nor using plugin page link from “install new plugins” section.