Extuno vs manual extension review
Manual review catches what a person reads once; it does not scale to every version of every dependency. Extuno automates static, dynamic, and version-diff analysis so each update is re-checked with evidence, not re-read by hand.
What does manual review miss?
A human reviews a package or extension once, at adoption. They rarely re-read the diff of every later update across a large dependency tree, and obfuscated or remotely hosted code is hard to judge by reading. The poisoned-update class lives in exactly that gap.
What does Extuno automate?
Every version is read three ways - static rules, a dynamic sandbox, and cross-version diffing - on every update, with the finding, the file and line, why it is dangerous, and the recommended action. The output is evidence a reviewer can act on, not a number.
Is automation a replacement for analysts?
No. It is leverage for them. Extuno does the repetitive per-version work and surfaces evidence so analysts spend their time on judgment and response, not on re-reading minified code by hand.