The end of NPAPI Plugins
Remember Flash, Acrobat, and Java Applets? These are NPAPI Plugins, the acronym for Netscape Plugin Application Programming Interface. Back in the old days of internet, there was a lot type of plugins, ranging between web apps, search toolbars, password manager, bank authentication & more. You might be wondering, where are those plugins now?
Short answer: It's gone.
The takeoff & golden era
It is started when Netscape browser was still in development. They created an API that allows 3rd party plugin to inject functionality into the browser. With this concept, we don’t need to put every single type of file in the world, by allowing users to choose which content they want to run. This was proven as the best solution for the thousands of format that exist back then, and included in mainstream browsers such as IE and Firefox.
Lots of website around 2000s heavily use Adobe Flash Player, one of the most popular browser plugin ever existed, that allows Flash content to run inside your browser. The reason why Flash Player is so popular, because these are used for playing video, audio, and online games. Even YouTube use Flash Player in its old era (2006-2010). There are also website that simply stated ‘we need Flash, otherwise get off from my site’.
At this era there are no limit & protection of plugin that can be installed, because they installed in the background, and can access the whole browser directory.
In 2008, HTML5 is released. Not only introduce some new standards on displaying standard text on HTML, it also support audio and video code. With this code, you can display videos and audios in webpage, without the need of plugin. No more Flash is needed in this way.
By the start of 2010s decade, the NPAPI security problem is fixed by prompting people to read what a plugin does actually (by browser). It gives people the control to install plugin or not. Of course this is useless, because we would pressing ‘Allow’ no matter what. We just want a site to work fine. Again, browser developer added some more security measurement. They add ‘sandboxing’ to NPAPI plugin, so the plugin can only see what they told to do (not looking at the whole browser). This almost save the bad reputation on NPAPI plugin, until more security issues is showing up.
In 2009-2013, there was numerous amount of fatal security flaws discovered in Flash Player. Instead of fixing it fast, Adobe are busy in negotiating with Apple. The CEO of Apple, Steve Jobs, sending an open letter to Adobe about denying the use of Flash in iOS. Adobe claimed that their software is ‘safe’, while ignoring the security holes reported.
Don’t forget that Flash Player also drain battery so fast. This is the main reason that Flash is discontinued in Android (they did shipped it for a while but it was buggy).
All of those factor, combined with the growing usages of mobile devices (doesn’t have flash) are contributing in the great recession of Flash Player. Simultaneously, online flash game developer, which is the main users of Flash in this time, are also changing its code to HTML5. Its way easier to maintain, more lightweight, and not using Adobe’s monopoly product anymore. In 2015, Oracle stop support for Java browser plugin, saying that the way NPAPI works is outdated, and have many trouble to be maintained.
In September 2015, Google disabled NPAPI support on Chrome. This is their statement:
The web has evolved. Today’s browsers are speedier, safer, and more capable than their ancestors. Meanwhile, NPAPI’s 90s-era architecture has become a leading cause of hangs, crashes, security incidents, and code complexity. Because of this, Chrome will be phasing out NPAPI support over the coming year.
This statement was quickly followed by positive response from another browser developer. Shortly after that Mozilla announced their plan to end support for NPAPI plugin in Firefox & Thunderbird other than Flash in 2016.
Adobe has noticed this movement of ‘abandoning their tech’. They knew this was coming, but they did not expect it to be as soon as 2015. In 2017, Adobe announced they would stop distributing and updating Flash Player after 31 December 2020. This announcement also said that users should migrate to newer technologies.
Fast forward a few years, to be exact in 2020. Many games that has been created with Flash are converted into HTML5. There are effort to make Flash content accessible after the EOL, such as Flashpoint. The last major browser that support Flash, Firefox, has removed the whole NPAPI support in January 2021. Adobe has also made so Flash would refuse to run after the EOL date, starting from a version released in May 2020.
Let’s go back to the main topic. Although Flash Player is the ‘icon’ of NPAPI, there is still a lot of other plugin, that went missing. As far as I knew, the only NPAPI plugins that still supported are in fact a product of Adobe itself, Adobe Acrobat. If you’re familiar with Adobe Reader, then Acrobat is the engine that doing the rendering. Some niche browser, such as Pale Moon browser still & will continue to support NPAPI.
Personally I don’t use NPAPI plugin anymore, mainly because there was no reason to do so. Almost all of them can be substituted by WebAPI & other modern tech. Anyway thats it for this post, thanks for reading this post, and see you in another post!