Extension Details
Context-Aware Verdict
The extension has a perfect 5.0 rating, though based on only 3 reviews, which limits reliability. With 1,000 users, it has modest adoption but lacks widespread validation. The developer domain "freyama.de" appears to be an individual developer rather than an established company, which reduces institutional trust. The extension's purpose of displaying GitHub user languages is legitimate and aligns with its requested permissions.
The extension requests access to GitHub's API and a third-party repository for color data, which is appropriate for its functionality but creates dependency on external services. The storage permission allows local data retention, which could potentially store user information or browsing patterns. The content script injection on all GitHub pages provides broad access to user activity on the platform. The limited number of reviews makes it difficult to assess real-world performance and trustworthiness.
Given the medium risk level, consider running this extension in a separate Chrome profile if you frequently work with sensitive GitHub repositories or organizational accounts. Monitor what data the extension might be storing locally through Chrome's developer tools. Verify the extension's behavior matches its stated purpose of showing programming languages. Consider whether the functionality provided justifies the GitHub access permissions, especially if you work with private repositories.
Findings
Security Analysis Details
Required Permissions:
- storage
Host Permissions:
- https://api.github.com/
- https://raw.githubusercontent.com/ozh/github-colors/master/colors.json
Embedded URLs (12 total):
| https://www.chartjs.org | https://github.com/kurkle/color#readme | |
| https://api.github.com/user | https://github.com/settings/tokens/new?description=GitHub%20User%20Languages&scopes=repo | |
| http://schema.org/Person | https://github.com/ | |
| https://raw.githubusercontent.com/ozh/github-colors/master/colors.json | https://api.github.com | |
| https://clients2.google.com/service/update2/crx | https://api.github.com/ | |
| https://fonts.googleapis.com/css?family=Lato | https://github.com/freyamade/github-user-languages/raw/master/img/logotype_horizontal.png |
Raw Manifest
{ "name": "GitHub User Languages", "icons": { "128": "images/github-user-languages.128.png" }, "action": { "default_icon": "images/github-user-languages.128.png", "default_popup": "popup.html" }, "author": "freyamade", "version": "1.1.0", "short_name": "github-user-languages", "update_url": "https://clients2.google.com/service/update2/crx", "description": "See the language usage breakdown of a User or Org right on their GitHub profile page.", "permissions": [ "storage" ], "content_scripts": [ { "js": [ "js/vendor.js", "js/content_script.js" ], "matches": [ "https://github.com/*" ] } ], "host_permissions": [ "https://api.github.com/", "https://raw.githubusercontent.com/ozh/github-colors/master/colors.json" ], "manifest_version": 3 }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.