Current release versions of Violentmonkey downloaded from addons.mozilla.org are getting minified. I propose to omit this build step and just deliver the extension unminified for privacy reasons and trust in the published source code.

Minifying makes sense for web applications to reduce the bundle size and increase performance. Though an installed browser extension does not need this build step - the code is already available locally.

(For those who would like to verify this: go to https://addons.mozilla.org/en-US/firefox/addon/violentmonkey and download the extension as .xpi and open with your archive manager of choice.)

Sad reality is: It is very easy to embed trackers in releases, while still being MIT licensed - I wouldn't state, this is the norm, but auditing certainly still remains necessary.

To make it clear, I really like Violentmonkey as an open source alternative to Tampermonkey! It also seems to have more active development than Greasemonkey. After having researched a bit, I am willing to trust gera2ld (and other contributors) considering that user-script extensions in general are getting a multitude of permissions in the browser, which for nearly all of us is the most important and frequently used app.

Being a privacy conscious user, I just would like to get an eye on the released source code. Uglifying/Minifying/obfuscating complicates auditing and is is not needed in my view.