[snthd]

.xpis are just zip files.

You can literally just save them from addons.mozilla.org and look inside - it's js so it's not compiled, and obfuscated code is against Mozilla policy.

Automatic updates are optional too.

Microsoft Application Inspector might be handy for some superficial profiling - https://github.com/microsoft/ApplicationInspector

[ReverseCold]

> obfuscated code is against Mozilla policy

You can submit obfuscated code as long as you also upload non-obfuscated code to Mozilla. Not sure if that separate code upload is public or not...

[dessant]

Obfuscated code is not allowed on any of the browser extension stores. Mozilla requires the attachment of the original source code if you use a bundler such as webpack, or if the code is minified.

Only reviewers have access to the source code, unless you configure the listing to make the code public.