I think what we need the most is a "view source" for browser extensions installed from the store: make it easy to view the source and to extract the browser extension into a folder.
Make it easy to find out which web pages they access and which they modified.
Minimized/encrypted code in extensions should be forbidden. It should be very easy to read the code.
In chrome go to chrome://extensions, enable developer mode, and now you can view source for any extension in devtools. The content scripts are already available in the regular web page's devtools without enabling developer mode.
The total list of websites is available in the installation popup for the extension.
The chrome web store already bans code obfuscation. minification is allowed as there's no meaningful way to enforce the quality of variable names
It is very annoying to try and follow through minified code. I've tried to view the source and see what some extensions are doing but it can be a bit of a painful process. You can at least sometimes figure out what kind of GET/POST requests the extension may be making, but it's much more time consuming to try and ensure everything is safe.
The other problem is that the extensions can update. You typically get zero notification an extension was updated. Most extensions start off safe, but later get sold and used to farm data.
Formatting isn't the issue. Just more time consuming to try and read the code when it's all got garbage variable and function names. Not that you can't do it, just slightly more effort. Also the bigger issue I mentioned in my comment relates to the problem of extensions updating without any notice.
Is there any legitimate reason to minify code for extensions? The size gains are minimal since it's a one time thing. But I agree that it would be hard to enforce, though google "manages" to enforce even more ambiguous requirements on their play store haha. I guess they could make it a guideline or a requirement, and "good faith" devs would comply even if it would be hard to enforce.
It would be waay easier than e.g. deciding if a YT video is for kids.
You can immediately generate all the data by taking all unminified chrome extensions and minifying them, so you can validate your detection accuracy, then flag those that are minified on the store page, and provide some appeal option for devs just in case.
Come to think of it, it could be a chrome extension...
You can view the source of browser extensions hosted on the Chrome Web Store without installing them. I've occasionally used this tool for that purpose: https://robwu.nl/crxviewer/
This won't help against intentionally-obfuscated code but it should help with security & privacy research for most extensions.
Make it easy to find out which web pages they access and which they modified.
Minimized/encrypted code in extensions should be forbidden. It should be very easy to read the code.
E.g. this extensions says "records user activity", but what is that really: https://chromewebstore.google.com/detail/coffeelings/hcbddpp...