As of now checking if the server and the client side of a jmod are actually consistent is pretty weak. There is some comparing of versions, but that's it. Just edit your mod.json, change version and you can use whatever code you want client side, regardless of what the server does. This will, in most cases, result in crashes, but actually opens up avenue to implement exploits. Same goes for plugins.
As of now checking if the server and the client side of a jmod are actually consistent is pretty weak. There is some comparing of versions, but that's it. Just edit your mod.json, change version and you can use whatever code you want client side, regardless of what the server does. This will, in most cases, result in crashes, but actually opens up avenue to implement exploits. Same goes for plugins.
There needs to be some security code that: