Security concerns about closed-source TamperMonkey >=3.x + Why did it became closed-source in the first place?

[KajeArch]

Don't get me wrong. I like TamperMonkey, it's a great extension, but when I see that the extension is now closed-source, it worries me a bit and I honestly don't really see the point. I haven't used TM in a long time, so I'm looking for answers here. In my opinion extension like this one should be open source, especially considering the powerful permissions TM uses. I'll be happy to list these again:

• Access your data for all websites
• Input data to the clipboard
• Download files and read and modify the browser’s download history
• Display notifications to you
• Access browser tabs
• Access browser activity during navigation

To remind everyone reading this:
"Access your data for all websites" basically means (quoting Firefox):

The extension can read the content of any web page you visit as well as data you enter into those web pages, such as usernames and passwords.

If we are realistic and not sugar-coat anything, these are extremely powerful privileges, and therefore also should come with a lot of responsibility. Unfortunately, since we know that some developers like to sneak stuff like bitminers into their software, I find this closed-source step a bit, excuse me, bizarre and dangerous to say the least. I see no real reason why this extension should be closed-source. Also, this switch from open-source to closed-source seems to have been done rather secretly without any bigger announcement at all which also seems rather suspicious.
@derjanb

Additionally, I would also like to know if there is any proof that this extension is not infected with malicious code that could potentially steal my passwords. A closed-source software prohibits me from doing this process of checking for malicious code. This is problematic and very concerning, especially given that TM is also used by a lot of users.

[derjanb]

If you have doubts about a browser extension, better not use it.

Google and Microsoft do behavioral analysis, Opera and Mozilla get the source package to build the extension and compare it to the released version,

Also, this switch from open-source to closed-source seems to have been done rather secretly without any bigger announcement at all which also seems rather suspicious.

The first versions were irregularly synced to Google Code, then I stopped the sync for some years, pushed some releases to Github later and stopped again. The last sync was 9 years ago.

Duplicate of #214

[TomasHubelbauer]

I apologize for commenting on an old and closed issue, but I would like to see if there is clarification that can be made regarding the motivations to close-source the extension. I respect the decision and I do not really have privacy or security related concerns seeing that Mozilla monitors this extension unlike other user script extensions on the AMO store, but I still wonder why do it? Being open source is IMO a strong trust-building signal for fundamental power user tools such as user script runner extensions. Did copycats repackaging your extension and selling it or pushing it with malware ruin the party for everyone else?

I found this comment linking some posts, but those no longer exist:
#214 (comment)

Also, I know there is a notice at the top of the repository about this extension changing a license past the version whose source code is included here, but it just mentions switching to a proprietary license. Maybe I am just thick but it didn't immediately connect to me that this means the extension has gone closed-source. I thought it was a license change away from an open source license while remaining code-available. I am not sure if this confuses others or not but perhaps you'd be open to update the wording? Just my two cents.