The extension has a solid user base of 60,000 users and maintains a good rating of 4.4 stars from 139 reviews, indicating general user satisfaction. The name "Yet Another REST Client" clearly describes its purpose as an API testing tool, and it has an associated website, which adds some legitimacy. However, the developer information is minimal, providing limited transparency about the company or individual behind the extension.
The primary concern is the combination of broad host permissions (<all_urls>) with clipboard write access, creating a potentially dangerous attack surface. While these permissions may be necessary for a REST client to function across different APIs and copy response data, they also enable the extension to access any website you visit and modify your clipboard contents. The unlimited storage permission, while less critical, could be used to store large amounts of potentially sensitive data from API responses.
Given the high-risk permission combination, consider running this extension in a separate Chrome profile dedicated to development work. This isolates it from your personal browsing and sensitive accounts. Before installation, verify the extension's legitimacy by checking its official website and reviews for any security concerns. Monitor your clipboard contents when using the extension, and consider using alternative REST clients with more limited permissions if this extension's functionality can be replaced. Regularly review what data the extension has stored and clear it if no longer needed.
| http://yet-another-rest-client.com | https://github.com/paulhitz/angular-bootstrap-file-field#master | |
| https://chrome.google.com/webstore/detail/yarc-yet-another-rest-cli/ehafadccdcdedbhcbddihehiodgcddpl | https://chrome.google.com/webstore/detail/yarc-yet-another-rest-cli/ehafadccdcdedbhcbddihehiodgcddpl/reviews | |
| https://chrome.google.com/webstore/detail/yarc-yet-another-rest-cli/ehafadccdcdedbhcbddihehiodgcddpl/support | https://developer.chrome.com/apps/storage#properties | |
| https://npmjs.org/browse/keyword/karma-adapter | https://npmjs.org/browse/keyword/karma-preprocessor | |
| https://npmjs.org/browse/keyword/karma-reporter | https://npmjs.org/browse/keyword/karma-launcher | |
| http://angularjs.org | https://errors.angularjs.org/1.8.3/ | |
| http://msdn.microsoft.com/en-us/library/ie/cc196988 | http://www.ecma-international.org/ecma-262/5.1/#sec-15.4.4.18 | |
| https://lodash.com/docs/4.17.4#merge | https://developer.mozilla.org/docs/Web/API/Blob | |
| https://developer.mozilla.org/docs/Web/API/MediaStream | https://developer.mozilla.org/docs/Web/API/CanvasGradient | |
| http://jsperf.com/isobject4 | https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/isFinite | |
| https://www.npmjs.com/package/iserror | http://docs.closure-library.googlecode.com/git/local_closure_goog_string_string.js.source.html#line1021 | |
| https://developer.mozilla.org/docs/Web/API/File | https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Map | |
| https://developer.mozilla.org/docs/Web/API/ImageData | https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Set | |
| https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/WeakMap | https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Functions/get | |
| https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Functions/set | http://en.wikipedia.org/wiki/Partial_application | |
| http://en.wikipedia.org/wiki/Currying#Contrast_with_partial_function_application | https://github.com/angular/angular.js/pull/14221 | |
| http://www.ietf.org/rfc/rfc3986.txt | http://tools.ietf.org/html/rfc3986: | |
| https://jquery.com/upgrade-guide/3.5/ | http://jsperf.com/object-create2 | |
| http://jsperf.com/proto-map-lookup/2 | http://jsperf.com/for-in-vs-object-keys2 | |
| http://jquery.com | http://api.jquery.com/jQuery/ | |
| http://api.jquery.com/addClass/ | http://api.jquery.com/after/ | |
| http://api.jquery.com/append/ | http://api.jquery.com/attr/ | |
| http://api.jquery.com/bind/ | http://api.jquery.com/on/ | |
| http://api.jquery.com/children/ | http://api.jquery.com/clone/ | |
| http://api.jquery.com/contents/ | http://api.jquery.com/css/ | |
| http://api.jquery.com/data/ | http://api.jquery.com/detach/ | |
| http://api.jquery.com/empty/ | http://api.jquery.com/eq/ | |
| http://api.jquery.com/find/ | http://api.jquery.com/hasClass/ | |
| http://api.jquery.com/html/ | http://api.jquery.com/next/ | |
| http://api.jquery.com/off/ | http://api.jquery.com/one/ | |
| http://api.jquery.com/parent/ | http://api.jquery.com/prepend/ | |
| http://api.jquery.com/prop/ | http://api.jquery.com/ready/ | |
| http://api.jquery.com/remove/ | http://api.jquery.com/removeAttr/ | |
| http://api.jquery.com/removeClass/ | http://api.jquery.com/removeData/ | |
| http://api.jquery.com/replaceWith/ | http://api.jquery.com/text/ | |
| http://api.jquery.com/toggleClass/ | http://api.jquery.com/triggerHandler/ | |
| http://api.jquery.com/unbind/ | http://api.jquery.com/val/ | |
| http://api.jquery.com/wrap/ | https://github.com/angular/angular.js/issues/14251 | |
| http://docs.angularjs.org/api/angular.element | http://www.quirksmode.org/js/events_mouse.html#link8 | |
| http://jsperf.com/string-indexof-vs-split | https://kangax.github.io/compat-table/es6/#test-Map |
{ "name": "Yet Another REST Client", "icons": { "16": "img/logo_16x16.png", "48": "img/logo_48x48.png", "128": "img/logo_128x128.png" }, "action": { "default_icon": { "19": "img/logo_19x19.png", "38": "img/logo_38x38.png" } }, "author": "Paul Hitz", "version": "1.3.0", "incognito": "split", "background": { "service_worker": "extension/background.js" }, "short_name": "YARC", "update_url": "https://clients2.google.com/service/update2/crx", "description": "YARC (Yet Another REST Client) is an easy-to-use REST Client. Use it to develop, test and debug RESTful APIs.", "permissions": [ "clipboardWrite", "storage", "unlimitedStorage" ], "host_permissions": [ "<all_urls>" ], "manifest_version": 3 }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.