threadtear VS bytecode-viewer

If you're very paranoid, Threadtear does have some amount of protection against potential code execution when decompiling, although it hasn't been updated in a while and it's still always a risk (albeit one I never personally encountered). If you suspect that the file you want to decompile does have a way to execute code when decompiling it, you could try using a virtual machine for some added protection.

I used recaf for the plugin.yml, I used deobfuscator to remove the obfuscation, then I used threadtear for decompilation. I use threadtear pretty much always, but it's allatori deobfuscation is somewhat lacking which is why I used a separate program. Also it does not show resources in the jar, which is why I had to use recaf.

learn java then get https://github.com/GraxCode/threadtear read all files be weary if its obfuscated

I think they forgot to google translate the disadvantages of JEB Decompiler

I haven't used JEB to comment, but I've gotten a lot of mileage out of https://github.com/pxb1988/dex2jar#readme and then feed the normal Java jars it produces into https://github.com/mstrobel/procyon#readme and (of course) one shouldn't overlook picking your favorite tool for dealing with AndroidManifest.xml which often has fun things hiding in it

While digging up those links, I was reminded that some folks enjoy https://github.com/Konloch/bytecode-viewer#is-there-a-demo because it can be easier to "try out" a few of the decompilation engines, but I don't use it because it's hard to do batch things with it, versus dex2jar into procyon is automation friendly

Here's a good tool for inspecting the bytecode of applications, with built in decompiler support: https://github.com/Konloch/bytecode-viewer

If you're curious what anything (Lombok or otherwise) compiles to, JVM bytecode is much simpler than the kinds C/C++ compiles to. It's fairly readable even with the JDK disassembler javap. There are also various community disassemblers and decompilers that provide nicer output than javap. I use https://github.com/Konloch/bytecode-viewer, which is a GUI frontend for several. If one decompiler doesn't handle a class well, another usually does.

I use Bytecode Viewer, https://github.com/Konloch/bytecode-viewer with Dark Mode.

if you do use this plugin i'd recommend also using https://bytecodeviewer.com/ to check the supposed malicious lines of code.

Take a look at tools like this one to get an idea of what you can actually get: https://bytecodeviewer.com/

Also, you can always install the latest release and then put it through a Java decompiler to get the complete source code. It might have some errors since decompilers aren't perfect, but will give you a more complete source code than anything I can legally provide.