Momentum
🔍 Security Report Available View on Chrome Web StoreChrome will indicate if you already have this installed.
Overview
⭐ Featured in Tim Ferriss’ Tools of Titans, The Wall Street Journal, Apple Worldwide Developer Conference, Product Hunt, Lifehacker, and so much more ⭐
💙 FREE features
🌊 Feel inspired with a new background, mantra and quote each day
🌊 Focus better with Focus Mode
🌊 Simplify work and life with easy to-do lists
🌊 Create shortcuts to your favorite websites
🌊 Get local weather info
🌊 Google/Bing and other search options on your dashboard
🌊 Customizable (Show/hide features as you like!)
🌊 Private and secure (We don’t share or sell your data!)
⭐ Join over 3 million inspired users ⭐
Note: For the best experience, after installing Momentum click the ‘Keep it’ button on the ‘Change back to Google’ notification. This will show Momentum on each new tab as intended. 🙂
Want more Momentum?
💙 PLUS features (You can try Plus for FREE once you install the extension!)
🌊 Sustain better focus all day with unlimited Focus Mode
🌊 Create one-of-a-kind vision board
🌊 Vacuum your 107 tabs with Tab Stash
🌊 Write better (and quicker) with Notes AI
🌊 Become an idea machine with Ask AI
🌊 Get in the zone with Soundscapes
🌊 Seamless task manager integrations (ClickUp, Todoist, Asana, etc.)
🌊 Track your habits with Metrics
🌊 Unlimited to-do lists
…And Countdowns, World Clocks, premium weather info (and more!)
🛡️ Privacy & Security
The Momentum team is committed to protecting your privacy. The information we gather or process is used solely for core functionality of Momentum and to improve the quality and security of our service. Your information isn’t and has never been sold to third parties.
For more information on privacy and the security of your data, visit https://momentumdash.com/privacy.
🤍 Help & Contact Resources
Help Center: https://momentumdash.help
Suggestions: https://momentum.nolt.io/
Contact us: https://momentumdash.com/contact
👍 Our Social Media
Blog: https://momentumdash.com/blog
Instagram: https://instagram.com/momentumdash
Tags
Privacy Practices
✓
Not being sold to third parties, outside of the approved use cases
✓
Not being used or transferred for purposes that are unrelated to the item's core functionality
✓
Not being used or transferred to determine creditworthiness or for lending purposes
✅ Version v2.26.1 was recently scanned.
Security Analysis — Momentum
Permissions
Code Patterns Detected
External Connections
Package Contents 770 files · 22.5MB
▾_metadata105KB
verified_contents.json105KB
▾assets6.9MB
▾css498KB
AddMetric-wzT2l6m-.css2KB
AiChatUpsell-DJFB1_-o.css121B
AppActionBanner-DI2ftobJ.css1KB
AppButtonRow-CNGDk2S3.css256B
AppConfirmCancel-BldkjtRd.css820B
AppContainer-Okwrv5EP.css236B
AppContent-CX62HpFc.css1KB
AppDash-w5Ea2t5H.css4KB
AppDashOverlay-C2oU_1L6.css2KB
AppEmpty-D0QAg47r.css376B
AppFilter-ChqU_sC7.css86B
AppHeader-COWjzUE5.css4KB
AppHeaderButton-CjGkIR_f.css620B
AppHeaderControl-B2WuFnb1.css536B
AppInfoBanner-CN65ImCS.css859B
AppLoading-DHYBGgbD.css107B
AppPopup-BhoVDGce.css5KB
AppView-6ipyGnDe.css723B
AppViewSwitchDynamic-BvKRKS9r.css1KB
AutofocusUpsell-B-jTL8Fn.css77B
Background-BDDuw3xG.css2KB
BackgroundScrim-in79AE4E.css405B
BalanceModeUpsell-BY8aALak.css75B
BaseDropdown-hnPsD4xD.css3KB
BaseDropdownConfirmation-DD-P2S_S.css353B
BaseDropdownContent-BdIuirUE.css5KB
BaseDropdownDivider-D_gGM1bq.css163B
BaseDropdownNested-CLfp0f7S.css206B
BaseDropdownOption-CUxw_TrU.css822B
BaseDropdownSelectOption-DqXnhOnZ.css239B
BaseDropdownText-CBvqK3Pp.css556B
BaseForm-CjwIP0GP.css457B
BaseIcon-CTGNQ7GZ.css371B
BaseItemList-UvZaOXTr.css343B
BaseMessage-_MpgJKBr.css613B
BaseMetricsApp-CKuU0H7A.css10KB
BigSearch-l9Wn9uKX.css2KB
CalendarApp-DBEoaNOc.css948B
ChatApp-DiyFFDii.css19KB
CircleIndicator-BLqDnS_I.css204B
Clock-Bmjh628s.css981B
ClockSwitcherDropdown-B00gDdMA.css96B
ColorPicker-CQvZab2t.css7KB
CountdownsUpsell-IUlhfokc.css75B
DashCheckbox-yufeub71.css1017B
DatePicker-BkyszW6i.css1KB
DevPanel-CIyoGUQS.css19KB
FaviconPermission-mvc4c8gP.css308B
FlashMessage-CytW6MQ4.css2KB
Focus-UIhz2u5F.css2KB
FocusContent-D7DAfooN.css2KB
FocusModeDash-C1coXpwW.css686B
FocusModeFocusingView-OLf_898C.css4KB
FocusModeHintsDash-B_ukxUNI.css602B
FocusModeHoverDropdown-DSGhNoEu.css3KB
FocusModeInsightsApp-Gjt6YifN.css16KB
FocusModePipContent-BfpMmvYL.css2KB
FocusModeUpsell-CAk9C6J6.css1KB
FormDays-BRoFWs0c.css1KB
FormEditableSpan-DtGC-JKG.css583B
FormFieldWrapper-DhQDPdZ3.css413B
FormSelectionIconDropdownContent-CMrOZX6u.css1KB
FormToggle-DUKt37kY.css96B
Greeting-DZAbjBLN.css202B
GreetingMantraContainer-CPtqQmmk.css123B
IframeHost-DvFWh4FN.css876B
InlineNumberInput-D0yp2QxM.css872B
LauncherApp-Bl6YMp03.css6KB
Launchpad-CMRE8y1R.css3KB
LinksApp-Do9x3nK0.css4KB
LinksForm-B9Ry9wOm.css2KB
LinksListItem-B3SZhrHp.css4KB
LocationTypeahead-DXTz2-um.css687B
Login-DuksvnY8.css64B
LoginAddPasswordExistingAccount-BmbkF7Gs.css155B
LoginDataCollection-CHJdyOKZ.css494B
LoginInput-Dl-Ud8LM.css1KB
LoginName-B_SY1GJM.css0B
LoginPasswordInput-BhaeJAQu.css99B
LoginProvider-bB2s88-t.css627B
LoginResetPasswordSent-CNv7fMoB.css46B
Mantra-zZksC5W2.css202B
MantrasUpsell-BfknIMJC.css74B
Message-DL9D29mM.css1KB
MetricsUpsell-BqePBRZS.css75B
MockTodo-Br_n25C-.css220B
ModalBox-CTXFbljY.css730B
ModalLayout-Di888OSg.css309B
MultiTodoUpsell-DY0EEZRl.css74B
NotesApp-CWx3HW_I.css13KB
NotesEditor-Dz80adLs.css8KB
NotesEditorLinkPreview--q5_zgpJ.css6KB
NotesUpsell-Co6smMz9.css75B
OAuthButton-BXEODMNm.css542B
OnboardingIntroduction-4KWiPcxx.css1KB
OnboardingTipNotificationIntroduction-Cd6x1Q-Q.css260B
OnboardingUseAccount-qI4axlaA.css251B
OneTimeLogin-CPUDoLrR.css2KB
OverflowCarousel-eEMC8kQU.css7KB
PermissionRequest-D66Ot69n.css2KB
PhotosUpsell-BwGg__C3.css76B
PlanChooserModal-D4Bgsw0m.css3KB
PlusGateUpsell-Bqe9vjM0.css1KB
Pomodoro-mQBfq0uT.css10KB
PomodoroUpsell-CodhuY8G.css78B
Popup-xJC9IA3I.css6KB
QuickNav-Dn2hIe5Z.css2KB
QuicklinksApp-dtquO1XA.css9KB
Quote-3Bq43z61.css2KB
QuotesUpsell-DJHeQ3Dt.css75B
ReleaseUpdateModal-XIQVIidz.css3KB
SafariAccount-b6HVzRwU.css2KB
Schedule-BtF-fDpf.css2KB
SearchProviderDropdown-D9SPdqpC.css2KB
SettingsApp-Bt49W-Dv.css43KB
SetupUnregisteredDashboard-Ci1yUeBa.css1KB
SiteBlockerApp-Bnl_lbYb.css9KB
SiteBlockerUpsell-4Or2oRrF.css76B
SkeletonDiv-DLTHfby6.css389B
Slider-C8Hc8UDL.css893B
SmallSearchApp-Yha_I3Un.css56B
SmoothReflow-BpmNvrA7.css2KB
SortableDirective-Cb1P3eRi.css78B
SoundsApp-BU8YpaQ1.css7KB
SoundsAppDashPlayerControls-DFcCzhmw.css2KB
SoundsAudioCover-BkK0icME.css3KB
SoundsUpsell-on8LNoae.css56B
SurveyIframeModal-DSmM6FCK.css692B
TabGroupsUpsell-aB5uydtQ.css153B
TabStashApp-CiNZOyJ7.css7KB
TabStashUpsell-_KuSJOl2.css78B
TaskCheckbox-DlFjZ8_S.css1KB
TasksApp-Cef1jB9T.css25KB
TasksApp-us98vV8U.css141B
TasksIntegrationConnect-BdPM6R0w.css3KB
TasksIntegrations-C5BZzTr_.css2KB
TeamExpired-DWEo81O1.css516B
TeamFocus-CC9FfZ75.css2KB
ThemesUpsell-Abqy-kpB.css76B
TodoIntegrationsUpsell-BfA9dSGL.css414B
ToggleSwitch-CJxlu7QV.css1KB
Tooltip-BLNsTlQF.css279B
TopicsApp-BoN0yxH5.css3KB
UpgradeModal-dt7KtHLy.css228B
UpgradeModalLayout-Bii67ua3.css5KB
UpsellModal-C9W6W914.css8KB
UpsellModalContainer-xGBlGDHc.css2KB
WeatherApp-DpRcImar.css6KB
WeatherUpsell-B5QHjfxY.css74B
addin-B7YvehCO.css2KB
addin-BUIiiR2p.css14KB
addin-CxFKzqYy.css5KB
addin-D68qkMKk.css262B
addin-V8Bd5j6H.css3KB
addin-d63gIpXH.css23B
addin-q7nCwiop.css5KB
fuzzysort-BtzB4zMK.css734B
index-kIQBmgvV.css4KB
loginStepMixin-BOxpEmsy.css5KB
main-B3qn9DeX.css1KB
main-BU8nVjXj.css437B
main-Bg3GN4Je.css650B
main-BiFCRJa1.css2KB
main-BsYZ-k4m.css32B
main-BzluzCQG.css76B
main-C0fMnrD0.css119B
main-CLmyeSF9.css2KB
main-CjO6Nq6X.css547B
main-Ckj8XRgy.css851B
main-Cslw_nt7.css1KB
main-CxwivNxg.css126B
main-D0idkYZA.css113B
main-D5NH0XT6.css344B
main-DI4dsKJQ.css4KB
main-DK_PyRIJ.css33B
main-DLUOJIdd.css204B
main-DXHbOFyL.css212B
main-DZcga26J.css35B
main-DaH9jdLL.css131B
main-Dnj3f_CE.css4KB
main-DnvoIIGF.css33B
main-DpTneJWx.css2KB
main-WAgy6CHZ.css748B
main-lPVwQxZ2.css1KB
main-zFyHGf8_.css42B
notes-DPkekTr7.css647B
setup-D87DOMAe.css6KB
style-CcQZfKz4.css47KB
▾hbs16KB
item-CiJ4uh-P.hbs4KB
main-BO9XNr-G.hbs7KB
teamlinks-DsvS5VRp.hbs4KB
▾js6.1MB
AddMetric-lKb5xNII.js12KB
AiChatUpsell-B1SY0auu.js2KB
Analytics-Bth-wc9i.js252KBlarge
AnimatableColor-DgtPyADO.js745B
AnimationOptions-DOwNQLRe.js626B
AppActionBanner-CakHK-26.js1021B
AppButtonRow-4fXALsV7.js308B
AppConfirmCancel-CD4jPt4p.js2KB
AppContainer-CHNfDDoK.js2KB
AppContent-3B27xar0.js2KB
AppDash-D-DEDY6g.js3KB
AppDashOverlay-DVqdxXaK.js802B
AppEmpty-j_6znSUu.js933B
AppFilter-BM571KVH.js1KB
AppHeader-p1nVi7oI.js1KB
AppHeaderButton-C-LYl6lQ.js522B
AppHeaderControl-CYSrwe76.js569B
AppInfoBanner-BlrWnjFs.js1KB
AppLoading-DWsYUtJy.js319B
AppPopup-DSiZ86-Y.js10KB
AppView-CMnLD5Gp.js1KB
AppViewSwitchDynamic-BWt42dLm.js1KB
AutofocusUpsell-CP6ZArNR.js3KB
BackboneCollectionSyncState-D8KvTsB6.js183B
Background-D4uwsVu-.js5KB
BackgroundScrim-C2ISkWnB.js2KB
BalanceModeUpsell-CjA0NBzq.js3KB
BaseDropdown-yhRFIeaB.js9KB
BaseDropdownConfirmation-CDhxi0s_.js582B
BaseDropdownContent-CHEbafR2.js8KB
BaseDropdownDivider-CQSejdY2.js226B
BaseDropdownNested-BPKxDxsG.js1KB
BaseDropdownOption-mfuW70DL.js679B
BaseDropdownSelectOption-B-WBY5qZ.js772B
BaseDropdownText-DLv1iC5l.js321B
BaseForm-YuJ43MiM.js4KB
BaseIcon-CXKTNKnI.js817KBlarge
BaseItemList-EiasjfJf.js1KB
BaseMessage-CIVQLVEo.js2KB
BaseMetric-ClLQP9bU.js95B
BaseMetricsApp-vkbIptAx.js44KB
BaseMover-DFNW43Mw.js3KB
BigSearch-DBQUJahY.js5KB
CalendarApp-Dp4MbOX-.js4KB
ChatApp-m_RhAU2h.js1MBlarge
CircleDrawer-BeuQ_cUl.js796B
CircleIndicator-Dy_nhgOg.js2KB
ClickOutside-FCJS1n2F.js2KB
Clock-D9BG3Ryr.js9KB
ClockSwitcherDropdown-BqL48CD6.js2KB
ClubDrawer-Dfp1JXAR.js100B
ColorPicker-UBX_8_Ey.js30KB
ColorThief-D2fh2HQO.js7KB
ColorUpdater-55L66zZL.js894B
Container-bnjgDavu.js53KBlarge
CountdownsUpsell-BTng4jRu.js2KB
CrossTabSyncService-p9Ci55iT.js942B
DashCheckbox-9VWHLqZc.js655B
DataSyncService-CwNn3By3.js62KBlarge
DatePicker-7e9PMnIw.js5KB
DevPanel-BL1REhb-.js117KBlarge
DiamondDrawer-Bm52sDgO.js106B
EmitterInstance-DDM7jLJC.js6KB
Emitters-CoYMSOMv.js3KB
EmittersPlugin-D8s3GjSU.js4KB
EmojiDrawer-K1m-D958.js2KB
ErrorPulseInput-CkNsRuJq.js52B
FavIcon-IhhBKiLx.js1KB
FaviconPermission-lLzTddTN.js2KB
FlashMessage-0u6jmXDS.js27KB
Focus-lVjz8ECY.js8KB
FocusContent-DYkuryn_.js5KB
FocusModeDash-DCGph4XU.js3KB
FocusModeFocusingView-LO7KhNJU.js15KB
FocusModeHintsDash-CSTS4yue.js1KB
FocusModeHoverDropdown-Cn-EUyUX.js2KB
FocusModeInsightsApp-Cf635Qn3.js43KB
FocusModePipContent-konuBpHh.js3KB
FocusModeUpsell-B406HADr.js4KB
FormDays-CH9PnYZU.js3KB
FormEditableSpan-XiOxN6kp.js2KB
FormFieldWrapper-BRDjwtpS.js798B
FormInput-BxaKC2qb.js2KB
FormSelectionIconDropdownContent-BBYBNlIb.js208KBlarge
FormToggle-CsUWSwCY.js647B
Gravatar-Cx4gH226.js386B
Greeting-CPOvwn5Q.js4KB
GreetingMantraContainer-CDFu86CV.js8KB
HeartDrawer-B53xUYFT.js366B
HeartDrawer-BEPAWx57.js102B
IframeHost-BNA8f8Yh.js2KB
IframeMessenger-BgBL4C6o.js2KB
ImageDrawer-DIlv2R_o.js2KB
ImagePreloader-CLFQwLjn.js709B
InlineNumberInput-DwUdeiXe.js2KB
LauncherApp-DKzScSg5.js15KB
Launchpad-BcJFj9Gk.js3KB
LifeUpdater-CMJyzlMM.js2KB
LinksApp-DyrHswNg.js12KB
LinksForm-DemYcDN3.js11KB
LinksListItem-C8SNkT6B.js6KB
LocalStorageStoreSyncedItem-WHVho6V2.js1KB
LocationTypeahead-CHFVHHSP.js4KB
Login-CaIAfaVo.js2KB
LoginAddPasswordExistingAccount-BVPQpP8g.js4KB
LoginChoosePassword-wGzjZlt7.js3KB
LoginDataCollection-D4xAFlBE.js2KB
LoginEmail-SsCD_olE.js3KB
LoginEnterPassword-Dfa0eewO.js3KB
LoginInput-DXAvgvGX.js2KB
LoginName-nmbZjW0M.js2KB
LoginPasswordInput-DzChfANM.js1KB
LoginProvider-CyKtvyy9.js5KB
LoginResetPassword-DKE99TOg.js3KB
LoginResetPasswordSent-Cr9UORvg.js2KB
Mantra-BFOsicU-.js7KB
MantrasUpsell-Ceyxo6wv.js3KB
Message-DxLPlAa8.js3KB
MetricsUpsell-D4j19-L6.js2KB
MobileBlur-B2s9dLKD.js567B
MockTodo-D5rjSKYr.js2KB
ModalBox-C0mQ9Tn3.js703B
ModalLayout-BmDdg-ak.js330B
MotionInstance-BeadFcXk.js1KB
MotionPlugin-oYmXl7-H.js1KB
MultiTodoUpsell-Nr19n1Zi.js3KB
NotesApp-BaPxpfKd.js300KBlarge
NotesEditor-D8bXgpvq.js408KBlarge
NotesEditorLinkPreview-7_f3XqHz.js2KB
NotesUpsell-Dhv7irgS.js2KB
OAuthButton-D_EJeeIK.js985B
OnboardingIntroduction-BuCdhDue.js1011B
OnboardingTipNotificationIntroduction-BeqByplH.js2KB
OnboardingUseAccount-GLEyzeP2.js3KB
OneTimeLogin-D_HbPkWY.js7KB
OpacityUpdater-bTXPEeHP.js1012B
OptionsColor-CdURCFrT.js275B
OutOfCanvasUpdater-B4HzR_q_.js6KB
OverflowCarousel-BzObGDhn.js4KB
PermissionRequest-CCsxvVUR.js4KB
PhotosUpsell-BpycTF3Q.js3KB
PlanChooserModal-dEY-MyOY.js4KB
PluginsEnum-BPQfeK7T.js59B
PlusGateUpsell-Bgaw8YrA.js4KB
PolygonDrawer-C1gBtFmB.js630B
PolygonDrawerBase-BmVDmskB.js541B
Pomodoro-DuydSLdH.js25KB
PomodoroTimers-CqOVDo7T.js212B
PomodoroUpsell-C3CD0hkO.js3KB
Popup-Cd16ILgS.js7KB
QuickNav-BQ1R98JG.js3KB
QuicklinksApp-B12C3NyY.js52KBlarge
Quote-BDv6BDSQ.js10KB
QuotesUpsell-C6c-W1B_.js3KB
ReleaseUpdateModal-DnPL1Pmm.js3KB
ResizeSensor-CbMwXXN4.js467B
RollUpdater-DFEX4gvA.js2KB
RotateUpdater-_E0TLeK_.js2KB
SafariAccount-DKjmY9tD.js4KB
Schedule-BNKUx5aS.js8KB
SearchProviderDropdown-B4FRLfTj.js7KB
SettingsApp-4KXe9d_E.js89KBlarge
SettingsTypes-C_Wf2Ybw.js132B
SetupUnregisteredDashboard-DQgg6_Ym.js3KB
ShapeManager-CiPwixXz.js225B
SiteBlockerApp-Cw8xtpze.js34KB
SiteBlockerUnstoppableUpsell-B5DYuPT1.js2KB
SiteBlockerUpsell-CPbvBVMZ.js2KB
SizeUpdater-C8rHnyxv.js898B
SkeletonDiv-BhzkaX5F.js846B
Slider-CR7-v4jw.js3KB
SmallSearchApp-C32UJ0df.js3KB
SmoothReflow-DSco3jOL.js5KB
SoftFocus-DMNLBISK.js360B
SortableDirective-B-iySvMw.js15KB
SoundsApp-B4Sn05ta.js24KB
SoundsAppDashPlayerControls-DHsiWAzJ.js6KB
SoundsAudioCover-6lR4dkax.js2KB
SoundsUpsell-B_His_97.js3KB
SpadeDrawer-Cpp83S73.js102B
SquareDrawer-ONXIKrmf.js164B
StarDrawer-Dz8pCeEV.js813B
SubStepTipsContainer-B1CMnVZT.js1002B
SubscriptionSummary-C6vAGVgi.js2KB
SurveyIframeModal-CEjIifMT.js3KB
TabGroupsUpsell-CA0lLrNX.js2KB
TabLeaderElection-iDFDzTR4.js859B
TabStashApp-anL2onVn.js21KB
TabStashUpsell-Y-0kwmu2.js2KB
TaskCheckbox-LrSQ4o62.js807B
TasksApp-BKThRYZL.js90KBlarge
TasksApp-Dh5ntqTa.js3KB
TasksIntegrationConnect-szYTMisN.js6KB
TasksIntegrations-D73x_YqN.js7KB
TeamExpired-XsMDXdN3.js1KB
TeamFocus-lcgBs8xR.js6KB
ThemesUpsell-CcG8ovzF.js2KB
TiltUpdater-CGIVGoi8.js2KB
TimeframeService-BO0dgWSi.js1KB
TodoIntegrationsUpsell-DcphdJbT.js11KB
ToggleSwitch-DSwcb4Go.js361B
Tooltip-C_4WZyuK.js2KB
TopicsApp-RsFlD03W.js4KB
TriangleDrawer-DYHaOARM.js617B
UpgradeModal-IbwDJ6rd.js4KB
UpgradeModalLayout-BVmHJUp5.js68KBlarge
UpsellModal-B8JaZfl-.js6KB
UpsellModalContainer-ThlEvq1L.js3KB
Utils-CEAqaCTL.js2KB
Utils-QB7K3vnV.js8KB
ValueWithRandom-BfrUlmyW.js452B
ViewState-CSTM5Ygx.js2KB
VueBase-B9UTFmj2.js18KB
WeatherApp-CIIBenK9.js16KB
WeatherUpsell-DKdF4nTG.js2KB
WobbleUpdater-DmEa7x3Q.js2KB
WorldClocksUpsell-B968bcYk.js2KB
_commonjsHelpers-B3K3fdV-.js728B
_plugin-vue2_normalizer-DeUNqxFl.js185B
accessToken-BaaA4PMl.js2KB
addin--oYHSCfA.js34KB
addin-BIxeXwtV.js42KB
addin-BdAWWxW4.js13KB
addin-BpLPFTNB.js12KB
addin-C38aA9uv.js159KBlarge
addin-CdTSFQwS.js44KB
addin-D-C2Vcbp.js44KB
addin-DvWoD2ka.js225B
addin-F82kL3BM.js2KB
addin-jir9R8Hb.js3KB
addins-bBUcWW1h.js2KB
appViewSwitchMixin-BsLJ76Hr.js628B
appZStack-DF_GcZpU.js516B
auth-CbrKDJHU.js3KB
balanceMode-C_nkK8Pc.js745B
biceps-flexed-j_MHIoGD.js2KB
bookmarkUtils-B4VWKqId.js1KB
brain-C2KUafAI.js4KB
calendarEvents-CwiwDQ6N.js4KB
chat-CoZ9lrkr.js8KB
chatViewState-Bcm6h4sZ.js316B
chevron-down-DdbU9YAr.js357B
clocks-BaBqJVJ3.js4KB
compareObjects-R6Hcs7xe.js625B
constants-B33ShIFP.js5KB
constants-BAS7OWvO.js570B
constants-BpVlFj04.js84B
constants-Bt_TxKWw.js457B
constants-DZagThhA.js5KB
constants-KuzCZNtH.js207B
countdowns-Ca2eRRzs.js4KB
devAppsStore-Dp48NYkF.js4KB
devtools-Ck7P5sAx.js13KB
embeddedApp-F3GcE1BV.js289B
enums-Cjnzlsgi.js3KB
errors-ON201dpF.js2KB
experiments-R13ie4U_.js839B
flashMessageMixin-BFt3PEfV.js377B
flashMessageQueue-C_2MrkgU.js2KB
focus-BpX0TUqE.js52KBlarge
focus-mode-CiFI0SL2.js979B
focusFlashMessageHelpers-Bybywf5g.js456B
focusModeInsightsViewState-Cf9SJUXT.js789B
focusModeViewState-KcxXfLRs.js4KB
focusTasks-L26Fhwta.js2KB
focusTodos-C6xMHGdp.js4KB
folder-dOLegByH.js39KB
fuzzysort-Cjyk0PoN.js10KB
globalKeyEventManager-DH18RBml.js2KB
globals-oOWeU47-.js84B
google-BzR3m4L_.js712B
handlebarLoader-xbtIzd6B.js905B
helpers-DxBCNTRK.js650B
hideEventsMixin-C3v17jdv.js462B
icon-alert-CvTfjzCa.js561B
icon-apple-C5SiDrzW.js1KB
icon-back-CVGRa4Uw.js342B
icon-clean-MPyTjW_d.js2KB
icon-close-B2V4_8k4.js769B
icon-confetti-xohZUSEO.js3KB
icon-customize-timers-CyMyH94B.js3KB
icon-down-BiHbKN-t.js218B
icon-easy-access-BZifTR0C.js3KB
icon-edit-ByNkU9hE.js670B
icon-ellipsis-05Xb57My.js424B
icon-error-state-BKQhfBCj.js4KB
icon-fitness-CyxKGPxm.js8KB
icon-flow-5QqmGIWX.js2KB
icon-focused-JrsBbR-K.js4KB
icon-help-BkITjOq4.js2KB
icon-history-wVpy5YVZ.js5KB
icon-hourly-CdMmiQZT.js2KB
icon-infinity-D4yMRoAd.js907B
icon-integrations-Y-aXZTst.js1KB
icon-kanban-Dodqg7y-.js2KB
icon-lock-B0ekkj2F.js530B
icon-log-in-SHibcRW-.js2KB
icon-more-fonts-CcfOY0t4.js3KB
icon-more-lists-Dg-hN7s6.js5KB
icon-next-B4hjdiAA.js603B
icon-percent-schedule-CA5EI9b7.js4KB
icon-personalize-n8qjJGGA.js2KB
icon-personalize-photos-D2M4lLlt.js2KB
icon-photo-match-C2EChNEK.js2KB
icon-pin-DiYArcf9.js485B
icon-plus-XKQ-8Qa8.js598B
icon-profile-B_XWyuTb.js1KB
icon-random-375DbcwF.js1KB
icon-simplify-BRUtLJYp.js2KB
icon-skip-Bd6EhalI.js829B
icon-skip-intro-DxftbRxW.js1KB
icon-soundwave-1t4fD4t_.js10KB
icon-spiral-gh4hwZDD.js2KB
icon-sync-DIH26Y9h.js2KB
icon-timezones-DGZoTtaT.js5KB
icon-trash-B_rJkzlI.js810B
icon-trello-BHTbdBBp.js25KB
icon-visible-on-CM3kpcFN.js2KB
icon-weather-extra-ufLpT_SX.js5KB
icon-x-caret-half-CZtcH_PM.js316B
index-13Ar5mwW.js974B
index-BAUEMOfy.js928B
index-BHmpuJps.js1KB
index-BJv66wvy.js28KB
index-BN6fczDB.js1KB
index-BZNtcZ8_.js1KB
index-BkIr3IW1.js1KB
index-Bo-MpF3z.js7KB
index-BopnGrQy.js891B
index-CA8spcSb.js938B
index-Cpfg3YkG.js3KB
index-CqsGhBwj.js906B
index-CwLHD8Ht.js258B
index-D8kdbIFD.js273B
index-DFhYUdyO.js1018B
index-DRQklqNC.js952B
index-DZ2Gn8Jx.js50KB
index-DcvhOlm5.js10KB
index-DmoqF5GM.js3KB
index-DqH8YfC3.js1017B
index-DtuY2YgX.js945B
index-ItRZmgzM.js277B
index-M13DztAj.js1018B
index-NqBbE_MS.js968B
index-alEC9urD.js1KB
index-eygaGCYu.js905B
index-mivtrFbc.js459B
index-xkPGmchv.js5KB
integration-connect-Clpzay0L.js2KB
internalDataMetrics-tesXcksb.js3KB
legacyImports-CTQ3GQdJ.js151KBlarge
legacyUserMigration-DhJSilv7.js4KB
lib-DRkOfJU3.js158KBlarge
links-BJfo5U8q.js6KB
links-CXdpG7dB.js5KB
linksViewState-Ce8TjKIc.js438B
login-DIu8829l.js5KB
loginStepMixin-DtW-pmip.js4KB
logo-white-B6YRYJ5A.js45B
main-BAUrGUuP.js22KB
main-BBXTx3-T.js3KB
main-BCr6D9oU.js5KB
main-BD8Flar1.js1KB
main-BFHlVovr.js10KB
main-BFWyPP75.js4KB
main-BGjRt2Me.js8KB
main-BI9_z6Xb.js6KB
main-BcNP4R8s.js10KB
main-BcpTDT-a.js7KB
main-BjFM6kKl.js3KB
main-BmEw5Mx2.js3KB
main-C-seAjNs.js4KB
main-CNb9yxri.js8KB
main-CcoQY9AS.js889B
main-CjvPIbBL.js5KB
main-D3_vC5V6.js4KB
main-DC8MxlmZ.js5KB
main-DCEAOPza.js2KB
main-DEIKAkzn.js742B
main-DGBb1l_1.js1KB
main-DJj9Ee9g.js11KB
main-DOxh2zK_.js5KB
main-DS5GrQYV.js633B
main-DggM1g6v.js919B
main-DsFVUI49.js709B
main-Dsl-YWOh.js2KB
main-Dvnw5P4M.js13KB
main-K1VU3HCd.js12KB
main-YDoFpLuB.js9KB
main-YJrO1yK5.js8KB
main-ggMQRx-4.js8KB
main-ijRhTfvG.js4KB
main-vvtIqynz.js2KB
main-zU4M7wE3.js5KB
metrics-C-xI952i.js6KB
migrateLegacyUserMessageHandler-CNATLQJ5.js1KB
modal-CIO5dKHP.js2KB
modal-DaKTVB0V.js926B
modalDevPanelManager-Ck0pDeh8.js3KB
notes-Yi0pwSBU.js275KBlarge
notesViewState-Bk6avTio.js136B
object-DO8B805O.js4KB
offscreenDocument-IqK09qf8.js312B
onSortableUpdate-D1gJ07N0.js531B
onboarding-70F3qe1m.js3KB
onboarding-C4PiASeV.js71KBlarge
oneTimeLoginService-iOSHgGP_.js1KB
partner-fdTNdZiM.js88B
persistStore-B1dYTBu9.js1KB
plusStatusBanner-BOGpiTJN.js3KB
pomodoro-circle-Dx_GWql1.js344B
pomodoroCompleted-QZj3-h1G.js15KB
promisifiedChrome-DHXjD8yk.js3KB
reactiveCustomization-C8m76Wog.js2KB
search-C1BJRrrp.js1KB
secure-B8YP-AML.js6KB
settings-CoTWK1ad.js320B
settingsViewState-CIfOJ1ET.js860B
setup-B-1q3SzP.js12KB
showAnyway-jizhV7Zt.js342B
siteBlocker-Df3tmiyU.js7KB
siteBlockerGroups-qxe7J6BP.js6KB
siteBlockerSession-9cONqYzW.js5KB
siteBlockerViewState-D1yy3ZQY.js487B
soundsPlayer-DF1rANZg.js27KB
soundsViewState-t3AstCVz.js590B
ssoHelpers-BRxa3EAq.js1KB
state-BNrnx1LZ.js4KB
state-CJXZk44z.js237B
state-CZWOakU_.js227B
storage-BXJgRwEP.js529B
streaks-evJ9Y3Fr.js1KB
style-DXSj_q9I.js939B
switch-Cof0IL7x.js1KB
tabs-CByLza2W.js11KB
tabs-ClNc1man.js532B
tabsViewState-D9gXrYCQ.js386B
tasks-completed-Dr1pK0wN.js4KB
tasksMigration-oy9-Z7Zl.js11KB
tasksMockData-C5HKP-dT.js146B
tasksViewState-DxDeoG3a.js323B
todoDataMetrics-BMA5oWul.js1KB
tokenSwitcher-BANxbgqq.js66B
upgrade-GmmXHmti.js700B
upgrade-tiles-overview-BFXyrDYQ.js73B
useAllComponentsMounted-Mgrx68aE.js1KB
useAppToggle-BrtJ8oSL.js643B
useSharedProps-BuOfr31S.js156B
v-style-DG8DB1i7.js172B
visibility-D0yLVay0.js1003B
▾png112KB
logo-accuweather-BrOG6cnu.png5KB
overlay-focus-B8x3zXyx.png19KB
overlay-vignette-D_W-diHy.png88KB
▾svg178KB
binaural-BePYHcfh.svg6KB
bing-D5elyj4R.svg6KB
bug-6-ryEzMV.svg5KB
building-CulE59kf.svg4KB
center-below-calendar-BFCAO6pg.svg4KB
cloud-sun-5AEBQRLW.svg4KB
cloud-sun-rain-B6iDGe9r.svg5KB
coffeemaker-n7k5K8du.svg4KB
creek-Cq_Q676z.svg4KB
duckduckgo-Bufp3z3v.svg6KB
icon-happy-place-obVywdew.svg4KB
icon-more-functionality-DiRDfH3p.svg6KB
icon-spiral-OjXjVIoT.svg6KB
not-today-rhp4grOf.svg4KB
ocean-bubbles-C1ONtaZ5.svg4KB
palm-tree-island-sun-CNKJmE08.svg5KB
sparks-DbojhaV5.svg4KB
star-rating-CIfRQydz.svg5KB
sun-Czv3Ab7z.svg5KB
sun-medium-B7Z2VpwC.svg4KB
sun-moon-D2MqZTQt.svg6KB
sun-snow-Dl1GDCjq.svg4KB
sunrise-BhC_uFB4.svg4KB
sunset-C_CzotA5.svg4KB
thanks-CVq8T2Fm.svg9KB
upgrade-tiles-overview-BcY8zPN-.svg42KB
waves-7yTcclm0.svg4KB
waves-birds-CukBCcHi.svg5KB
white-noise-B4TkEvfI.svg6KB
▾backgrounds12MB
08b89e75-c03a-41aa-9cb6-d3dd822cdfbe.jpg326KB
1c4fd43d-e3ca-4dfb-a891-e14ba5af01ea.jpg396KB
201ef627-c78f-4c96-91ae-8fa0adb09346.jpg446KB
3068befa-45dd-491c-a506-66b86a5c65f4.jpg472KB
31fcda47-100b-42e1-a513-c6aa09c3b2dd.jpg240KB
3ad1de40-4785-4e31-bd98-be80575c5553.jpg363KB
4b71326f-9007-4519-8e02-8f789caaad6e.jpg714KB
4d1cd7aa-1b6f-49a0-8e0b-b65c73a53ad8.jpg583KB
4ea1221c-78f0-4952-a3c6-f16acb33b57f.jpg423KB
4f250311-39cb-4aff-9050-87eb462f7f08.jpg1.1MB
5740fe48-d74e-4d95-8ec7-8c1f738cabc0.jpg544KB
6375bb99-9cac-42ff-8f4d-270505fdd1ba.jpg614KB
68db4265-fa19-408a-81bc-d8ebed6537db.jpg270KB
7efb1557-cf57-4ae3-b07a-ec2175679d1c.jpg555KB
8625d9f3-c059-4dc6-b915-37bb5ea7e6a3.jpg571KB
92c873f2-835d-437c-b08f-2332adf19f00.jpg445KB
969d71e6-2126-4313-a5d7-9a28ebc78837.jpg479KB
9b5ad3aa-31a8-473c-86da-cecd53eca8e6.jpg205KB
ba77f3db-1701-49a7-bd67-4f98edd92747.jpg607KB
backgrounds.json9KB
bc02cd92-13e1-4bc3-8020-b0acf5c80880.jpg643KB
c16b3483-3f6a-433b-acdf-f5ded8beba79.jpg590KB
d6e0923c-8f38-4727-99f2-fd104ecce5da.jpg554KB
f72e1572-c291-48ac-b45c-6d8a5c1a15c0.jpg428KB
ff33de87-2620-48bb-87f4-9c77b221ac08.jpg684KB
▾content-scripts4KB
momoSiteInterop.js2KB
siteBlocker.js2KB
▾font934KB
Bitter-Variable.woff2109KB
BricolageGrotesque-Variable.woff2200KB
Fredoka-Variable.woff284KB
Geist-Variable.woff262KB
GeistMono-Variable.woff260KB
Outfit-Variable.woff244KB
Pretendard-Variable.woff2285KB
SpaceGrotesk-Variable.woff248KB
classic.svg3KB
cute.svg7KB
future.svg3KB
icons.woff24KB
meteocons.woff25KB
modern.svg5KB
neutral.svg4KB
quirky.svg5KB
retro.svg3KB
writer.svg4KB
▾icons204KB
categories.json57KB
tags.json147KB
▾img2.1MB
▾icon2KB
down-light.svg129B
down.svg129B
grid.png1023B
links-fallback.svg415B
▾meta600KB
▾screenshot234KB
narrow.jpeg48KB
wide.jpeg186KB
apple-touch-icon.png20KB
icon-128.png14KB
icon-16.png712B
icon-192.png28KB
icon-32.png2KB
icon-48.png3KB
icon-512.png167KB
icon-maskable-32.png1KB
icon-maskable-512.png130KB
▾release691KB
calendar-sounds-two-point-one-icons.png183KB
focus-mode-one-point-two.png227KB
site-blocker.png108KB
unstoppable-mode.png174KB
▾sounds805KB
beach.jpg46KB
binaural.jpg118KB
cafe.jpg34KB
campfire.jpg58KB
creek.jpg72KB
forest.jpg109KB
garden.jpg76KB
noise.jpg86KB
ocean.jpg50KB
office.jpg40KB
rainfall.jpg52KB
thunderstorm.jpg40KB
train.jpg26KB
loading.svg568B
logo-small.svg907B
logo-white-small.svg487B
logo-white.svg553B
logo.svg681B
▾sounds102KB
pomo-done.mp325KB
pomo-start.mp318KB
pomo-stop.mp319KB
silence.mp340KB
LICENSES.txt137KB
index.html2KB
loading.html731B
manifest.json2KB
offscreenDocument.html531B
pwaManifest.json2KB
serviceWorker.js135KBlarge
site-blocker.html841B
Here is the comprehensive security report in JSON format:
``
"legitimate_use": "Legitimate extensions often use iframes for updating their UI or injecting custom content, but this should be done with caution due to potential security risks.",
"concern": false
}
],
"recommendations": [
{
"title": "Use secure encryption methods",
"description": "Replace weak encryption algorithms with secure ones to prevent data breaches and ensure user confidentiality."
},
{
"title": "Avoid hardcoded secrets",
"description": "Remove hardcoded values for secret keys or tokens and use a secure method of storing sensitive data instead."
},
{
"title": "Use secure event listeners",
"description": "Use secure event listeners to capture keyboard events, form inputs, and other user interactions to prevent potential security vulnerabilities."
}
]
}
Note: The above findings are based on the provided code snippet and may not reflect the actual implementation of the extension.
``
json
{
"summary": "Momentum is a productivity extension that helps users stay focused, organized, and motivated. It provides features such as daily backgrounds, mantras, and quotes, focus mode, to-do lists, shortcuts, and customizable dashboard. With over 2 million users, it's a popular choice for those seeking to boost their productivity.",
"permissions": [
{
"name": "offscreen",
"user_explanation": "Allows the extension to run in the background even when the browser is closed.",
"technical_note": "Provides access to Chrome's off-screen rendering API, enabling the extension to continue running and updating its UI even when the browser is not visible.",
"aligned": true,
"concern": false
},
{
"name": "unlimitedStorage",
"user_explanation": "Allows the extension to store an unlimited amount of data on your device.",
"technical_note": "Provides access to Chrome's storage API, enabling the extension to store and retrieve large amounts of user data, including settings, preferences, and cached content.",
"aligned": false,
"concern": true
},
{
"name": "idle",
"user_explanation": "Allows the extension to detect when you're idle (not actively using your browser).",
"technical_note": "Provides access to Chrome's idle detection API, enabling the extension to monitor and respond to changes in user activity.",
"aligned": true,
"concern": false
},
{
"name": "bookmarks",
"user_explanation": "Allows the extension to read and modify your bookmarks.",
"technical_note": "Provides access to Chrome's bookmark API, enabling the extension to create, update, and delete bookmarks on behalf of the user.",
"aligned": false,
"concern": true
},
{
"name": "tabs",
"user_explanation": "Allows the extension to read and modify your open tabs.",
"technical_note": "Provides access to Chrome's tab API, enabling the extension to create, update, and delete tabs on behalf of the user.",
"aligned": false,
"concern": true
},
{
"name": "sessions",
"user_explanation": "Allows the extension to read and modify your browsing sessions.",
"technical_note": "Provides access to Chrome's session API, enabling the extension to create, update, and delete browsing sessions on behalf of the user.",
"aligned": false,
"concern": true
},
{
"name": "topSites",
"user_explanation": "Allows the extension to read your frequently visited websites.",
"technical_note": "Provides access to Chrome's top sites API, enabling the extension to retrieve and display a list of frequently visited websites on behalf of the user.",
"aligned": true,
"concern": false
},
{
"name": "favicon",
"user_explanation": "Allows the extension to read and modify your website icons (favicons).",
"technical_note": "Provides access to Chrome's favicon API, enabling the extension to create, update, and delete favicons on behalf of the user.",
"aligned": false,
"concern": true
},
{
"name": "scripting",
"user_explanation": "Allows the extension to execute scripts in your browser.",
"technical_note": "Provides access to Chrome's scripting API, enabling the extension to inject and execute JavaScript code on behalf of the user.",
"aligned": false,
"concern": true
},
{
"name": "alarms",
"user_explanation": "Allows the extension to set alarms and notifications.",
"technical_note": "Provides access to Chrome's alarm API, enabling the extension to schedule and display notifications on behalf of the user.",
"aligned": true,
"concern": false
},
{
"name": "notifications",
"user_explanation": "Allows the extension to display notifications in your browser.",
"technical_note": "Provides access to Chrome's notification API, enabling the extension to create and display notifications on behalf of the user.",
"aligned": true,
"concern": false
},
{
"name": "tabGroups",
"user_explanation": "Allows the extension to read and modify your tab groups.",
"technical_note": "Provides access to Chrome's tab group API, enabling the extension to create, update, and delete tab groups on behalf of the user.",
"aligned": false,
"concern": true
},
{
"name": "search",
"user_explanation": "Allows the extension to read your search history and preferences.",
"technical_note": "Provides access to Chrome's search API, enabling the extension to retrieve and display a list of frequently searched websites on behalf of the user.",
"aligned": false,
"concern": true
}
],
"data_exposure": {
"summary": "Momentum accesses various data on your device, including bookmarks, tabs, sessions, top sites, favicons, and search history. It also sends data to its servers at content.momentumdash.com, api.momentumdash.com, momentumdash.com, and other domains.",
"technical": "The extension makes XHR requests to the following domains: www.w3.org, content.momentumdash.com, api.momentumdash.com, momentumdash.com, get.momentumdash.help, www.momentumdash.com, account.momentumdash.com, github.com, pinia.vuejs.org, app.posthog.com, momentumdash.typeform.com, moda.sh. It also uses the Fetch API to make requests to these domains."
},
"findings": [
{
"title": "Function constructor used — dynamic code execution",
"severity": "medium",
"user_explanation": "The extension uses a function constructor to execute dynamic code, which can potentially lead to security vulnerabilities.",
"technical_detail": "The extension injects JavaScript code using the function constructor, enabling it to dynamically create and execute functions. This can be used for legitimate purposes such as injecting custom scripts or updating the extension's functionality.",
"legitimate_use": "Legitimate extensions often use function constructors to inject custom scripts or update their functionality.",
"concern": false
},
{
"title": "Dynamic JS import",
"severity": "medium",
"user_explanation": "The extension dynamically imports JavaScript modules, which can potentially lead to security vulnerabilities.",
"technical_detail": "The extension uses the import() function to dynamically load and execute JavaScript modules. This can be used for legitimate purposes such as loading custom scripts or updating the extension's functionality.",
"legitimate_use": "Legitimate extensions often use dynamic imports to load custom scripts or update their functionality.",
"concern": false
},
{
"title": "innerHTML assignment — potential XSS vector",
"severity": "medium",
"user_explanation": "The extension assigns innerHTML values, which can potentially lead to cross-site scripting (XSS) vulnerabilities.",
"technical_detail": "The extension uses the innerHTML property to assign values to HTML elements. This can be used for legitimate purposes such as updating the extension's UI or injecting custom content.",
"legitimate_use": "Legitimate extensions often use innerHTML assignments to update their UI or inject custom content.",
"concern": false
},
{
"title": "insertAdjacentHTML — potential XSS",
"severity": "medium",
"user_explanation": "The extension uses insertAdjacentHTML, which can potentially lead to cross-site scripting (XSS) vulnerabilities.",
"technical_detail": "The extension uses the insertAdjacentHTML method to inject HTML content into elements. This can be used for legitimate purposes such as updating the extension's UI or injecting custom content.",
"legitimate_use": "Legitimate extensions often use insertAdjacentHTML to update their UI or inject custom content.",
"concern": false
},
{
"title": "String.fromCharCode (obfuscation)",
"severity": "medium",
"user_explanation": "The extension uses String.fromCharCode, which can be used for obfuscation and potentially lead to security vulnerabilities.",
"technical_detail": "The extension uses the String.fromCharCode method to convert character codes into strings. This can be used for legitimate purposes such as encoding data or updating the extension's functionality.",
"legitimate_use": "Legitimate extensions often use String.fromCharCode for encoding data or updating their functionality.",
"concern": false
},
{
"title": "charCodeAt (obfuscation)",
"severity": "medium",
"user_explanation": "The extension uses charCodeAt, which can be used for obfuscation and potentially lead to security vulnerabilities.",
"technical_detail": "The extension uses the String.prototype.charCodeAt method to retrieve character codes from strings. This can be used for legitimate purposes such as encoding data or updating the extension's functionality.",
"legitimate_use": "Legitimate extensions often use charCodeAt for encoding data or updating their functionality.",
"concern": false
},
{
"title": "unescape (deprecated obfuscation)",
"severity": "medium",
"user_explanation": "The extension uses unescape, which is a deprecated method and can potentially lead to security vulnerabilities.",
"technical_detail": "The extension uses the unescape function to decode escaped characters. This method has been deprecated in modern browsers due to potential security risks.",
"legitimate_use": "Legitimate extensions often use unescape for decoding data or updating their functionality, but this should be avoided due to its deprecation and potential security risks.",
"concern": true
},
{
"title": "Captures keystrokes",
"severity": "critical",
"user_explanation": "The extension captures keystrokes, which can potentially lead to significant security vulnerabilities.",
"technical_detail": "The extension uses the document.addEventListener method to capture keyboard events and retrieve keystroke data. This can be used for legitimate purposes such as updating the extension's functionality or injecting custom content.",
"legitimate_use": "Legitimate extensions often use key event listeners to update their functionality or inject custom content, but this should be done with caution due to potential security risks.",
"concern": true
},
{
"title": "Monitors form inputs",
"severity": "medium",
"user_explanation": "The extension monitors form inputs, which can potentially lead to security vulnerabilities.",
"technical_detail": "The extension uses the document.addEventListener method to capture form input events and retrieve data. This can be used for legitimate purposes such as updating the extension's functionality or injecting custom content.",
"legitimate_use": "Legitimate extensions often use form event listeners to update their functionality or inject custom content, but this should be done with caution due to potential security risks.",
"concern": false
},
{
"title": "Potential hardcoded secret",
"severity": "medium",
"user_explanation": "The extension contains a potential hardcoded secret, which can potentially lead to security vulnerabilities.",
"technical_detail": "The extension uses a hardcoded value for a secret key or token. This should be avoided due to potential security risks and replaced with a secure method of storing sensitive data.",
"legitimate_use": "Legitimate extensions often use hardcoded values for testing purposes, but this should be removed in production code due to potential security risks.",
"concern": true
},
{
"title": "Weak cryptographic algorithm",
"severity": "medium",
"user_explanation": "The extension uses a weak cryptographic algorithm, which can potentially lead to security vulnerabilities.",
"technical_detail": "The extension uses a weak encryption method for storing or transmitting sensitive data. This should be replaced with a secure encryption algorithm due to potential security risks.",
"legitimate_use": "Legitimate extensions often use weak encryption methods for testing purposes, but this should be removed in production code due to potential security risks.",
"concern": true
},
{
"title": "Creates iframe elements",
"severity": "medium",
"user_explanation": "The extension creates iframe elements, which can potentially lead to security vulnerabilities.",
"technical_detail": "The extension uses the document.createElement` method to create iframe elements. This can be used for legitimate purposes such as updating the extension's UI or injecting custom content.","legitimate_use": "Legitimate extensions often use iframes for updating their UI or injecting custom content, but this should be done with caution due to potential security risks.",
"concern": false
}
],
"recommendations": [
{
"title": "Use secure encryption methods",
"description": "Replace weak encryption algorithms with secure ones to prevent data breaches and ensure user confidentiality."
},
{
"title": "Avoid hardcoded secrets",
"description": "Remove hardcoded values for secret keys or tokens and use a secure method of storing sensitive data instead."
},
{
"title": "Use secure event listeners",
"description": "Use secure event listeners to capture keyboard events, form inputs, and other user interactions to prevent potential security vulnerabilities."
}
]
}
Note: The above findings are based on the provided code snippet and may not reflect the actual implementation of the extension.
Similar Extensions
More in Productivity/workflow →
Do more in Google Chrome with Adobe Acrobat PDF tools. View, fill, comment, sign, and try convert and compress tools.
Block ads on YouTube and your favorite sites for free
Remove ads on YouTube and everywhere else you browse.