The Verified By Homebridge program allows plugin developers to get their plugins reviewed and endorsed by the Homebridge project team.
The Homebridge project team will check that your plugin meets the following criteria:
These verification requirements were last updated on 2023-12-08. Existing verified plugins will have met the requirements at the time of verification, and not necessarily the current requirements.
If you would like your plugin verified, please open an issue on this repository and fill in the template. The Homebridge project team will then review your plugin and provide constructive feedback if required.
If you feel that your plugin should replace the verification status of an existing plugin, let us know and this will be dealt with on an individual basis.
If you need assistance meeting the verification requirements, please reach out on the Homebridge Discord.
Once your plugin has been verified you will remain in full control of the GitHub repository and npm package. Your plugin will appear on the 'Verified By Homebridge' plugin list and the 'Verified' badge will appear next to your plugin when the next update to the Homebridge UI is published.
You may optionally add one of the Verified By Homebridge badges to your plugin's README:
[![verified-by-homebridge](https://badgen.net/badge/homebridge/verified/purple)](https://github.com/homebridge/homebridge/wiki/Verified-Plugins)
[![verified-by-homebridge](https://img.shields.io/badge/homebridge-verified-blueviolet?color=%23491F59&style=for-the-badge&logoColor=%23FFFFFF&logo=homebridge)](https://github.com/homebridge/homebridge/wiki/Verified-Plugins)
If you decide you no longer wish to maintain your plugin, please reach out to the Homebridge team on the Homebridge Discord. We can assist in finding a new owner, or take over the repository until a new maintainer can be found.
Your plugin may be subject to another review or be removed from the verification list when deemed necessary by the Homebridge team - this could be (but not limited to) the following scenarios:
We will generally do our best to contact existing developers of plugins before removing verification status. However, we may immediately remove verification status in the following (but not limited to) the following scenarios:
The purpose of this is to help make the plugin installation process faster and more reliable for verified plugins.
Homebridge plugins are published and distributed to the NPM registry and installed using the npm
cli tool.
While npm
works for the most part, later versions have become increasingly resource hungry and prone to failure on low powered devices with limited RAM and slow disk I/O (such as a Raspberry Pi).
When using npm
to install a plugin, it has to individually fetch the metadata, and download, verify and extract the tarball for every dependency a plugin has. This can result in hundreds of HTTP requests every time a plugin is installed or updated. An error during any of these operations will often result in the plugin failing to install or update.
This project pre-bundles verified plugins, making them available to download, with all their dependencies, in a single tarball. Additionally, a SHA256 sum of the tarball is available so the integrity of the bundle can be verified after being downloaded to the user's system.
A plugin installed via a bundle from this repo can be downloaded and installed in seconds, compared the minutes it might take for some plugins on the same hardware.
Every 30 minutes, a job is executed using GitHub Actions to check for updates made to any verified Homebridge plugins.
Plugins that require updates are then:
npm
in a clean work directory, post install scripts are disabled;.tar.gz
bundle is created for the plugin, including all it's dependencies;.sha256
checksum file is generated for the bundle;The two most recent versions of a plugin are retained in the Homebridge Plugin Repo, older versions are purged automatically.
Bundles are only used on certain systems:
When a user requests a plugin to be installed or updated via the Homebridge UI the following workflow is executed:
.sha256
checksum for the bundle.tar.gz
tarballnpm rebuild
in the plugin's root directory to have any post install scripts executed locallypackage.json
with the plugin and it's versionIf the extraction, or npm rebuild
steps fail, the old version of the plugin will be restored.
If at any step, the process fails, the Homebridge UI will fall back to using npm
to complete the installation.
This project may impact the download stats for plugins provided by the NPM registry.
As such download stats are available via the download-statistics.json file. This file contains the total downloads from this repo for each verified plugin, as well as the download count for each version (including old versions that have been purged).
The download-statistics.json
file is updated every 30 minutes.
If you are accessing the file programmatically, you will need add a nonce
query string to the URL to prevent it being redirected to an older (deleted) version of the file. E.g. /download-statistics.json?nonce=1657193776
.
All verified Homebridge plugins are automatically included.
The plugin will be installed directly from the NPM registry instead.
Create a pull request adding your plugin's name to the pluginFilter: string[]
array in the src/plugin-tarballs/index.ts file.
The #plugin-development channel in the official Homebridge Discord server is where Homebridge plugin developers can get tips and advice from other developers and the Homebridge project team.
Copyright (C) 2022-2024 oznu
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.