CAMP exists to answer one question with confidence: is the plugin you are about to install the same code its maintainer actually published? Here is how that guarantee is built.
Every published package is rebuilt deterministically from the maintainer’s tagged source and byte-compared. The hash match is public and anyone can reproduce it.
No registration to browse or install. Security warnings work by downloading the full advisory feed and matching locally — the archive never learns what your site runs.
The archive is a static file tree plus a public git index. A full mirror is one rsync job, and mirrors need no trust: clients verify content, not servers.
We index plugins from the public Moodle ecosystem and record where each one’s source lives.
For each release, we retrieve the exact package and the corresponding tag and commit from the maintainer’s repository.
The archived package is rebuilt and hash-compared against the public source. A match is what earns a plugin its verified trust tier.
Results are stored in an append-only ledger with timestamps and re-verified over time, so trust reflects the current state — not a one-off check.
Each tier answers one question: does it exist, is someone accountable for it, does the artifact provably match its public source, have humans read the code.
Found by the discovery scanner in the public ecosystem. Metadata only — no maintainer has claimed it yet, and nothing is hosted.
A maintainer has claimed ownership, declared a security contact and disclosure labels, and linked the canonical source repository.
The archived package was automatically confirmed to match the public source, byte for byte.
Verified and additionally reviewed by two independent members of the community review board.
Search the archive, filter by trust tier, and install with provenance you can check.
Browse the archive