What is NoScript and who develops it?
Executive summary
NoScript is a free, open-source browser extension that blocks active web content (scripts, plugins, frames) by default and lets users enable dynamic content only for trusted sites, positioned as a security and privacy tool for web browsing [1] [2]. The extension was developed and is maintained by Giorgio Maone, who is identified in reporting as NoScript’s author and a member of the Mozilla Security Group [3] [4].
1. What NoScript does: a proactive blockade of active content
NoScript’s core function is to pre-emptively block executable web content—JavaScript, Java, Flash, and other potentially dangerous code—so that only explicitly allowed sites can run that content, which the project says reduces exposure to known and unknown vulnerabilities and can also reduce tracking and bandwidth use [1] [2]. The add-on includes additional modules such as the Application Boundaries Enforcer (ABE), described as an in-browser firewall-like component that lets users define policies to protect sensitive web-app boundaries like webmail or online banking [3].
2. Platforms, availability and development cadence
Originally a Firefox-centric extension, NoScript today publishes builds for Firefox (desktop and Android) and Chromium-based browsers and provides download options outside official stores for development or advanced users; the project maintains a public site with FAQs and forums and a GitHub repository for source code and issue reporting [5] [1] [6]. The project emphasizes rapid release cadence to respond to emerging web threats, marking interim development builds as release candidates with special versioning [7].
3. Who builds and maintains NoScript: Giorgio Maone and an open-source footprint
Public reporting identifies Giorgio Maone as NoScript’s developer and maintainer; multiple sources trace the add-on back to Maone, noting early releases in the mid-2000s and his ongoing stewardship of the project [3] [4]. The extension is distributed as free open-source software (FOSS) and publishes source code and channels for security reporting, signaling a volunteer-led or small-team open development model rather than corporate ownership [1] [6].
4. History, adoption and controversies
NoScript dates back to the mid-2000s and quickly gained popularity among security-conscious users and developers, with large install counts reported in past coverage and endorsements from notable figures in the web community [4] [2]. The project has not been free of dispute: reporting documents clashes between Maone and other extension developers—most notably an “extension war” with Adblock Plus and a later spat involving Ghostery—rooted in technical and policy changes that affected how third-party blockers and trackers were reported or handled [3].
5. Not to be confused with the HTML
The name NoScript can be confused with the HTML
6. What reporting does not settle and why it matters
Sources establish NoScript’s purpose, platform reach, and authorship, but public documentation available here does not fully map the project’s current governance structure, contributor makeup, or detailed telemetry about active user numbers and geographic distribution; those specifics are not asserted in the cited materials and therefore remain outside the scope of this report [5] [6]. Similarly, while security claims and anti-exploitation promises are central to NoScript’s messaging, independent, up-to-date audits or broad third-party measurements of efficacy are not included in the cited sources and would be necessary for an evidence-based performance assessment [1] [7].