|
|
|
|
|
|
by nickjj
123 days ago
|
|
|
> How do you check that the open sourced code is the same one that you are installing from the extension repository and actually running? Extensions are local files on disk. After installing it, you can audit it locally. I don't know about all operating systems but on Linux they are stored as .xpi files which are zip files. You can unzip it. On my machine they are installed to $HOME/.mozilla/firefox/52xz2p7e.default-release/extensions but I think that string in the middle could be different for everyone. Diffing it vs what's released in its open source repo would be a quick way to see if anything has been adjusted. |
|
|