How to spot backdoor addons?

oh my god finally, people sell my plugins with backdoors in them and I get screwed over!

A lot of text editors come in with mass searching through a folder. Such as alpha male editor sublime.
I would suggest searching through for things like,
"HTTP", I recently came across a backdoor implanted in a pastebin, which was interestering.
"STEAMID", this one is pretty obvious why,
"75611", Start of a steamid64

Even if you are developer it's very hard to spot a backdoor, the best thing would be, before running suspicious program to install a network traffic sniffer such a WireShark and search for traces.

And malcious code can always be obscured, so there is no guaranteed way unless you manually audit everything.

I've used nomalua before and that scans for potential backdoors and fetching commands