[metadat]

It would be interesting if you could easily install browser extensions via a source repository URL (e.g. GitHub, or any git URL), then at least there would be more transparency about who/what you are trusting by installing it. Blindly trusting a mostly anonymous chrome store "install" button seems insane, since they don't do any significant policing. Wasn't the promise of safety one of the primary reasons Google started the chrome store?

[econ]

Like user.script/grease monkey. It use to be that you could publish a reasonably large script and someone would review it. Even better was to start out simple then gradually update it so that existing users can continue reviewing by looking at the changes.

I think the permission system should be much more complicated so that the user gets a prompt that explains what is needed and why.

Furthermore there should be [paid] independent reviewers to sign off on extensions. This adds a lot of credibility, specially to a first time publication without users. That would also give app stores someone to talk to before deleting something. Nefarious actors working for app stores can have their credibility questioned.