[varenc]

Note that this extension is offered on GitHub, not the Chrome Extension store, so if you load it from source it'll never be updated unless you update the code.

I do this for any extension I give big permissions. Rather than installing it from the Chrome extension store, I just download its source and 'load unpacked extension' directly. This method is just a roundabout a way to disable Chrome extension updates. (and of course I'm still trusting the extension's code quite a bit, but at least I don't have to worry about it changing)

[userbinator]

and of course I'm still trusting the extension's code quite a bit, but at least I don't have to worry about it changing

You only need to examine and trust it once.

[varenc]

It's true, but for large extensions that make use of bundled 3rd party libraries, it's hard to examine the code to determine with very high confidence there's nothing malicious in it. I also tend to watch a new extension's network traffic, but of course it's not foolproof either.

[thenickdude]

I delete the third party libraries and replace them with my own clean checkouts.