Skip to content

🐛 No reverse dependency check on plugin removal #232

Closed
#244
Closed
🐛 No reverse dependency check on plugin removal#232
#244
Labels
bugSomething isn't working
@Nlkomaru

Description

@Nlkomaru
Nlkomaru
opened on Mar 26, 2026

Summary

Location: paper/.../PluginLifecycleServiceImpl.kt (lines 196-252)

The remove(name) method performs no check for reverse dependencies. If Plugin A depends on Plugin B, removing Plugin B will leave Plugin A in a broken state.

The codebase already has getPluginsSyncingTo() in MpmConfigExtensions.kt which could be used for this check, but it's not called during removal.

Current flow:

  1. Load mpm.json
  2. Fire removal event
  3. Remove plugin from mpm.json
  4. Save file

Expected flow:

  1. Load mpm.json
  2. Check reverse dependencies (plugins depending on target)
  3. If dependents exist, block removal unless --force flag is provided
  4. Fire removal event
  5. Remove plugin from mpm.json
  6. Save file

Suggested Fix

Before removing a plugin, call getPluginsSyncingTo() or implement a reverse dependency check using DependencyAnalyzer. Without --force, refuse removal when other managed plugins depend on it.

Impact

  • Server administrators can accidentally break their server by removing a dependency

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions