Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@clerk/chrome-extension
Advanced tools
Clerk is the easiest way to add authentication and user management to your Browser Extension. Add sign up, sign in, and profile management to your application in minutes.
>=18.17.0
or laterPlease see the latest extension authentication support matrix in the Clerk documentation for more information.
Installation: npm install @clerk/chrome-extension
Set a consistent extension key: A browser extension can be identified by its unique key, in a similar way to how a website can be identified by its domain. You will need to explicitly configure your extension's key or it will change often. If the key changes, it can cause the extension to fail. See the Configure a Consistent Key guide for more information.
Update Clerk Settings: Once you've set up a consistent extension key, you'll need to configure your Clerk settings to allow the extension to communicate with your Clerk API.
You can do this by adding the extension key to the list of allowed origins in your Clerk settings. Setting the allowed_origins
is required for both Development and Production instances.
curl -X PATCH https://api.clerk.com/v1/instance \
-H "Content-type: application/json" \
-H "Authorization: Bearer <CLERK_SECRET_KEY>" \
-d '{"allowed_origins": ["chrome-extension://<YOUR_EXTENSION_KEY>"]}'
Set Environment Variables: Retrieve the Publishable key from your Clerk dashboard and set it as an environment variable.
# Vite
VITE_CLERK_PUBLISHABLE_KEY=pk_test_xxx
# Plasmo
PLASMO_PUBLIC_CLERK_PUBLISHABLE_KEY=pk_test_xxx
Update the extension manifest: You'll need to update your extension manifest permissions to support Clerk.
Add Clerk to your app: Though not required, we generally suggest using Plasmo for browser extension development. This will enforce common standards across your extension as well as allow for easier integration with other browsers in the future.
ClerkProvider
: This is the general approach to all extensions. From here you'll be able to support extension-only authentication as well as sharing authentication with a website in the same browser.You can get in touch with us in any of the following ways:
We're open to all community contributions! If you'd like to contribute in any way, please read our contribution guidelines and code of conduct.
@clerk/chrome-extension
follows good practices of security, but 100% security cannot be assured.
@clerk/chrome-extension
is provided "as is" without any warranty. Use at your own risk.
For more information and to report security issues, please refer to our security documentation.
This project is licensed under the MIT license.
See LICENSE for more information.
FAQs
Clerk SDK for Chrome extensions
The npm package @clerk/chrome-extension receives a total of 5,844 weekly downloads. As such, @clerk/chrome-extension popularity was classified as popular.
We found that @clerk/chrome-extension demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.