Cpy3 is in there. IT should be able to scan it and validate it is “OK”.
As to the nodes issue which is what the original conversation was about-
Dating myself “ACAD.VLX” was mere obfuscation… There is a likelihood - especially on GIT - to innocuously incorporate 3rd party libraries to support a project - finding out later that an added project contained trojans, malware, or other maleficence with complete access to systems behind firewalls after an update and compile.
The VLX was easy to spot - but I am unsure if Crowd Strike or other scanners would catch DLLs incorporated in packages behind our firewalls.
I understand the benefit of zero-touch, but we should be able to access the code VIA git or other resources to see the code in the background and compile fresh if need be. No one should be in the mindset to push the button that says “Run-me”, which is what effectively happens with these black-box nodes. Are the developers taking on risk and liability or is there an “as-is” disclaimer with every use or purchase? It is a risk, but I rather that be a calculated risk and have the opportunity to at least validate the code myself when incorporating it into a graph or routine.
I also have personal bias; Dynamo was meant to be an open platform for learning and exploration of coding and development to automate and expedite processes with macro-like code. Understanding how code works for those of us who code in Python is extremely helpful to be able to unwrap nodes and see what is going on under the hood and in many cases rework the base code. If everyone squirrels-away code- that learning is cut off at the knees.
Dynamo’s Security Vulnerability – BIM Extension goes over opening code from untrusted resouseces. Autodesk doesn’t have an official channel for trusted and untrusted- merely reputations on the forums for those creating and adding code and nodes.
Older discussions here: Custom packages - virus and malicous code risk? - #5 by Yna_Db
I understand a desire to monetize, but the risk can be great, weighing that against outright coding in the API in house or through a responsible/liable company is another matter.