Unmapjs – Source Map Expo

UnmapJS helps security researchers and developers check whether a web application exposes JavaScript source maps in production.

What it does:
- Scans the current tab for JavaScript chunks and source map references
- Verifies source map availability and extracts recoverable source files
- Exports recovered files as a ZIP for analysis

Privacy-first behavior:
- Site access is requested per-site when you click Analyze
- Auto-scan is optional and off by default
- Notifications are optional and off by default
- Data is processed locally in your browser and stored in chrome.storage.local
- No external analytics, no selling of user data

Important:
Use only on applications you own or are explicitly authorized to test.

Permission justification (for CWS form)
- activeTab: run analysis on the user's currently active tab after explicit action.
- scripting: collect in-page script/resource references needed for source map discovery.
- downloads: save recovered source files as ZIP.
- storage: save user settings.
- tabs: read active tab URL for current-tab analysis.
- notifications: optional alert when auto-scan finds exposed sources.
- optional_host_permissions (<all_urls>): enables user-granted, per-origin scanning without permanent global access.