The point is not whether its possible to transfer ownership of the code it's whether its possible to transfer it in a way that causes a user who agreed to trust Bob or Bobco inc to automatically end up trusting Crook or Crookco inc.
A buyer company or individual ought to have to create a different name and convince users to install/trust their extension if ownership is transferred instead of merely taking control of the existing name and having the next automatic update install malware.
Extension systems and language specific package managers on the overall have garbage security and are going to be a way bigger problem in the future. They are low hanging fruit.
Right, but if a user has trusted an extension by Bobco Inc, and Bobco becomes a wholly-owned subsidiary of Crookco Inc, then Crookco can put what they like into the trusted extension.
I suppose you could argue that when Facebook buys Instagram the Instagram app should be uninstalled from users' phones and all their accounts and posts deleted, because they didn't agree to trust Facebook or consent to the data being shared with Facebook. There's a certain logic to that, but it would be a big change to how the current tech ecosystem works.
A buyer company or individual ought to have to create a different name and convince users to install/trust their extension if ownership is transferred instead of merely taking control of the existing name and having the next automatic update install malware.
Extension systems and language specific package managers on the overall have garbage security and are going to be a way bigger problem in the future. They are low hanging fruit.