How to make a Godot game moddable?

+3 votes

In the sense of really moddable (being able to add new things). There are 3 options to export for Windows; .exe, .exe + .pck, .exe + .zip. Which would be the best to ease modding and what are other tips to make your game moddable using Godot?

in Engine by (1,119 points)

2 Answers

0 votes

Unfortunately, proper modding support in a game is very hard to do, and depends a lot on the game.

If you want users to be able to add their own content, they will need to be able to add code in some way. This is currently not possible to do in Godot in a safe way (exposing GDScript can lead to a lot of security issues).

If you use .exe + .zip, this makes asset modding possible for non-imported resources, but due to Godot's import system, it is much less trivial for users to modify imported resources. Again, this can be pretty insecure too.

by (12,714 points)

Can't modders use load_resource_pack to add new content to my game? They'll develop mods in Godot, pack them and write the name of their .pck in a .txt file of the .pck's my game will load, wouldn't that work?

by (1,119 points)
edited by

That would work, for sure... as long as the game is compatible and you trust everything it contains before opening it (like your own... but others?).
Nothing will prevent them from breaking the game if they are able to develop such packs. You should decide where you want the "Line" to be between your responsibility as the game developer and responsibility of modders regarding security of others.
If I were to make a moddable game I would probably make a completely new modding environment rather than just reusing Godot's system. I know it sounds easy, but because it's easy, it puts modders at the same level of "power" as you... without being developpers of the game and having none of your responsibilities. That's why I prefer to decide myself with a custom system IMHO, which might even end up being simpler to use for the game than throwing Godot at modders :p
Sandboxing is also a solution but can be really cumbersome to implement all edge cases.
But it depends on the game, and how you want it released. There is already a big difference between a paid game on Steam and an open-source free game.

by (29,034 points)
edited by

Well, it'll be a paid game. Security is not my concern (in a community like Nexus, you really just download something bad if you want), but the capabilities of modders. Since my game is a roguelike, a large part of it is it's replay value, and mods add a lot to that.

But in a real case scenario, how much damage could Godot make?

by (1,119 points)

I'm with Zylann on the idea of making an editor, also defining clear "moddable" parts, that will be better for you and the end users.
AND making a mod manager that does another verification before loading the mods, just to be safe.

If it will be a paid game, security should be a concern (you don't want angry customers unless you can cover the costs for any damage).

by (7,922 points)

Can you tell me if Godot is capable of harmful actions towards the OS? i.e Is it possible to create a virus with Godot?

Otherwise, I don't think the developer should be held responsible for user-made non-official mods, even if they break the game or corrupt save files, that's just what you have to accept when you mod any game (Skyrim for example).

by (1,119 points)

A program made with Godot, Unity, MS Word, can do harmful actions if you allow the execution of arbitrary code.

by (7,922 points)
0 votes

How about using a Lua VM from GDNative ?
Is it practical ?

by (14 points)
Welcome to Godot Engine Q&A, where you can ask questions and receive answers from other members of the community.

Please make sure to read Frequently asked questions and How to use this Q&A? before posting your first questions.
Social login is currently unavailable. If you've previously logged in with a Facebook or GitHub account, use the I forgot my password link in the login box to set a password for your account. If you still can't access your account, send an email to [email protected] with your username.