denyIp plugins and plugins quality

I'm using the deny-Ip-plugin by kvncrw(kevtainer) to block acces to my systems from known scanners like censys.

It seems the maintainer has difficulties to publish it in a proper way so version 2.0.0 supporting ipv6 still didn't make it into the plugin store after months I looked for alternatives. and in fact there are some (in fact most look like a copy of the former plugin)

• Plugin (-> GitHub - intaacopilot/denyip: denyIP custom plugin)
• GitHub - intaacopilot/traefik-plugin-blockip
• block-ip
• ip-rules

but it seems most of them are not widely used and few look really fishy e.g. intaacopilot published 2 different plugins with 8+ versions within a week..so the question arises - is there some kind of quality control/code review for traefik plugins and can we trust plugins published in the store?

Great question. Following this & hoping for a good answer…

As far as I know there is no manual checking for malicious plugins. Just a few software requirements to be listed as plugin (doc).

From a technical perspective, the actual code for each plugin is stored and hosted in a public GitHub repository. Once a day, the Plugin Catalog polls GitHub to find repositories that match the criteria for a Traefik plugin and adds them.

You probably need to create a Traefik Github issue to get a response from the Traefik devs.