As people have said it’s not making requests to web store, that’s just part of this repository looking for what extensions it’s blocking via nodejs

Browsers already have strong protections against that sort of thing, look up the same-origin policy and CORS