- Vendor community-maintained phishing domain blocklist into
src/shared/phishingBlocklist.json (bundled at build time by esbuild)
- Refactor phishingDomains.js: build vendored Sets at module load,
fetch live list periodically, keep only delta (new entries not in
vendored) in memory for small runtime footprint
- Domain checker checks delta first (fresh scam sites), then vendored
- Persist delta to localStorage if under 256 KiB
- Load delta from localStorage on startup for instant coverage
- Add startPeriodicRefresh() with 24h setInterval in background script
- Remove dead code: popup's local isPhishingDomain() re-check was inert
(popup never called updatePhishingList so its blacklistSet was always
empty); now relies solely on background's authoritative flag
- Remove all competitor name mentions from UI warning text and comments
- Update README: document phishing domain protection architecture,
update external services list
- Update tests: cover vendored blocklist loading, delta computation,
localStorage persistence, delta+vendored interaction
Closes#114
5927dfd45b