> it's also why Chrome cracked down on extension APIs recently by restricting what is shared with the extension
It'd be nice if they had 'trusted devs' or similar. Even if they provided a paid meatbag extension review service, I'd pay to get the plugins I use reviewed!
That's an interesting idea. I, too, would happily contribute to a funding pool to have a competent human analyze the extensions that I'm using. One would expect this to (loosely) allocate money to checking the extensions that are most used, so the ecosystem would benefit even for people who weren't contributing.
Very nice idea. As an ISV with a freemium open-source extension, I would happily pay for an official security review that I could present to our users. Our extension is secure by design but having a 3rd-party expert (e. g. Google or Firefox reviewer) confirm this and get a "Reviewed" badge would be great. The drawback is that this could slow down extension updates, as you do not want to loose this badge with the next update. But that is manageable.
It'd be nice if they had 'trusted devs' or similar. Even if they provided a paid meatbag extension review service, I'd pay to get the plugins I use reviewed!