Just wanted to say a huge thankyou for being so patient in the forum; it's quite annoying that the comment section is a more a function of the title + personal opinions than a function of the blog content.
I love using obsidian, and thanks so much for all the work that you and the team have put in :)
Thank you! It means a lot <3
For what it's worth - and I know I'm being very critical of the plugin security model here - I also think Obsidian is very good, and am a paying customer.
Part of my frustration with this is that I've seen hobbyist video games with a more robust plugin security model than Obsidian's plugins. It's possible to do better than just "yolo, eval(github)", and I feel like it would thoroughly improve Obsidian for me, and apparently many others (judging by all these comments), if Obsidian invested in creating a secure plugin ecosystem rather than putting lipstick on the existing yolo plugin vortex.
Just because Obsidian is in JS, and JS has a terrible culture around package security, doesn't mean Obsidian needs to inherit and propagate that culture.