Networking Domains

This question is based on a few pieces of info/assumptions:

  1. Functions can be marked as client functions on the server side and executed on the client by running them on the server side as explained on the wiki
  2. Ability to use our own Nuget Packages on the server side for things such as ORM Frameworks etc.
  3. Nuget Packages should not be allowed on the client side.

With all these assumptions(some might be wrong but this is, from what I’ve gathered, true) the question is this:

Will there be multiple different assemblies for different domains of code, ie a server assembly, a shared assembly and a client assembly(possibly the client assembly and the shared is combined since they both can’t use nuget packages) or is there something I’m missing?


Regarding your assumptions:

Server has a whitelist by default which server owners would have to turn off in order to be able to use most NuGet packages. ORMs like Entity Framework Core use a lot of unsafe code which would never be allowed in a sandboxed environment.

Will there be multiple different assemblies for different domains of code, ie a server assembly, a shared assembly and a client assembly(possibly the client assembly and the shared is combined since they both can’t use nuget packages) or is there something I’m missing?

(readable part refers to obfuscated assemblies)

Based on this I assume you can just push arbitrary assemblies from server, which actually might include NuGet packages despite garry not support this. However because of the restrictions most NuGet packages would not work.


No - the server and client run the exact same code from the exact same compile.

You can do checks at runtime such as if ( Host.IsClient ) etc, but we don’t allow compile time checks like #ifdef CLIENT. This is a conscious decision because we did that for Rust and have regretted it.

It makes sense for servers to want to hide sections of their code though, or at least to not send them to the client… so I imagine this will change.


I love how you guys take a lot of the struggles from rust development & attempt to cull them for S&box. Super excited.


Having a server-side only assembly seems pretty essential to me considering the fact that alot of gamemodes/servers need database access etc and would like access to great libraries already out there. I’m very hopeful for the future and very hyped.


Is there an update on how serverside only code will work? Writing some server-side code for a future S&box gamemode and want to know what to expect.


All code is shared between the client and server. Garry has shown no plans to exclude server code from the plain-text binary that the client receives meaning there is no source code protection.

As far as anything that NEEDS to be serverside like a database connection, you would simply use a method for reading from a config file and that config file will simply never be sent to clients as well as the DB connect code being in a “if SERVER” kind of wrapping. If you hard-code your DB connection like a noob that’s your own problem. There ARE creative solutions around the fully exposed code problem as well as he has said you can do anything you want on the server including running other external libraries, nuget, etc. as long as they’re not required on the client-side.



Well he is right that there is no source code protection right now, garry said he’s going to fix it but we don’t know whether we’ll have it before release or not.

I kinda feel like that’s a super important thing to have before release though, so I wouldn’t be surprised if we got it before then. Else nobody’s gonna want to work on private content.

I’m sure the first months will be like the wild west, it’s going to be fixed before the public release. (Hopefully!!!)


If there is no protection in place, zero communities/developers are going to want to use S&box as a development platform. If you can literally connect and download an entires server’s codebase.

What? It’s quite the opposite; open source software is the big thing right now. I’m quite sure a bunch of developers making things for s&box will even host their code on the open sharing platform called GitHub. Even companies like Microsoft allow anyone to look at and copy their code…

Open source is great if you have the choice, That’s like saying it’s okay for be to rob a grocery store just because someone gave out food for free. You’re telling me communities like Monolith, Superior Servers, Gmod Tower are just going to go “yeah i wanna invest time, money and effort into creating something for a random user to take everything and claim it as their own”.


You can infinitely duplicate source code, so people taking my open source code doesn’t exactly line up with stealing vegetables from your local grocers.

As for people taking your work and credit, that’s exactly what licenses prevent. I’d somebody takes any code on my GitHub, I just dcma their servers for using my work without permission.

Just look at any creative profession, art and music is easily copied and redistributed, but that does not make it legally the distributor’s.

Another thing you’re forgetting is that the most valued thing with software on a commercial side is actually the support. Take ServerGuard for example; it’s super easy to get a working copy without paying for it, but many server owners still buy it because they can get assistance from the developer when something goes wrong.

They won’t care about credit, and I doubt sending them DMCA takedown works most of the time (if they’re in a country that basically doesn’t have any fuck to give for example). They just want content for their shitty addon flip servers.


It does line up: “If someone offers something similar for free, that means I can steal something private”. There’s a massive difference between someone recreating, and someone decompiling and rehosting it.

As for licenses, yeah they are nice, but nothing is preventing someone from hosting in a territory that does not abide by DMCA. The people who are going to connect to a server and steal everything sent aren’t going to stop if they see a license, they are allready acting in bad faith.

Yes, every creative field has to deal with this, you sadly need to assume that anything sent to the client is not yours anymore, at least in gmod in respect to maps/models/textures.

But sending the entire compiled codebase is insane, allowing someone to download the backend seems really, really stupid.


That’s the part I really want to see “fixed” before release, I’m sure it’ll be though.

1 Like

Yeah, honestly, If this is not changed it will drastically affect the number of developers willing to give their time to creating things/switch from gmod. This will end up being a huge catch 22 when trying to attract developers/players.

1 Like

I don’t think you guys understand that nobody is going to create anything original in s&box so who cares if someone steals ‘your code’ because everyone is only interested in recreating ttt, prop hunt, gmod tower, zombie survival, star wars rp, dark rp, etc. The list goes on and on of recreations to ‘gold rush’ making money off of things people historically already liked because it’s so much easier and lazier than using a brain and creating something unique and original.

So don’t worry about some 12 year old stealing your precious ripoff code.

1 Like