XPI (Cross-Platform Installer) Format

Overview

XPI (Cross-Platform Installer) is an archive format used primarily for browser extensions, themes, and add-ons. Originally developed for Mozilla Firefox, XPI files are essentially ZIP archives with a specific structure containing installation metadata and executable code for extending web browser functionality.

Technical Specifications

• Format Type: ZIP-based archive
• File Extension: .xpi
• MIME Type: application/x-xpinstall
• Container: Standard ZIP format
• Compression: ZIP compression (various algorithms)
• Metadata: JSON manifest files
• Security: Digital signatures supported

Format Structure

XPI files contain:

• Manifest file (manifest.json for WebExtensions)
• JavaScript code files
• HTML, CSS, and image resources
• Locale files for internationalization
• Optional install.rdf (legacy format)
• Digital signature files (META-INF/)

History and Development

• 2001: Introduced with Mozilla for cross-platform installation
• 2004: Adopted by Firefox for extensions
• 2012: Enhanced security with mandatory signing
• 2017: WebExtensions API standardization
• Present: Standard format for browser extensions across multiple browsers

Use Cases

• Browser extensions and add-ons
• Firefox themes and personas
• Thunderbird extensions
• Web application packaging
• Cross-platform software distribution
• Educational and development tools

Code Examples

JavaScript XPI Creation and Processing

const JSZip = require('jszip');
const fs = require('fs').promises;
const path = require('path');
const crypto = require('crypto');

class XPIProcessor {
    constructor() {
        this.zip = new JSZip();
    }
    
    async createXPI(sourceDir, outputPath, manifest) {
        try {
            // Add manifest file
            this.zip.file('manifest.json', JSON.stringify(manifest, null, 2));
            
            // Recursively add all files from source directory
            await this.addDirectoryToZip(sourceDir, '');
            
            // Generate XPI file
            const content = await this.zip.generateAsync({
                type: 'nodebuffer',
                compression: 'DEFLATE',
                compressionOptions: { level: 9 }
            });
            
            await fs.writeFile(outputPath, content);
            console.log(`XPI created: ${outputPath}`);
            
            return {
                success: true,
                path: outputPath,
                size: content.length
            };
            
        } catch (error) {
            console.error('Error creating XPI:', error);
            return { success: false, error: error.message };
        }
    }
    
    async addDirectoryToZip(dirPath, zipPath) {
        const items = await fs.readdir(dirPath, { withFileTypes: true });
        
        for (const item of items) {
            const fullPath = path.join(dirPath, item.name);
            const zipItemPath = zipPath ? `${zipPath}/${item.name}` : item.name;
            
            if (item.isDirectory()) {
                await this.addDirectoryToZip(fullPath, zipItemPath);
            } else {
                const content = await fs.readFile(fullPath);
                this.zip.file(zipItemPath, content);
            }
        }
    }
    
    async extractXPI(xpiPath, outputDir) {
        try {
            const data = await fs.readFile(xpiPath);
            const zip = await JSZip.loadAsync(data);
            
            // Create output directory
            await fs.mkdir(outputDir, { recursive: true });
            
            const files = [];
            
            // Extract all files
            for (const [relativePath, zipEntry] of Object.entries(zip.files)) {
                if (!zipEntry.dir) {
                    const content = await zipEntry.async('nodebuffer');
                    const fullPath = path.join(outputDir, relativePath);
                    
                    // Create directory if needed
                    await fs.mkdir(path.dirname(fullPath), { recursive: true });
                    
                    // Write file
                    await fs.writeFile(fullPath, content);
                    files.push(relativePath);
                }
            }
            
            console.log(`Extracted ${files.length} files to ${outputDir}`);
            return { success: true, files };
            
        } catch (error) {
            console.error('Error extracting XPI:', error);
            return { success: false, error: error.message };
        }
    }
    
    async analyzeXPI(xpiPath) {
        try {
            const data = await fs.readFile(xpiPath);
            const zip = await JSZip.loadAsync(data);
            
            const analysis = {
                filename: path.basename(xpiPath),
                fileSize: data.length,
                files: [],
                manifest: null,
                hasInstallRdf: false,
                hasSignature: false,
                locales: [],
                contentScripts: [],
                backgroundScripts: []
            };
            
            // Analyze files
            for (const [relativePath, zipEntry] of Object.entries(zip.files)) {
                if (!zipEntry.dir) {
                    const fileInfo = {
                        path: relativePath,
                        size: zipEntry._data ? zipEntry._data.uncompressedSize : 0,
                        type: this.getFileType(relativePath)
                    };
                    
                    analysis.files.push(fileInfo);
                    
                    // Check for special files
                    if (relativePath === 'manifest.json') {
                        const content = await zipEntry.async('text');
                        analysis.manifest = JSON.parse(content);
                    } else if (relativePath === 'install.rdf') {
                        analysis.hasInstallRdf = true;
                    } else if (relativePath.startsWith('META-INF/')) {
                        analysis.hasSignature = true;
                    } else if (relativePath.startsWith('_locales/')) {
                        const locale = relativePath.split('/')[1];
                        if (!analysis.locales.includes(locale)) {
                            analysis.locales.push(locale);
                        }
                    }
                }
            }
            
            // Analyze manifest if present
            if (analysis.manifest) {
                if (analysis.manifest.content_scripts) {
                    analysis.contentScripts = analysis.manifest.content_scripts;
                }
                
                if (analysis.manifest.background) {
                    analysis.backgroundScripts = analysis.manifest.background.scripts || 
                                               [analysis.manifest.background.page] || [];
                }
            }
            
            return analysis;
            
        } catch (error) {
            console.error('Error analyzing XPI:', error);
            return { error: error.message };
        }
    }
    
    getFileType(filePath) {
        const ext = path.extname(filePath).toLowerCase();
        const types = {
            '.js': 'JavaScript',
            '.json': 'JSON',
            '.html': 'HTML',
            '.htm': 'HTML',
            '.css': 'CSS',
            '.png': 'Image',
            '.jpg': 'Image',
            '.jpeg': 'Image',
            '.gif': 'Image',
            '.svg': 'Image',
            '.xml': 'XML',
            '.rdf': 'RDF',
            '.dtd': 'DTD',
            '.properties': 'Properties'
        };
        
        return types[ext] || 'Other';
    }
    
    async validateXPI(xpiPath) {
        try {
            const analysis = await this.analyzeXPI(xpiPath);
            
            const validation = {
                valid: true,
                errors: [],
                warnings: []
            };
            
            // Check for manifest
            if (!analysis.manifest && !analysis.hasInstallRdf) {
                validation.valid = false;
                validation.errors.push('No manifest.json or install.rdf found');
            }
            
            // Validate manifest structure
            if (analysis.manifest) {
                const manifest = analysis.manifest;
                
                if (!manifest.manifest_version) {
                    validation.errors.push('Missing manifest_version');
                }
                
                if (!manifest.name) {
                    validation.errors.push('Missing extension name');
                }
                
                if (!manifest.version) {
                    validation.errors.push('Missing version');
                }
                
                // Check for required permissions
                if (manifest.content_scripts && !manifest.permissions) {
                    validation.warnings.push('Content scripts without permissions declared');
                }
            }
            
            // Check file structure
            const jsFiles = analysis.files.filter(f => f.type === 'JavaScript');
            if (jsFiles.length === 0) {
                validation.warnings.push('No JavaScript files found');
            }
            
            if (validation.errors.length > 0) {
                validation.valid = false;
            }
            
            return validation;
            
        } catch (error) {
            return {
                valid: false,
                errors: [`Validation error: ${error.message}`],
                warnings: []
            };
        }
    }
}

// WebExtension manifest generator
class ManifestGenerator {
    static createBasicManifest(options) {
        const manifest = {
            manifest_version: 2,
            name: options.name || 'My Extension',
            version: options.version || '1.0.0',
            description: options.description || 'A browser extension',
            
            icons: {
                16: 'icons/icon-16.png',
                32: 'icons/icon-32.png',
                48: 'icons/icon-48.png',
                128: 'icons/icon-128.png'
            }
        };
        
        // Add optional components
        if (options.contentScripts) {
            manifest.content_scripts = options.contentScripts;
        }
        
        if (options.background) {
            manifest.background = options.background;
        }
        
        if (options.browserAction) {
            manifest.browser_action = options.browserAction;
        }
        
        if (options.permissions) {
            manifest.permissions = options.permissions;
        }
        
        if (options.webAccessibleResources) {
            manifest.web_accessible_resources = options.webAccessibleResources;
        }
        
        return manifest;
    }
    
    static createContentScriptManifest(options) {
        return this.createBasicManifest({
            ...options,
            contentScripts: [{
                matches: options.matches || ['<all_urls>'],
                js: options.js || ['content.js'],
                css: options.css || [],
                run_at: options.runAt || 'document_end'
            }],
            permissions: options.permissions || ['activeTab']
        });
    }
    
    static createBackgroundPageManifest(options) {
        return this.createBasicManifest({
            ...options,
            background: {
                scripts: options.backgroundScripts || ['background.js'],
                persistent: options.persistent !== false
            },
            permissions: options.permissions || ['storage', 'tabs']
        });
    }
}

// Usage examples
async function createSampleExtension() {
    const processor = new XPIProcessor();
    
    // Create sample extension files
    const extensionDir = './sample-extension';
    await fs.mkdir(extensionDir, { recursive: true });
    await fs.mkdir(`${extensionDir}/icons`, { recursive: true });
    
    // Create manifest
    const manifest = ManifestGenerator.createContentScriptManifest({
        name: 'Sample Extension',
        version: '1.0.0',
        description: 'A sample browser extension',
        matches: ['https://*/*'],
        js: ['content.js'],
        permissions: ['activeTab', 'storage']
    });
    
    // Create content script
    const contentScript = `
// Sample content script
console.log('Sample extension loaded');

// Add a simple notification
const notification = document.createElement('div');
notification.textContent = 'Extension is running!';
notification.style.cssText = \`
    position: fixed;
    top: 10px;
    right: 10px;
    background: #4CAF50;
    color: white;
    padding: 10px;
    border-radius: 5px;
    z-index: 10000;
    font-family: Arial, sans-serif;
\`;

document.body.appendChild(notification);

// Remove notification after 3 seconds
setTimeout(() => {
    document.body.removeChild(notification);
}, 3000);
`;
    
    // Write files
    await fs.writeFile(`${extensionDir}/manifest.json`, JSON.stringify(manifest, null, 2));
    await fs.writeFile(`${extensionDir}/content.js`, contentScript);
    
    // Create dummy icon
    const iconSvg = `<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48">
        <circle cx="24" cy="24" r="20" fill="#4CAF50"/>
        <text x="24" y="30" text-anchor="middle" fill="white" font-size="16">EXT</text>
    </svg>`;
    await fs.writeFile(`${extensionDir}/icons/icon-48.png`, iconSvg);
    
    // Create XPI
    const result = await processor.createXPI(extensionDir, 'sample-extension.xpi', manifest);
    
    if (result.success) {
        console.log('Sample extension created successfully');
        
        // Analyze the created XPI
        const analysis = await processor.analyzeXPI('sample-extension.xpi');
        console.log('\nXPI Analysis:');
        console.log(`Files: ${analysis.files.length}`);
        console.log(`Size: ${analysis.fileSize} bytes`);
        console.log(`Extension Name: ${analysis.manifest.name}`);
        console.log(`Version: ${analysis.manifest.version}`);
        
        // Validate XPI
        const validation = await processor.validateXPI('sample-extension.xpi');
        console.log('\nValidation:', validation.valid ? 'PASSED' : 'FAILED');
        if (validation.errors.length > 0) {
            console.log('Errors:', validation.errors);
        }
        if (validation.warnings.length > 0) {
            console.log('Warnings:', validation.warnings);
        }
    }
}

// Batch processing function
async function processXPIDirectory(directory) {
    try {
        const files = await fs.readdir(directory);
        const xpiFiles = files.filter(file => file.endsWith('.xpi'));
        
        const processor = new XPIProcessor();
        const results = [];
        
        for (const xpiFile of xpiFiles) {
            const filePath = path.join(directory, xpiFile);
            console.log(`\nProcessing: ${xpiFile}`);
            
            const analysis = await processor.analyzeXPI(filePath);
            const validation = await processor.validateXPI(filePath);
            
            results.push({
                filename: xpiFile,
                analysis,
                validation
            });
            
            console.log(`  Size: ${analysis.fileSize} bytes`);
            console.log(`  Files: ${analysis.files.length}`);
            console.log(`  Valid: ${validation.valid}`);
            
            if (analysis.manifest) {
                console.log(`  Extension: ${analysis.manifest.name} v${analysis.manifest.version}`);
            }
        }
        
        return results;
        
    } catch (error) {
        console.error('Error processing directory:', error);
        return [];
    }
}

// Export for use
module.exports = {
    XPIProcessor,
    ManifestGenerator,
    createSampleExtension,
    processXPIDirectory
};

// Run example if script is executed directly
if (require.main === module) {
    createSampleExtension().catch(console.error);
}

Python XPI Processing

import zipfile
import json
import os
import tempfile
import shutil
from pathlib import Path
from typing import Dict, List, Any, Optional

class XPIProcessor:
    def __init__(self):
        pass
    
    def create_xpi(self, source_dir: str, output_path: str, manifest: Dict[str, Any]) -> Dict[str, Any]:
        """Create XPI file from source directory."""
        try:
            with zipfile.ZipFile(output_path, 'w', zipfile.ZIP_DEFLATED) as xpi:
                # Add manifest file
                xpi.writestr('manifest.json', json.dumps(manifest, indent=2))
                
                # Add all files from source directory
                source_path = Path(source_dir)
                for file_path in source_path.rglob('*'):
                    if file_path.is_file():
                        relative_path = file_path.relative_to(source_path)
                        xpi.write(file_path, str(relative_path))
                
                file_count = len(xpi.namelist())
            
            file_size = os.path.getsize(output_path)
            print(f"XPI created: {output_path} ({file_count} files, {file_size} bytes)")
            
            return {
                'success': True,
                'path': output_path,
                'size': file_size,
                'file_count': file_count
            }
            
        except Exception as e:
            print(f"Error creating XPI: {e}")
            return {'success': False, 'error': str(e)}
    
    def extract_xpi(self, xpi_path: str, output_dir: str) -> Dict[str, Any]:
        """Extract XPI file to directory."""
        try:
            os.makedirs(output_dir, exist_ok=True)
            
            with zipfile.ZipFile(xpi_path, 'r') as xpi:
                xpi.extractall(output_dir)
                files = xpi.namelist()
            
            print(f"Extracted {len(files)} files to {output_dir}")
            
            return {
                'success': True,
                'files': files,
                'output_dir': output_dir
            }
            
        except Exception as e:
            print(f"Error extracting XPI: {e}")
            return {'success': False, 'error': str(e)}
    
    def analyze_xpi(self, xpi_path: str) -> Dict[str, Any]:
        """Analyze XPI file structure and content."""
        try:
            analysis = {
                'filename': os.path.basename(xpi_path),
                'file_size': os.path.getsize(xpi_path),
                'files': [],
                'manifest': None,
                'has_install_rdf': False,
                'has_signature': False,
                'locales': [],
                'file_types': {},
                'content_scripts': [],
                'background_scripts': []
            }
            
            with zipfile.ZipFile(xpi_path, 'r') as xpi:
                for file_info in xpi.filelist:
                    if not file_info.is_dir():
                        file_data = {
                            'path': file_info.filename,
                            'size': file_info.file_size,
                            'compressed_size': file_info.compress_size,
                            'type': self._get_file_type(file_info.filename)
                        }
                        
                        analysis['files'].append(file_data)
                        
                        # Count file types
                        file_type = file_data['type']
                        analysis['file_types'][file_type] = analysis['file_types'].get(file_type, 0) + 1
                        
                        # Check for special files
                        if file_info.filename == 'manifest.json':
                            try:
                                content = xpi.read(file_info.filename).decode('utf-8')
                                analysis['manifest'] = json.loads(content)
                            except Exception as e:
                                print(f"Error reading manifest: {e}")
                        
                        elif file_info.filename == 'install.rdf':
                            analysis['has_install_rdf'] = True
                        
                        elif file_info.filename.startswith('META-INF/'):
                            analysis['has_signature'] = True
                        
                        elif file_info.filename.startswith('_locales/'):
                            locale = file_info.filename.split('/')[1]
                            if locale not in analysis['locales']:
                                analysis['locales'].append(locale)
            
            # Analyze manifest content
            if analysis['manifest']:
                manifest = analysis['manifest']
                
                if 'content_scripts' in manifest:
                    analysis['content_scripts'] = manifest['content_scripts']
                
                if 'background' in manifest:
                    bg = manifest['background']
                    if 'scripts' in bg:
                        analysis['background_scripts'] = bg['scripts']
                    elif 'page' in bg:
                        analysis['background_scripts'] = [bg['page']]
            
            return analysis
            
        except Exception as e:
            print(f"Error analyzing XPI: {e}")
            return {'error': str(e)}
    
    def _get_file_type(self, filename: str) -> str:
        """Determine file type from extension."""
        ext = Path(filename).suffix.lower()
        
        type_map = {
            '.js': 'JavaScript',
            '.json': 'JSON',
            '.html': 'HTML',
            '.htm': 'HTML',
            '.css': 'CSS',
            '.png': 'Image',
            '.jpg': 'Image',
            '.jpeg': 'Image',
            '.gif': 'Image',
            '.svg': 'Image',
            '.xml': 'XML',
            '.rdf': 'RDF',
            '.dtd': 'DTD',
            '.properties': 'Properties',
            '.xul': 'XUL',
            '.jsm': 'JavaScript Module'
        }
        
        return type_map.get(ext, 'Other')
    
    def validate_xpi(self, xpi_path: str) -> Dict[str, Any]:
        """Validate XPI file structure and manifest."""
        try:
            analysis = self.analyze_xpi(xpi_path)
            
            validation = {
                'valid': True,
                'errors': [],
                'warnings': []
            }
            
            # Check if we can open the ZIP file
            if 'error' in analysis:
                validation['valid'] = False
                validation['errors'].append(f"Cannot read XPI file: {analysis['error']}")
                return validation
            
            # Check for manifest
            if not analysis['manifest'] and not analysis['has_install_rdf']:
                validation['valid'] = False
                validation['errors'].append('No manifest.json or install.rdf found')
            
            # Validate manifest if present
            if analysis['manifest']:
                manifest = analysis['manifest']
                
                # Required fields
                required_fields = ['manifest_version', 'name', 'version']
                for field in required_fields:
                    if field not in manifest:
                        validation['errors'].append(f'Missing required field: {field}')
                
                # Check manifest version
                if 'manifest_version' in manifest:
                    if manifest['manifest_version'] not in [2, 3]:
                        validation['warnings'].append(f'Unsupported manifest version: {manifest["manifest_version"]}')
                
                # Check for permissions if content scripts are used
                if 'content_scripts' in manifest and 'permissions' not in manifest:
                    validation['warnings'].append('Content scripts declared without permissions')
            
            # Check file structure
            js_files = [f for f in analysis['files'] if f['type'] == 'JavaScript']
            if not js_files:
                validation['warnings'].append('No JavaScript files found')
            
            # Check for icons
            icon_files = [f for f in analysis['files'] if f['type'] == 'Image' and 'icon' in f['path'].lower()]
            if not icon_files:
                validation['warnings'].append('No icon files found')
            
            if validation['errors']:
                validation['valid'] = False
            
            return validation
            
        except Exception as e:
            return {
                'valid': False,
                'errors': [f'Validation error: {str(e)}'],
                'warnings': []
            }

class ManifestBuilder:
    """Helper class for building WebExtension manifests."""
    
    @staticmethod
    def create_basic_manifest(name: str, version: str, description: str = "") -> Dict[str, Any]:
        """Create a basic manifest structure."""
        return {
            "manifest_version": 2,
            "name": name,
            "version": version,
            "description": description,
            "icons": {
                "16": "icons/icon-16.png",
                "32": "icons/icon-32.png",
                "48": "icons/icon-48.png",
                "128": "icons/icon-128.png"
            }
        }
    
    @staticmethod
    def add_content_script(manifest: Dict[str, Any], 
                          matches: List[str], 
                          js_files: List[str], 
                          css_files: List[str] = None,
                          run_at: str = "document_end") -> Dict[str, Any]:
        """Add content script configuration."""
        if 'content_scripts' not in manifest:
            manifest['content_scripts'] = []
        
        content_script = {
            "matches": matches,
            "js": js_files,
            "run_at": run_at
        }
        
        if css_files:
            content_script['css'] = css_files
        
        manifest['content_scripts'].append(content_script)
        return manifest
    
    @staticmethod
    def add_background_script(manifest: Dict[str, Any], 
                            scripts: List[str], 
                            persistent: bool = True) -> Dict[str, Any]:
        """Add background script configuration."""
        manifest['background'] = {
            "scripts": scripts,
            "persistent": persistent
        }
        return manifest
    
    @staticmethod
    def add_permissions(manifest: Dict[str, Any], 
                       permissions: List[str]) -> Dict[str, Any]:
        """Add permissions to manifest."""
        if 'permissions' not in manifest:
            manifest['permissions'] = []
        
        manifest['permissions'].extend(permissions)
        # Remove duplicates
        manifest['permissions'] = list(set(manifest['permissions']))
        return manifest

def create_sample_extension():
    """Create a sample browser extension."""
    
    # Create temporary directory structure
    with tempfile.TemporaryDirectory() as temp_dir:
        extension_dir = Path(temp_dir) / "sample_extension"
        extension_dir.mkdir()
        
        # Create icons directory
        icons_dir = extension_dir / "icons"
        icons_dir.mkdir()
        
        # Create manifest
        manifest = ManifestBuilder.create_basic_manifest(
            name="Sample Extension",
            version="1.0.0",
            description="A sample browser extension for demonstration"
        )
        
        manifest = ManifestBuilder.add_content_script(
            manifest,
            matches=["https://*/*"],
            js_files=["content.js"]
        )
        
        manifest = ManifestBuilder.add_permissions(
            manifest,
            ["activeTab", "storage"]
        )
        
        # Write manifest
        with open(extension_dir / "manifest.json", 'w') as f:
            json.dump(manifest, f, indent=2)
        
        # Create content script
        content_script = '''
// Sample content script
console.log("Sample extension loaded on:", window.location.href);

// Create notification element
const notification = document.createElement("div");
notification.textContent = "Extension is active!";
notification.style.cssText = `
    position: fixed;
    top: 10px;
    right: 10px;
    background: #4CAF50;
    color: white;
    padding: 10px 15px;
    border-radius: 5px;
    z-index: 10000;
    font-family: Arial, sans-serif;
    box-shadow: 0 2px 10px rgba(0,0,0,0.2);
`;

// Add to page
document.body.appendChild(notification);

// Remove after 3 seconds
setTimeout(() => {
    if (notification.parentNode) {
        notification.parentNode.removeChild(notification);
    }
}, 3000);

// Add click listener to log page interactions
document.addEventListener("click", (event) => {
    console.log("Clicked element:", event.target.tagName);
});
'''
        
        with open(extension_dir / "content.js", 'w') as f:
            f.write(content_script)
        
        # Create a simple SVG icon
        icon_svg = '''<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48">
    <circle cx="24" cy="24" r="20" fill="#4CAF50"/>
    <text x="24" y="30" text-anchor="middle" fill="white" font-size="14" font-family="Arial">EXT</text>
</svg>'''
        
        with open(icons_dir / "icon-48.svg", 'w') as f:
            f.write(icon_svg)
        
        # Create XPI
        processor = XPIProcessor()
        result = processor.create_xpi(str(extension_dir), "sample_extension.xpi", manifest)
        
        if result['success']:
            print("\nSample extension created successfully!")
            
            # Analyze the created XPI
            analysis = processor.analyze_xpi("sample_extension.xpi")
            print(f"\nXPI Analysis:")
            print(f"  Files: {len(analysis['files'])}")
            print(f"  Size: {analysis['file_size']} bytes")
            print(f"  File types: {analysis['file_types']}")
            
            if analysis['manifest']:
                print(f"  Extension: {analysis['manifest']['name']} v{analysis['manifest']['version']}")
            
            # Validate XPI
            validation = processor.validate_xpi("sample_extension.xpi")
            print(f"\nValidation: {'PASSED' if validation['valid'] else 'FAILED'}")
            
            if validation['errors']:
                print("  Errors:", validation['errors'])
            if validation['warnings']:
                print("  Warnings:", validation['warnings'])
        
        return result

def batch_analyze_xpi_files(directory: str):
    """Analyze all XPI files in a directory."""
    processor = XPIProcessor()
    results = []
    
    for filename in os.listdir(directory):
        if filename.endswith('.xpi'):
            filepath = os.path.join(directory, filename)
            print(f"\nAnalyzing: {filename}")
            
            analysis = processor.analyze_xpi(filepath)
            validation = processor.validate_xpi(filepath)
            
            results.append({
                'filename': filename,
                'analysis': analysis,
                'validation': validation
            })
            
            if 'error' not in analysis:
                print(f"  Size: {analysis['file_size']} bytes")
                print(f"  Files: {len(analysis['files'])}")
                print(f"  Valid: {validation['valid']}")
                
                if analysis['manifest']:
                    manifest = analysis['manifest']
                    print(f"  Extension: {manifest.get('name', 'Unknown')} v{manifest.get('version', 'Unknown')}")
                    print(f"  Manifest version: {manifest.get('manifest_version', 'Unknown')}")
            else:
                print(f"  Error: {analysis['error']}")
    
    return results

# Example usage
if __name__ == "__main__":
    # Create sample extension
    print("Creating sample browser extension...")
    create_sample_extension()
    
    # If there are XPI files in current directory, analyze them
    xpi_files = [f for f in os.listdir('.') if f.endswith('.xpi')]
    if xpi_files:
        print(f"\nFound {len(xpi_files)} XPI files. Analyzing...")
        batch_analyze_xpi_files('.')

Browser Extension Development

Modern WebExtensions Manifest

{
  "manifest_version": 3,
  "name": "Modern Extension",
  "version": "2.0.0",
  "description": "A modern WebExtension using Manifest V3",
  
  "icons": {
    "16": "icons/icon-16.png",
    "32": "icons/icon-32.png",
    "48": "icons/icon-48.png",
    "128": "icons/icon-128.png"
  },
  
  "action": {
    "default_popup": "popup.html",
    "default_title": "Modern Extension",
    "default_icon": {
      "16": "icons/icon-16.png",
      "32": "icons/icon-32.png"
    }
  },
  
  "background": {
    "service_worker": "background.js"
  },
  
  "content_scripts": [{
    "matches": ["https://*/*"],
    "js": ["content.js"],
    "run_at": "document_end"
  }],
  
  "permissions": [
    "activeTab",
    "storage"
  ],
  
  "host_permissions": [
    "https://*/*"
  ],
  
  "web_accessible_resources": [{
    "resources": ["images/*"],
    "matches": ["https://*/*"]
  }]
}

Security Considerations

• XPI files can contain executable JavaScript code
• Validate manifest permissions and content scripts
• Be cautious with extensions from untrusted sources
• Review code before installation in production environments
• Browser stores provide security scanning and validation
• Consider code signing for enterprise deployment

Best Practices

• Use clear and descriptive extension names and descriptions
• Minimize requested permissions to what's actually needed
• Follow browser-specific extension guidelines
• Test extensions across different browser versions
• Implement proper error handling and logging
• Provide comprehensive documentation
• Use version control for extension development

Cross-Browser Compatibility

• Firefox: Native XPI support with WebExtensions API
• Chrome: Convert to CRX format or load unpacked
• Safari: Requires conversion to Safari App Extension
• Edge: Supports APPX packaging or Chrome Web Store
• Opera: Compatible with Chrome extensions

Development Tools and Resources

• web-ext: Mozilla's command-line tool for extension development
• Chrome Extension CLI: Google's development toolkit
• Extension debugging: Browser developer tools
• Validation tools: AMO validator, Chrome Web Store validator
• Documentation: MDN WebExtensions API, Chrome Extensions API