I was wondering if there was a way to view the code behind custom activities? I would like to use some packages that have been created and posted to Go!, but I need to ensure that the code behind it meets our security standards. Any insight would be appreciated, perhaps someone knows how to convert the .nupkg package to readable code?
After reading your post I tried unzipping the nuget package and I was able to see the DLL’s that are in the custom package, So DLL contains machine code/byte code as .NET run-time supports more than 60 languages , I don’t think we can convert them to the original language in which the code was return how ever third party tools are available to decrypt the code to c# and VB but I dont know how reliable will be the code, and You have to obey the Nuget pacakage license before you do any thing with the code or DLL. I think they are distributed as to use. unless specified like open source license.
You can use a decompiler such as dotPeek (dotPeek: Free .NET Decompiler & Assembly Browser by JetBrains) in order to look at the code behind the Go! component DLLs. Additionally, if it is licensed with an open source license on Go! (Apache, GPL, or MIT) the source code should be available online for your review.
Depending on the license and the one that uploaded the package, activities from UiPath Studio can contain the code/flowchart (the entire project in fact, including all subfolders).
For other where code is compiled without the source, the best approach would be to ask for the source project.
I think UiPath doesn’t allow reverse engineering / decompiling of their activities, thus it might be an infringments of doing it, I don’t exactly know how everything is compiled when working with “True” Custom Activity.
Just decompiling the actual UiPath studio and robot executor for educational purposes and getting a better understanding of the product shouldn’t be an issue. Using that decompiled code or using UiPaths utility DLLs in other ways is definitely barred.
@WhenCutEsh when I downloaded it from the Go! website, it downloaded as a .nupkg file type. How did you download it to zip or where did you download it from is maybe a better question?
@Joseph_Iaquinto would you happen to know how to view code that’s licensed by MIT? I tried to search for it and didn’t find anything that leads me to it.
@loganshea I had my own package and even I tried on a UiPath Package , I have a 7ZIP software using that I just Extracted the .nupkg
@Smixi Surely they would allow it for custom activity packages that aren’t sponsored or vetted by them at all, otherwise, there’s no way to really know what the package we’ve downloaded does upon running it or even just the download itself.
The MIT License doesn’t require source code disclosure. You’d probably be best off analyzing the decompiled source you can find in the nuget package. Check the Nuget page for the package you’re downloading to see if there is a source code repository linked. Otherwise just download the package and follow what @WhenCutEsh has described for unzipping and running it through dotPeek.