Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

I took a cursory glance through the source code (for the Firefox version, at least), and I'm not seeing any calls to the gitflic.ru URL outside of the update functions (there appear to be two different places where these might be triggered) and one function for importing custom sites:

// Import custom sites from local/online
function import_url_options(e, online) {
  let url = '/custom/sites_custom.json';
  if (online)
    url = 'https://gitflic.ru/project/magnolia1234/bpc_updates/blob/raw?file=sites_custom.json'  + '&rel=' + randomInt(100000);
  try {
    fetch(url)
    .then(response => {
      if (response.ok) {
        response.text().then(result => {
          import_json(result);
        })
      }
    });
  } catch (err) {
    console.log(err);
  }
}

I noticed in the manifest.json, there is the optional permissions array:

"optional_permissions": [ "*://*/*" ],

Which seems to grant the extension access to all URLs, so maybe that's why the HTTP request is able to fire on any given website rather than just the ones explicitly defined in the regular permissions array. Though this is speculation on my part; I've only ever written one or two complex Firefox extensions. I'm not sure if the "optional permissions" array can be declined upon installation (or configured in the extension settings after installation); perhaps access to the wildcard URL can be revoked so that this update call isn't occurring constantly.

All looks okay to me, but this was a very quick audit.

Ok, it does look like it's checking for list updates, just more often.l than I expected. I went into the settings and disabled as below and the calls stop. So all good!

"check update opt-in Check for update of version (on startup and when opening options): check update enabled: NO"