[zulln]

In general I would agree, but the source code is so short here that you would be able to glance through it first to confirm nothing sketchy is going on there: https://github.com/jparise/chrome-utm-stripper/blob/master/b...

[always_good]

Are you going to notice and reinspect every invisible OTA update?

It's a perfectly valid concern when you install a plugin. We just don't care because most people are trustworthy.

But for example there's a market for selling your browser addon to someone that wants to do this.

[RIMR]

You're basically arguing that open source isn't really open because you don't have the time to inspect every commit...

If you build this from source, you'll have proof of any malice by the developer.

[zulln]

This of course assumed you installed it directly from Github as that is the code you reviewed. Otherwise, yes, that is a valid concern.

[Chisnet]

Except that if you install the add-on from the store it will auto-update with any changes (assuming they pass approval) and you likely wouldn't notice unless permissions are changed.