Hi everyone, I’m new to WaniKani and learning Japanese. When I discovered that WK has available API endpoints for use, I quickly went down the rabbit hole of the WaniKani Open Framework, as well as looking at some of the neat user scripts that are available.
My question is - is there any sort of process a userscript goes through to vet for malicious code? I think utilizing some of these would be super helpful, but while glossing over some source code, these userscripts can be thousands of lines of code. This raises some alarm bells for me, yet I realize that these are 3rd party programs, so I’m sure it’s a “use at your own risk” type of deal.
Just wanted to know if the community has some sort of tag that shows someone has gone through and reviewed a userscript! Might help lower some of those alarm in my head
Not as far as I know. I imagine the “code is publicly readable” would mostly discourage shenanigans - even if you aren’t knowledgeable enough to check yourself, you can do a cursory search on the forum for mentions - someone would surely raise holy hell if one of the more popular ones got up to no good. I imagine if it was egregious enough the user might get banned, but the script would still be out there. Wanikani doesn’t and can’t really control what’s available.
But ultimately, that “thousand sets of eyes” factor is the only thing.
It’s best to consider user scripts as unvetted and pay attention to things like permissions granted. A lot of them are developed by people who are regulars here, so there’s sort of a community trust, and sometimes user script authors look at each other’s code for e.g. making temporary bugfixes while the original author is away, but I would not assume anyone other than the author has looked at a given userscript.
I’m EXACTLY the same when it comes to downloading ANYTHING from the internet, so I struggled my first year on WK by not using ANY user scripts!
But after butting heads for about a year with making silly typos and getting my answers ‘wrong’ even though I knew the correct answers, I finally installed double-check and self-study quiz (both by @rfindley).
I’ve been using these for about a year now and haven’t had ANY issues with ‘mysterious’ happenings on my PC. Also, Double-check has had over 30,000 downloads and Self-study quiz over 15,000 downloads. With ALL these people using these scripts for years before I used them, I felt ‘safe’ enough to do it and I’m GLAD I did!
Just something to consider while you ponder your decision
There is no vetting. If you’re a developer, you can read the source code, and most of them are on GitHub (including mine). In other words, it’s up to you to vet the scripts.
