[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

JSON Alexander

Version 1.0.5 View in Chrome Web Store

Last scanned: about 5 hours ago

Extension Details

Developer: wesbos.com

Rating: 5.0 ★ (8 ratings)

Users: 841

Context-Aware Verdict

MEDIUM

Overall Risk

Trust Factors:

The extension is developed by wesbos.com, which appears to be associated with Wes Bos, a well-known web developer and educator in the JavaScript community. This adds some credibility to the extension. However, the very low user count (841 users) and limited number of ratings (8 reviews) suggest this is a niche tool with minimal widespread adoption. The perfect 5.0 rating is positive but based on a very small sample size.

Concerns:

The primary concern is the broad content script injection capability across all URLs, which is excessive for a JSON formatting tool. This permission allows the extension to access and potentially modify content on every website you visit, including sensitive sites like banking or email platforms. While the storage permission is reasonable for saving user preferences, the combination with universal site access creates unnecessary risk exposure.

Recommendations:

Consider running this extension in a separate Chrome profile dedicated to development work to limit exposure of your personal browsing data. Before installation, verify this is indeed the official extension from Wes Bos by checking his official website. Monitor the extension's behavior and disable it when not actively working with JSON data. Alternative JSON formatting tools with more restrictive permissions or standalone applications might provide similar functionality with reduced security risk.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Raw Manifest

{
  "name": "JSON Alexander",
  "icons": {
    "16": "icons/icon16.png",
    "48": "icons/icon48.png",
    "128": "icons/icon128.png"
  },
  "version": "1.0.5",
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Believe it or not, George formats JSON",
  "permissions": [
    "storage"
  ],
  "content_scripts": [
    {
      "js": [
        "content.js"
      ],
      "css": [
        "content.css"
      ],
      "run_at": "document_end",
      "matches": [
        "<all_urls>"
      ]
    }
  ],
  "manifest_version": 3,
  "web_accessible_resources": [
    {
      "matches": [
        "<all_urls>"
      ],
      "resources": [
        "page-script.js",
        "pointer-32.png",
        "content.css"
      ]
    }
  ],
  "browser_specific_settings": {
    "gecko": {
      "id": "json-alexander@local"
    }
  }
}

by ✦ Astarte

JSON Alexander

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Embedded URLs (1 total):

Raw Manifest

Detections

Manifest Findings