Blog

The Death of the NPAPI

By Ian Hamilton | Nov 11, 2015

By Ian Hamilton, Signiant CTO

 

In the mid 1990s Netscape Navigator was the most popular web browser in the world with a usage share of over ninety percent. Faced with competition from free bundled browsers, like Microsoft’s Internet Explorer, Netscape Navigator’s usage share had declined to next to nothing by the early 2000s, and in 2008 AOL (the company that acquired Netscape in 1999) finally discontinued support. While Netscape Navigator is no more, its legacy lives on in many forms including being the birthplace of JavaScript, which — alongside the Hyper Text Markup Language (HTML) and Cascading Style Sheets (CSS) — is one of the three core technologies used for content production on the World Wide Web.

Netscape and the history of the NPAPI

Netscape Navigator also gave birth to the Netscape Plug-in Application Programmer Interface (NPAPI). The NPAPI allowed browser functionality to be extended to render content types, like video, not handled natively within a web page. It was also used to generically extend browser capabilities beyond those supported by standards.

The NPAPI was used to create browser plug-ins that supported Rich Internet Application (RIA) deployment using Adobe Flash, Microsoft Silverlight and Java amongst other technologies. These plug-ins enabled web delivered applications that behaved more like native applications through use of these proprietary RIA frameworks. The NPAPI was also used by Signiant to extend browser functionality with accelerated file transfer capabilities.

Concerns with the NPAPI

While the NPAPI provided a powerful way to extend browser functionality, it could also be misused. Because NPAPI-based extensions, or plug-ins, could be loaded by any web page and run with the same system privileges as the browser, plug-ins had to incorporate appropriate security mechanisms to prevent misuse. Further, because of the way plug-in and browser code interact, plug-ins could cause browser instability and crashes if they were not well written. Users had to put a fair bit of faith in plug-in providers and plug-in providers had to take responsibility for providing secure high quality plug-ins.

While all major desktop web browsers supported the NPAPI at the beginning of 2015, most had implemented mechanisms that restricted the scope of execution.   With these restrictions in place, users had to explicitly authorize web pages or web domains to load plug-ins. In September 2015, version 45 of Google’s Chrome browser completely removed support for the NPAPI. And Mozilla Firefox has announced they will eliminate support for the NPAPI by the end of 2016. Further, Microsoft’s new Edge browser has never supported the NPAPI.

The Signiant App replaces browser plug-ins

With the imminent death of the NPAPI, what options are left for extending browser functionality with advanced capabilities like accelerated file transfer? Chrome supports browser extensions using their Pepper Plug-in API (PPAPI), but this solution is Chrome specific. To address this problem with a standards-based solution, Signiant has extended the Signiant App for Mac and Windows to interact with web applications using standard browser capabilities.

The Signiant Transfer API (TAPI) is a Javascript API that provides accelerated file transfer within any web applications. While version 1 of the Transfer API uses the NPAPI, version 2 uses100% standard web browser capabilities with no dependency on the NPAPI or proprietary plug-in interfaces like the Chrome PPAPI.  The transfer API is used by Signiant Media Shuttle and third-party web applications that take advantage of Signiant accelerated file transfer. The transition to Signiant App is nearing completion and we’re looking forward to benefits our new unified app will deliver to our customers.