πŸ“¦

Stock Tracker

πŸ” Security Report Available
πŸ‘₯ 74 users
View on Chrome Web Store

Chrome will indicate if you already have this installed.

Overview

Stock Tracker in React!

Security Analysis

Analyzed v1.0.0 Β· Feb 21, 2026 Β· 6 JS files Β· 239 KB scanned

Permissions

storage

Code Patterns Detected

Function constructor used β€” dynamic code execution innerHTML assignment β€” potential XSS vector Makes HTTP requests Listens to keyboard events

External Connections

www.w3.org reactjs.org tranquil-castle-98436.herokuapp.com mui.com

Package Contents 22 files Β· 384KB

β–ΎπŸ“_metadata4KB
{}verified_contents.json4KB
πŸ”€176f8f5bd5f02b3abfcf.woff215KB
πŸ”€352cc77aaed5208ce13c.woff27KB
πŸ”€3605d18d8a4ce5bd39c3.woff210KB
πŸ”€52cebac009baf5592e7d.woff25KB
πŸ“œ870.js103KBlarge
πŸ“„870.js.LICENSE.txt412B
πŸ“œ935.js129KBlarge
πŸ“„935.js.LICENSE.txt788B
πŸ”€b5a0a0df312d3423493b.woff64KB
πŸ“œbackground.js49B
πŸ”€bc7ace6e50c7d9d4d959.woff21KB
πŸ“œcontentScript.js0B
πŸ”€dcc07bcfcd475f34f20b.woff212KB
πŸ”€dd55ea0a2e90d5d86e15.woff215KB
πŸ–Όicon.png7KB
{}manifest.json627B
🌐options.html235B
πŸ“œoptions.js2KB
🌐popup.html263B
πŸ“œpopup.js6KB
πŸ“„test.csv1KB

What This Extension Does

The Stock Tracker extension, categorized as an extension in the finance category, allows users to track stocks. It has a user base of 74.

Permissions Explained

  • storage: This permission grants the extension access to store and retrieve data locally on the user's device. For extensions like this one that need to remember stock tracking information for each user, storage is a standard permission.
  • No other permissions are declared beyond storage.

What We Found in the Code

  • Function constructor used β€” dynamic code execution: This flag indicates that the extension uses function constructors, which can be used for dynamic code execution. While this pattern is not inherently malicious, it's unusual and warrants closer inspection to ensure it's being used safely.
  • innerHTML assignment β€” potential XSS vector: The use of innerHTML assignments can potentially lead to cross-site scripting (XSS) vulnerabilities if untrusted data is inserted into the DOM. However, without more context, it's difficult to say whether this is a genuine concern or simply a normal coding pattern for UI rendering.
  • Makes HTTP requests: This flag indicates that the extension makes external API calls. Given its purpose as a stock tracker, making HTTP requests to retrieve real-time data is likely a standard and necessary behavior.
  • Listens to keyboard events: The extension listens to keyboard events, which could be used for shortcuts or other UI interactions. While this pattern can sometimes indicate malicious intent, it's also commonly used in legitimate extensions for user convenience.

External Connections

The extension communicates with the following domains:
  • www.w3.org: A standard domain for web development resources.
  • reactjs.org: The official React documentation site, which is likely being referenced for UI implementation guidance.
  • tranquil-castle-98436.herokuapp.com: This domain appears to be a Heroku-hosted server. Without more context, it's unclear whether this connection is necessary or unusual for the extension's purpose.
  • mui.com: Material-UI (MUI) is a popular React UI library. The connection to their website suggests that the extension may be using MUI components.

Things to Consider

Given its name and description, the Stock Tracker extension appears to have a legitimate purpose. However, some of the code patterns flagged by our scan warrant closer inspection:
  • The use of function constructors for dynamic code execution could potentially lead to security issues if not implemented carefully.
  • The innerHTML assignments may pose an XSS risk if untrusted data is inserted into the DOM.
  • The connection to tranquil-castle-98436.herokuapp.com is unclear and may be worth investigating further.
Ultimately, users should weigh these findings against their own needs and trust in the extension. If you're considering installing this extension for stock tracking purposes, it's essential to evaluate whether its permissions and behavior align with your expectations.

Similar Extensions

More in extensions β†’
Grammarly for Chrome helps you write with confidence. Get AI support for grammar, clarity, and tone, from first draft to…
extensions

Metamask

12M+ users
The world's most trusted crypto wallet
extensions
LastPass is an award-winning password manager for secure credential management on any device.
extensions

Phantom

5M+ users
A crypto wallet reimagined for DeFi & NFTs
extensions