> Maybe the code from the downloaded package has to be run from a local origin > like chrome://*.
Doesn't the same issue that Chris raised still exist? You need a unit of isolation that says "only code signed with this public key runs in this isolation compartment". Chrome extensions have that model. Whether we achieve this via origins, COWLs, or origin+key as the identifier, is a separate question, but Chris' high level bit remains true. cheers dev