Browse Security AI Extensions Collections
Redux Devtools Chrome extension icon

Redux Devtools

🔍 Security Report Available
👥 1M+ users
📦 v3.2.10
💾 1.2MiB
📅 2025-04-03
View on Chrome Web Store

Chrome will indicate if you already have this installed.

Blocks application state changes and provides debugging tools for Redux applications, letting developers inspect and manage their store's state in real-time. Most beneficial to Redux developers and teams who need to debug complex state changes, this extension offers a comprehensive solution for managing application state. Benefits developers with large-scale Redux projects or those new to the framework.

Overview

The extension provides power-ups for your Redux development workflow. Apart from Redux, it can be used with any other architectures which handle the state.

This is an open source project. See the official repository for more details: https://github.com/reduxjs/redux-devtools

Tags

Productivity/developer developer productivity/developer

Privacy Practices

Not being sold to third parties, outside of the approved use cases
Not being used or transferred for purposes that are unrelated to the item's core functionality
Not being used or transferred to determine creditworthiness or for lending purposes
v3.2.10 Info Scanned Mar 5, 2026

Security Analysis — Redux Devtools

Analyzed v3.2.10 · Mar 5, 2026 · 7 JS files · 3400 KB scanned

Permissions

notifications contextMenus storage file:///* http://*/* https://*/*

Code Patterns Detected

Function constructor used — dynamic code execution innerHTML assignment — potential XSS vector String.fromCharCode (obfuscation) Uses Fetch API Reads browser storage Writes to browser storage Removes from browser storage Monitors storage changes Listens to keyboard shortcuts Creates context menu items Shows notifications Uses postMessage for cross-origin comms Sets up event listeners

External Connections

github.com www.w3.org atelierbram.github.io json-schema.org lodash.com raw.githubusercontent.com ethanschoonover.com redux-toolkit.js.org reactjs.org redux.js.org openjsf.org underscorejs.org +8 more

Package Contents 29 files · 3.5MB

📁_metadata5KB
{}verified_contents.json5KB
📁img53KB
📁logo51KB
🖼128x128.png20KB
🖼16x16.png2KB
🖼38x38.png5KB
🖼48x48.png6KB
🖼error.png2KB
🖼gray.png4KB
🖼scalable.png13KB
🖼loading.svg2KB
🎨background.bundle.css7KB
📜background.bundle.js23KB
📜content.bundle.js4KB
🎨devpanel.bundle.css7KB
📜devpanel.bundle.js1.6MBlarge
🌐devpanel.html1KB
📜devtools.bundle.js111B
🌐devtools.html169B
{}manifest.json2KB
📜options.bundle.js149KBlarge
🌐options.html2KB
📜page.bundle.js33KB
🎨remote.bundle.css7KB
📜remote.bundle.js1.6MBlarge
🌐remote.html1KB
🔤roboto-mono-v4-latin-regular-45PG2VAM.woff216KB
🔤roboto-v15-latin-regular-3XGOHEZN.woff214KB
🔤source-code-pro-v6-latin-regular-T5LNFASY.woff212KB
🔤source-sans-pro-v9-latin-600-S3ZWYGUG.woff214KB
🔤source-sans-pro-v9-latin-regular-BEFFICBH.woff214KB

What This Extension Does

Redux DevTools is a debugging extension for Redux applications, allowing developers to inspect state changes. It's suitable for developers working with Redux-based projects.

Permissions Explained

  • notificationsexpected: This permission allows the extension to display notifications in the browser.
    Technical: The extension can access the chrome.notifications API, which enables it to send notifications to the user. This could be used for legitimate purposes such as alerting the user about important events or errors.
  • contextMenusexpected: This permission allows the extension to create custom context menu items in the browser.
    Technical: The extension can access the chrome.contextMenus API, which enables it to add custom menu items. This could be used for legitimate purposes such as providing quick actions or options.
  • storageexpected: This permission allows the extension to read and write data in the browser's storage.
    Technical: The extension can access the chrome.storage API, which enables it to store and retrieve data. This could be used for legitimate purposes such as storing user preferences or caching data.
  • file:///*check this: This permission allows the extension to access local files on the user's device.
    Technical: The extension can access file:/// URLs, which enables it to read and write local files. This is a high-risk permission as it could be used for malicious purposes such as stealing sensitive data or installing malware. ⚠ 1
  • http://*/*check this: This permission allows the extension to make HTTP requests on behalf of the user.
    Technical: The extension can access http:// URLs, which enables it to send HTTP requests. This is a high-risk permission as it could be used for malicious purposes such as sending sensitive data or installing malware. ⚠ 1
  • https://*/*check this: This permission allows the extension to make HTTPS requests on behalf of the user.
    Technical: The extension can access https:// URLs, which enables it to send HTTPS requests. This is a high-risk permission as it could be used for malicious purposes such as sending sensitive data or installing malware. ⚠ 1

Your Data

The extension accesses the user's storage and can send data to various domains, including GitHub and Redux Toolkit.

Technical Details

The extension sends HTTP requests to github.com, www.w3.org, atelierbram.github.io, json-schema.org, lodash.com, raw.githubusercontent.com, ethanschoonover.com, redux-toolkit.js.org, reactjs.org, redux.js.org, openjsf.org, and underscorejs.org. It also reads and writes data in the browser's storage.

Code Findings

Dynamic Code ExecutionHigh

The extension uses the Function constructor to execute dynamic code, which could be used for malicious purposes such as injecting malware or stealing sensitive data.

Technical: The extension uses the Function constructor in the background script (background.js) to execute dynamic code. This is a high-risk behavior as it allows the extension to inject arbitrary code into the browser.

💡 This pattern is commonly used for legitimate purposes such as loading scripts or executing user-provided code.

innerHTML AssignmentMedium

The extension uses innerHTML assignment, which could be used to inject malicious HTML or execute XSS attacks.

Technical: The extension assigns innerHTML in the content script (content.js) to a DOM element. This is a medium-risk behavior as it allows the extension to inject arbitrary HTML into the page.

💡 This pattern is commonly used for legitimate purposes such as loading dynamic content or executing user-provided code.

String.fromCharCode ObfuscationMedium

The extension uses String.fromCharCode to obfuscate code, which could be used for malicious purposes such as hiding malware or stealing sensitive data.

Technical: The extension uses String.fromCharCode in the background script (background.js) to obfuscate code. This is a medium-risk behavior as it allows the extension to hide its true purpose or intentions.

💡 This pattern is commonly used for legitimate purposes such as compressing data or encrypting sensitive information.

Bottom Line

The Redux DevTools extension has some concerning permissions and behaviors, including dynamic code execution, innerHTML assignment, and String.fromCharCode obfuscation. While these issues are not necessarily malicious, they do increase the risk of the extension being used for nefarious purposes. Users should exercise caution when installing this extension and ensure that it is only installed from trusted sources.

Similar Extensions

More in Productivity/developer →

Gofullpage Full Page Scre

10M+ users
Capture a screenshot of your current page in entirety and reliably—without requesting any extra permissions!
Productivity/developer AI

Touchen Pc보안 확장

8M+ users
브라우저에서 라온시큐어의 PC보안 기능을 사용하기 위한 확장 프로그램입니다.
Productivity/developer

React Developer Tools

4M+ users
Adds React debugging tools to the Chrome Developer Tools. Created from revision 3cde211b0c on 10/20/2025.
Productivity/developer