📦

Stock Tracker

🔍 Security Report Available

👥 74 users

View on Chrome Web Store

Chrome will indicate if you already have this installed.

Overview

Stock Tracker in React!

Security Analysis

Analyzed v1.0.0 · Feb 21, 2026 · 6 JS files · 239 KB scanned

Permissions

Code Patterns Detected

External Connections

www.w3.org reactjs.org tranquil-castle-98436.herokuapp.com mui.com

Package Contents 22 files · 384KB

▾📁_metadata4KB

{}verified_contents.json4KB

🔤176f8f5bd5f02b3abfcf.woff215KB

🔤352cc77aaed5208ce13c.woff27KB

🔤3605d18d8a4ce5bd39c3.woff210KB

🔤52cebac009baf5592e7d.woff25KB

📜870.js103KBlarge

📄870.js.LICENSE.txt412B

📜935.js129KBlarge

📄935.js.LICENSE.txt788B

🔤b5a0a0df312d3423493b.woff64KB

📜background.js49B

🔤bc7ace6e50c7d9d4d959.woff21KB

📜contentScript.js0B

🔤dcc07bcfcd475f34f20b.woff212KB

🔤dd55ea0a2e90d5d86e15.woff215KB

🖼icon.png7KB

{}manifest.json627B

🌐options.html235B

📜options.js2KB

🌐popup.html263B

📜popup.js6KB

📄test.csv1KB

What This Extension Does

The Stock Tracker extension, categorized as an extension in the finance category, allows users to track stocks. It has a user base of 74.

Permissions Explained

storage: This permission grants the extension access to store and retrieve data locally on the user's device. For extensions like this one that need to remember stock tracking information for each user, storage is a standard permission.
No other permissions are declared beyond storage.

What We Found in the Code

Function constructor used — dynamic code execution: This flag indicates that the extension uses function constructors, which can be used for dynamic code execution. While this pattern is not inherently malicious, it's unusual and warrants closer inspection to ensure it's being used safely.
innerHTML assignment — potential XSS vector: The use of innerHTML assignments can potentially lead to cross-site scripting (XSS) vulnerabilities if untrusted data is inserted into the DOM. However, without more context, it's difficult to say whether this is a genuine concern or simply a normal coding pattern for UI rendering.
Makes HTTP requests: This flag indicates that the extension makes external API calls. Given its purpose as a stock tracker, making HTTP requests to retrieve real-time data is likely a standard and necessary behavior.
Listens to keyboard events: The extension listens to keyboard events, which could be used for shortcuts or other UI interactions. While this pattern can sometimes indicate malicious intent, it's also commonly used in legitimate extensions for user convenience.

External Connections

The extension communicates with the following domains:

www.w3.org: A standard domain for web development resources.
reactjs.org: The official React documentation site, which is likely being referenced for UI implementation guidance.
tranquil-castle-98436.herokuapp.com: This domain appears to be a Heroku-hosted server. Without more context, it's unclear whether this connection is necessary or unusual for the extension's purpose.
mui.com: Material-UI (MUI) is a popular React UI library. The connection to their website suggests that the extension may be using MUI components.

Things to Consider

Given its name and description, the Stock Tracker extension appears to have a legitimate purpose. However, some of the code patterns flagged by our scan warrant closer inspection:

The use of function constructors for dynamic code execution could potentially lead to security issues if not implemented carefully.
The innerHTML assignments may pose an XSS risk if untrusted data is inserted into the DOM.
The connection to tranquil-castle-98436.herokuapp.com is unclear and may be worth investigating further.

Ultimately, users should weigh these findings against their own needs and trust in the extension. If you're considering installing this extension for stock tracking purposes, it's essential to evaluate whether its permissions and behavior align with your expectations.