[lajawfe]

Is it possible to validate what I am running in browser is an unaltered version of what is there in Github?

Otherwise, I will have to trust the package author to not be malicious.

Another option might be to personally package and sideload the extension which I don't know how.

[renewiltord]

Yes, that's what I meant! It's very easy to sideload.

https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Web....

[bovine3dom]

Tridactyl exists in the Arch community repos [1] if you would rather use that; you're effectively shifting your trust to an Arch trusted user away from some random person (me) and Mozilla.

[1]: https://www.archlinux.org/packages/community/any/firefox-tri...