[jvehent]

I hate gigantic URLs, but not as much as I hate extensions that want to access my data for all websites.

[lstamour]

Grab the source code, review it for AJAX or DOM manipulations and install it via Developer mode? Also, set reminders to review diffs and update it as new releases occur...

[drusepth]

That seems like a lot of work for an extension that just makes URLs prettier.

[commoner]

Most users of this extension install it because it nullifies some forms of browser tracking, not because it makes URLs prettier.

I've shared instructions for inspecting the source code of a Firefox add-on elsewhere in this discussion:

https://news.ycombinator.com/item?id=22388603

WebExtensions like Neat URL continue to work even if you don't update it. You only have to inspect the extension code once (no developer mode needed) if you are skeptical, and you don't have to update it if you don't want to.

[lstamour]

The paranoid in me says there’s no point in installing the web store version unless you download and inspect /it/. The source code published isn’t necessarily the version distributed, though obviously injecting code in the CI pipeline would be... excessive. This goes back to the trusting trust problem. https://www.schneier.com/blog/archives/2006/01/countering_tr... If someone managed to skip an exploit into a release of webpack, well, there goes the Internet ;-)