It is. I've had several discussions with Marko Saric (co-founder of Plausible), and I doubt he'd've let this slide even if his co-founder was Mark Zuckerberg. The author of “Only 9% of visitors give GDPR consent to be tracked”[0] is hardly the sort of person to secretly track users in violation of the GDPR.
Which part of Plausible's source code[1] is doing the tracking, exactly?
Plausible is totally and absolutely GDPR compliant so there is no need for a GDPR consent dialog, which essentially asks for a permission to track the visitor itself personally. GDPR is all about identities.
However, most European countries (like my home Finland) have a law that requires a "milder" consent to be asked when the visitor's device information is being read for non-essential purposes. There's no way around this[1]. These local laws stem from the ePrivacy directive.
Which part of Plausible's source code[1] is doing the tracking, exactly?
[0]: https://markosaric.com/gdpr-consent/
[1]: https://github.com/plausible/analytics