Other “marketplaces” (VS Code/VS plugins, browser extensions, Google Workplace extensions, you name it) have a Report button, and reports are always promptly acted upon with due diligence. Logseq Marketplace has a “buy me a coffee” button, which is highly valuable, as it’s a simple and straightforward way to support the developers of highly usable extensions. But please, please, please add a button to report a vulnerable plugin and institute a quick security review procedure. Logseq’s “privacy” focus, the feature that’s touted the loudest, currently goes out of the window as soon as a single plugin is installed from the loosely curated Marketplace.
Any issue calling out the plugin here, in Discord or in GitHub? I see that you have asked this on GitHub. but was wondering what is stopping you from mentioning the plugin name?
Welcome to the community and thank you for suggesting a “Report plugin” button @cy.kkm, I think that’s needed for sure.
As for the malicious plugin: can you please DM me or send an email to support@logseq.com with the name of the plugin and a link to its GitHub repo?
I’d be the initial contact for an issue like this, or @Charlie. We need to have a clearly documented process for this, and a reporting button would help a lot indeed.
Edit: We’re adding a “Report plugin” button to the Marketplace ASAP. I’ve also added a snipped to the README of the Marketplace repo (though a button will be crucial for end users, of course). Again, thank you for bringing this up @cy.kkm