ArchivioMD Verifier Autor: Mountain View Provisions LLC

This extension uses Manifest V3 with a background scripts fallback for Firefox compatibility. All JavaScript is bundled within the package — no remote code is loaded or executed at runtime.
The extension runs a content script on all URLs to passively detect whether a page uses the ArchivioMD WordPress plugin, which can be installed on any website. When detected, it fetches publicly available verification data (content hashes, digital signatures, and anchoring metadata) directly from the site's own REST endpoint and .well-known paths. All external network requests go only to the site currently being visited, plus optionally to rekor.sigstore.dev for transparency log lookups when that feature is explicitly used.
DOM fingerprints and visit history are stored locally using browser.storage.local and never leave the device. No analytics, no tracking, no third-party data sharing of any kind.
The openpgp.min.js library (OpenPGP.js) is bundled locally within the package and is used for cryptographic operations. It is not fetched from any external source.
innerHTML is used in popup.js for UI rendering. All dynamic values are passed through an esc() sanitization function that encodes HTML entities before insertion, preventing XSS.