Video DownloadHelper is one of Mozilla’s Recommended Extensions and one of the most installed add-ons on AMO. Their website’s open source page implies the extension follows open source practices.
After some investigation this does not appear to be the case. The GitHub repo for the extension at aclap-dev/video-downloadhelper contains no source code and is used purely as a discussion and Q&A board. The companion app at aclap-dev/vdhcoapp was open source but was archived in December 2025 and is no longer maintained. The extension code itself has never been publicly available as far as I can tell.
This matters for a few reasons. The Recommended badge carries an implicit trust signal. Mozilla’s own vetting criteria include being safe, but safety cannot be independently verified by the community when the code is not public. Claiming open source without publishing the source is also misleading, since users may assume auditability exists when it does not. Browser extensions also have broad page access and can read content on every site a user visits, so the bar for transparency should arguably be higher than for other software.
I am not claiming the extension is malicious. It may be perfectly fine. But it seems worth discussing whether the Recommended program should have clearer public criteria around source availability, and whether extensions that claim open source credentials should be required to back that up.
Happy to be corrected if I have missed a public repo somewhere.