I'm a software developer deciding on which script-manager to use in Chrome. I'm deciding between Tampermonkey and Violentmonkey.
I like that Violentmonkey is open source, however I found this concerning set of comments on Reddit about it:
1) https://www.reddit.com/r/firefox/comments/9uemks/greasemonkey_tampermonkey_violentmonkey_which_one/e94s96j/
2) https://www.reddit.com/r/firefox/comments/9uemks/greasemonkey_tampermonkey_violentmonkey_which_one/ehgky9a/
The user claims that the Violentmonkey extension was not just minified when uploaded to AMO -- but actually obfuscated. (variable name substitution, etc. unrelated to code file-size)
Is this true? If so, like the commenter, I don't understand why this would be so for an open source extension; the source code is apparently available, so what would one gain by obfuscating the code beyond what a minifier does?
Hoping the user was mistaken; but if not, I seek an explanation of it.
Everything is generated with yarn build. You can build it by yourself on your own computer.
The AMO reviewers make sure that the code generated by them is exactly the same as that submitted by us, otherwise the add-on will be rejected.
All the minified and mangled (if that's what you mean by obfuscating) code is generated by Webpack and its official plugin TerserWebpackPlugin, just to make the file size smaller. Replacing long variable names / function names to smaller meaningless ones is just a very common way to achieve this.
This is just normal web application workflow! It's 2019, and this is done all over the world in web applications! Have you guys ever heard of Webpack? ES6? It's ridiculous that people concern about this.
If you don't believe us anyway, you can always build your own version with a simple yarn build.
Haha, sorry for the alarm. I'm also a web developer, so am aware of the process of minification and mangling (Webpack, es6, typescript, babel). The commenter appeared to be saying that not only was the code minified/mangled, but also obfuscated. (ie. beyond file-size reasons)
I figured the commenter was mistaken, but I created this issue to confirm that was the case. Perhaps I should have explained this in a less alarming way -- apologies!
Anyway, good to hear that the addon doesn't have an additional obfuscation pass, as that would be odd indeed. I'd reply to the Reddit thread with your response to explain the confusion, but unfortunately the six month cutoff appears to have been passed.
Glad that you understand it. 馃榿
I think some people may have the prejudice due to an improper privacy policy generated from a template earlier.
Most helpful comment
Everything is generated with
yarn build. You can build it by yourself on your own computer.The AMO reviewers make sure that the code generated by them is exactly the same as that submitted by us, otherwise the add-on will be rejected.
All the minified and mangled (if that's what you mean by obfuscating) code is generated by Webpack and its official plugin TerserWebpackPlugin, just to make the file size smaller. Replacing long variable names / function names to smaller meaningless ones is just a very common way to achieve this.
This is just normal web application workflow! It's 2019, and this is done all over the world in web applications! Have you guys ever heard of Webpack? ES6? It's ridiculous that people concern about this.
If you don't believe us anyway, you can always build your own version with a simple
yarn build.