Board Thread:News and Announcements/@comment-11733175-20150728100346/@comment-24473195-20150728114949

Cqm wrote: I don't think peer review is very likely here, mainly due to lack of activity. The other issue is complexity - I wouldn't expect anyone to understand how Less/code.2.js anymore than I understand ReferencePopups/code.js. Asking someone to devote time to learning the codebase/conventions of another user isn't realistic. The difference between developers and users is that developers are required to do code review as part of their job, and they know the codebase they're reviewing. Mere users are not.

Scripts such as AjaxRC are the exception to this rule, and are reviewed periodically before going live because of their high use on wikia. There aren't many other scripts that reach that level of usage, although it's highly difficult to prove usage on wikia anyway. I agree that it is unlikely here. But ultimately there's no other way. The recent vandalism was done in an obvious way, but it is quite easy to write malicious code in a way that is harder to detect. Assuming good faith, is all well and good for generic pages that won't do much more than simply show porn, nonsense or empty pages. But scripts can conceivably introduce viruses, expose users' private data, credit card data and so wreck people's computers.

Also, unlike a generic article in a mainspace of a wikia, admins don't necessarily know how to track or fix javascript errors on their own. When they import it from here, they somewhat trust that people here know what they are doing.

>Asking someone to devote time to learning the codebase/conventions of another user isn't realistic

That's true for huge scripts. But smaller scripts can easily be reviewed within a day or two. But like I said previously the fact that we don't have the numbers to account for the usage means that we may as well be wasting our time with things nobody uses.

Maybe an extension or script could be written that submits that information every once in a while.