Closing Fivem's source code. #4041
BetterCallFivem
started this conversation in
Engineering Discussion
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
I’m opening this topic because I think Cfx.re needs to seriously reconsider whether FiveM’s core source code should remain fully public in its current form.
Right now, the public repository has more than 600 open issues and over 170 open pull requests. That is not a healthy open-source workflow anymore. I understand that not every issue is valid, not every pull request is mergeable, and not every community contribution deserves immediate attention. But at some point, the question has to be asked:
What is the point of being open source if the community can barely contribute, security-relevant reports pile up, pull requests sit around, and the public codebase becomes more useful to exploit developers than to legitimate contributors?
FiveM is not a small hobby project anymore. It is the backbone of thousands of servers, communities, businesses, and development teams. When that ecosystem depends on a public codebase that is not being maintained at the same speed as the threats targeting it, openness stops looking like transparency and starts looking like free reconnaissance for cheaters.
The current situation is simple: cheaters can study the codebase, identify weak points, abuse issues before they are patched, and continue damaging servers while legitimate developers and server owners are left waiting. Meanwhile, HWID spoofers and CFX ban bypass tools are being openly sold for pocket change. People are not just cheating anymore; they are industrializing the process.
This is not sustainable.
I’m not saying “delete open source” blindly. But FiveM clearly needs a different model. Sensitive client-side, anti-cheat, networking, identity, ban enforcement, and exploit-prone components should not be exposed the same way as documentation, tooling, natives, or general framework code. A hybrid model would make far more sense, keep the parts that benefit legitimate developers open, but close or restrict the parts that mainly help attackers.
Because right now, the balance is wrong.
Open source is supposed to empower the community. In FiveM’s case, it increasingly feels like the community is being asked to carry the damage while cheaters enjoy the access.
If Cfx.re wants FiveM to remain credible long-term, then this needs to be addressed seriously; either improve the review/security response pipeline massively, or stop giving attackers a public map of the platform’s weak points.
Do better.
Beta Was this translation helpful? Give feedback.
All reactions