@mmn @maiyannah The security risk comes from the indiscriminate running of ephemeral, unsigned, untrusted programs. Yes, recognizing a program as free software isn't a solution in itself---that could be a lie to get around LibreJS, or it could still be doing bad things. So this is nowhere near a solution to that problem.

It's very rare that I actually permit a site to run JavaScript, even if I know it's free. But for those who _do_ want to run JS for a site, should they choose to do so, they should be able to have an idea what parts of it are free, and avoid all the rest.