Gathering detailed insights and metrics for webpack-webextension-plugin
Gathering detailed insights and metrics for webpack-webextension-plugin
Webpack plugin that compiles WebExtension manifest.json files and adds smart auto reload
Installations
npm install webpack-webextension-pluginDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Min. Node Version
>=12
Node Version
16.14.0
NPM Version
8.3.1
Releases
16
Languages
2
TypeScript
JavaScript
TypeScript (93.37%)
JavaScript (6.63%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
NOASSERTION License
82 Stars
262 Commits
22 Forks
2 Watchers
7 Branches
14 Contributors
Updated on Jul 11, 2025
Maintainers
3
Package Meta Information
Latest Version
1.0.0
Package Id
webpack-webextension-plugin@1.0.0
Unpacked Size
37.91 kB
Size
12.26 kB
File Count
19
NPM Version
8.3.1
Node Version
16.14.0
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
4
Dev Dependencies
3
Webpack WebExtension Plugin
Webpack plugin that compiles web-extension manifest.json files and adds smart auto reload.
What does it do?
- Autoreload extensions via websockets
- Use vendor prefixes in manifest properties
- Validates some
manifest.jsonfields
Install
1$ npm i webpack-webextension-plugin
Usage
1const WebextensionPlugin = require('webpack-webextension-plugin') 2 3const config = { 4 plugins: [ 5 new WebextensionPlugin({ 6 vendor: 'chrome' 7 }) 8 ] 9}
API
new WebextensionPlugin([options])
Add result to webpack plugins to initialize.
options
Type: Object
Any of the options below.
vendor
Type: String
Default: chrome
Any of: chrome, opera, firefox, edge, safari
Used for vendor prefixing in the manifest.json. More infos regarding this can be found below.
port
Type: Integer
Default: 35729
Specify the listening port for the webstocket development server.
autoreload
Type: Boolean
Default: true
Enables auto reload. If not specified will be enabled when using webpacks watch mode.
quiet
Type: Boolean
Default: false
Disable plugin logging.
reconnectTime
Type: Integer
Default: 3000
Specify the reconnect time to the development server from the extension side.
manifestDefaults
Type: Object
Default: {}
Allows you to define defaults for the manifest.json file.
FAQ
How does smart autoreload work?
We create/extend a background page in the extension with a websockets client, that connects to our custom websocket server. As soon as a specific files changes the client checks how to reload the extension:
- if
manifest.jsonchange → full reload - if
manifest.jsondependencies change → full reload - if
_localeschange → full reload - else reload current tab & all extension views
What are vendor prefixed manifest keys?
Vendor prefixed manifest keys allow you to write one manifest.json for multible vendors.
1{ 2 "__chrome__name": "SuperChrome", 3 "__firefox__name": "SuperFox", 4 "__edge__name": "SuperEdge", 5 "__opera__name": "SuperOpera", 6 "__safari__name": "SuperSafari" 7}
if the vendor is chrome this compiles to:
1{ 2 "name": "SuperChrome", 3}
Add keys to multiple vendors by seperating them with | in the prefix
{
__chrome|opera__name: "SuperBlink"
}
if the vendor is chrome or opera, this compiles to:
{
"name": "SuperBlink"
}
Why are you not using mozillas web-ext package?
webpack-webextension-pluginshould work for every browser in the same way.web-extonly works with Chrome and Firefox. You should definitely still check it out.
Links
License
Copyright 2018 Henrik Wenz
This project is free software released under the MIT license.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
1 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 13 commits out of 21 are checked with a SAST tool
Reason
9 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 7
Reason
dependency not pinned by hash detected -- score normalized to 5
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/webextension-toolbox/webpack-webextension-plugin/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/webextension-toolbox/webpack-webextension-plugin/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/webextension-toolbox/webpack-webextension-plugin/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/webextension-toolbox/webpack-webextension-plugin/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/webextension-toolbox/webpack-webextension-plugin/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/webextension-toolbox/webpack-webextension-plugin/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/webextension-toolbox/webpack-webextension-plugin/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/webextension-toolbox/webpack-webextension-plugin/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/webextension-toolbox/webpack-webextension-plugin/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/webextension-toolbox/webpack-webextension-plugin/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/webextension-toolbox/webpack-webextension-plugin/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/webextension-toolbox/webpack-webextension-plugin/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/webextension-toolbox/webpack-webextension-plugin/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/webextension-toolbox/webpack-webextension-plugin/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/webextension-toolbox/webpack-webextension-plugin/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/webextension-toolbox/webpack-webextension-plugin/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/webextension-toolbox/webpack-webextension-plugin/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/webextension-toolbox/webpack-webextension-plugin/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/webextension-toolbox/webpack-webextension-plugin/release.yml/main?enable=pin
- Info: 0 out of 16 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 3 third-party GitHubAction dependencies pinned
- Info: 6 out of 6 npmCommand dependencies pinned
Reason
Found 3/12 approved changesets -- score normalized to 2
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:28
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:29
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact 3.3.1 not signed: https://api.github.com/repos/webextension-toolbox/webpack-webextension-plugin/releases/136135926
- Warn: release artifact 3.2.1 not signed: https://api.github.com/repos/webextension-toolbox/webpack-webextension-plugin/releases/127063108
- Warn: release artifact 3.1.0 not signed: https://api.github.com/repos/webextension-toolbox/webpack-webextension-plugin/releases/108404091
- Warn: release artifact 3.0.0 not signed: https://api.github.com/repos/webextension-toolbox/webpack-webextension-plugin/releases/95419847
- Warn: release artifact 2.1.3 not signed: https://api.github.com/repos/webextension-toolbox/webpack-webextension-plugin/releases/68599698
- Warn: release artifact 3.3.1 does not have provenance: https://api.github.com/repos/webextension-toolbox/webpack-webextension-plugin/releases/136135926
- Warn: release artifact 3.2.1 does not have provenance: https://api.github.com/repos/webextension-toolbox/webpack-webextension-plugin/releases/127063108
- Warn: release artifact 3.1.0 does not have provenance: https://api.github.com/repos/webextension-toolbox/webpack-webextension-plugin/releases/108404091
- Warn: release artifact 3.0.0 does not have provenance: https://api.github.com/repos/webextension-toolbox/webpack-webextension-plugin/releases/95419847
- Warn: release artifact 2.1.3 does not have provenance: https://api.github.com/repos/webextension-toolbox/webpack-webextension-plugin/releases/68599698
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Score
4.5
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More