Hello,
I came across a component in Forge that is marked as being developed by OutSystems Labs, and before using it, I would like to better understand what this label represents.
I would like to get some clarification on the following:
What exactly is OutSystems Labs?
Is this an official team within OutSystems?
Why are the libraries developed by OutSystems Labs not supported by OutSystems?
Are components developed by OutSystems Labs considered production-ready, or are they intended for testing and feedback purposes?
I am interested in downloading and using the Input_Autocomplete module (version 0.1.1), and would like to understand the level of support and stability I can expect from Labs components.
Thanks in advance for your help!
Best regards,
Hello.
You are mixing a few concepts.
What is "OutSystems Labs"?The name of the team that owns the component.
Is this an official OS team?It is a team of Forge developers by current and former OutSystems employees.
Why are the libraries developed by OutSystems Labs not supported by OutSystems?It means they are not part of the pack you get with the license. You are getting them from the community and have that support. They have years of existence and hundreds/thousands of downloads so you can trust., On this case, I will add they are the result of volunteer work by excellent professionals so you can trust even more, but unless they have the "OutSystems Supported" tag, they are not supported by OutSystems. I would say they are at the level of "Trusted" components as the team probably followed best practices.
Are components developed by OutSystems Labs considered production-ready? They are if version is 1 or above. The one on your print is 0.1.1 so I say that one is not officially ready although it is quite stable.
Thanks for your answer,
I see 42 downloads here. Not hundreds/thousands of downloads.
Am I looking in the right place?
So to summarize - OutSystems Labs are employees of OutSystems
who produce extension libraries for OutSystems.
Is it okay to use these libraries for security reasons?
Because they have not been tested and are in experimental stages.
I mean thousands in total by the team. Not the specific component. Because this is version 0.1.1, people don't hurry to install it.
A general advice is, unless they are Supported or Trusted, don't assume Forge components are safe.You can install them and open them to validate how they are done. You can even customize as you want. By adding security layers or removing actions you don't understand, you can make it better.
From a security standpoint, is it safer to avoid installing OutSystems Labs components entirely and instead review the component’s code and reimplement the needed logic manually within our applications?
Our goal is to avoid introducing unverified or unsupported code into our environments, while still benefiting from the ideas or logic shared via Labs. Please confirm whether this approach is preferable in terms of information security, and whether there are any recommended practices from OutSystems regarding this.
This is valid for any component:
You can install the component, clone it (to assure no accidental automatic updates will be done in the future), review it, test it, and decide if you want to use its logic.
Then delete only the original or both according with your findings.
From a community perspective, if you find any concern, report it to the team with as much detail as you can so everyone can get a improved version asap.