Your users don't have to use those extensions, so I don't understand how that's relevant? People who do, should be made aware of risks and that's it. This is not a good argument against taking away their option to have that customization.

▲

hvb2 5 hours ago | parent [-]

I'm having a hard time finding a thread where people don't complain about npm when the real issue is packages being compromised.

Swap packages for extensions in the above and let me know how that's different

	▲	ThunderSizzle 3 hours ago \| parent [-]
		But what's your argument? That phone-based extensions are more vulnerable somehow than desktop extensions? If anything, wouldn't a phone extension be more sandboxed than most desktop environments?