Hi, I'm new to m2 and would like opinions on the security of installing extensions from outside of magento marketplace. Is there a risk?
Extensions in the Magento Marketplace have gone through code review and other quality control steps, conducted by Magento's team. In essence, in order for extensions to be published in the Magento Marketplace, they need to meet certain standards.
Since extensions not listed in the Magento Marketplace have not necessarily gone through any 3rd party independent review, you can hope that they're good quality, but you can't assume that it will always be the case.
Whenever possible, it's best to get extensions from the Magento Marketplace. If that's not possible, I'd recommend at least doing more research on the companies you're considering getting extensions from to see how reputable they are.
Hi @awesomecowboy
As @Robert Rand mentioned the extensions are reviewed before publishing on the the Marketplace. So the code quality of the extensions submitted on Marketplace is better compared to other extensions.
You may visit following urls
https://devdocs.magento.com/marketplace/sellers/submit-for-review.html
https://devdocs.magento.com/marketplace/sellers/code-validation.html
to know about the process.
Submitting extension to Magento Marketplace is the process of various tests and improvements until it is accepted. So basically, there is no way you would be accepted just after you submit.
Every extension goes through a lot before being listed there. Why would you consider buying an extension from one vendor from one place - Marketplace, but consider it being insecure when downloaded from the vendor's website (taking into consideration all of the precise tests this extension passes to get on Marketplace)?
There are plenty of great extensions there not submitted to Magento Marketplace for different reasons like - you may go through all of those long analyzing processes, but still receive nearly 50% of the original price because of the Magento Marketplace fees.
It actually isn't hard to determine whether the website is secure or not, there are a lot of trustworthy and reliable vendors.
Check out some Magento 2 Extensions