It’s rather quite simple, the client-side modifications would have to be written in a scripting language like lua. Then you’d have one modification that handles the execution of said scripts. This one mod would also handle the downloading, extracting and loading of the scripts.
Why a scripting language?
It’s rather quite straight forward, the ‘script loader’ could restrict what can be executed.
I’d like to hear people’s thoughts on this, so please discuss.
Or maybe a very limited custom JVM?
Would my method not be less complicated?
Or just nashorn – that’s built into java already. With a mvn/gradle plugin that would compile a small jar with the necessary glue classes and the JS files, it would probably work
They use lua for elderscrolls online addons. Sounds like a good idea. But as well I see Ryantheallmighty in IRC afaik he is a lead over at AT Launcher. Maybe offer sponge as a server choice? At is great for getting/managing modpacks!
JSON and png files. Json includes item, block or entity type, actions (damage/blast resistance/ect) and the png file being sent.
Also some kind of format for custom block or items or entity models.
However I find the embedded scripting language idea interesting. It is possible to restrict the available classes in Nashorn with ClassFilter, but it is not available for Java 8 (so a Sponge client would have to bundle Java 8). I would argue that Groovy is nicer because it is already used for gradle and is similar enough to Java. It is possible to use a sandbox with it as well.
However, most likely if we do get to making a Sponge client API before custom GUIs and custom blocks/item IDs (which are pretty much the only things remaining, everything else like custom models for items and blocks are there) it will look like the current resource packs, with JSON and png files and everything else handled by the server. I don’t see much point for an embeddable scripting language for 95% of use cases.
But what if the client handled the whole download portion of the process. The server merely tells the client which mods its running (hmm which forge does anyway if youre missing them/have mismatched versions) then the client downloads the mod from the official source. Instead of the server sending the files. In this manner it is no less secure than manually finding the threads/curse links in your browser and manually installing them!
Still allows for the downloading of malicious mods.
From who? The mod author?
The mod author and sites. Curse, IIRC, doesn’t check mods.
I still think scripting would be a better option as the things servers would need the client to execute shouldn’t really be anything to complicated, maybe just some interfaces for the user, etc…