Security News
Research
Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
@clerk/chrome-extension
Advanced tools
Clerk is the easiest way to add authentication and user management to your Browser Extension. Add sign up, sign in, and profile management to your application in minutes.
>=18.17.0
or laterPlease see the latest extension authentication support matrix in the Clerk documentation for more information.
Installation: npm install @clerk/chrome-extension
Set a consistent extension key: A browser extension can be identified by its unique key, in a similar way to how a website can be identified by its domain. You will need to explicitly configure your extension's key or it will change often. If the key changes, it can cause the extension to fail. See the Configure a Consistent Key guide for more information.
Update Clerk Settings: Once you've set up a consistent extension key, you'll need to configure your Clerk settings to allow the extension to communicate with your Clerk API.
You can do this by adding the extension key to the list of allowed origins in your Clerk settings. Setting the allowed_origins
is required for both Development and Production instances.
curl -X PATCH https://api.clerk.com/v1/instance \
-H "Content-type: application/json" \
-H "Authorization: Bearer <CLERK_SECRET_KEY>" \
-d '{"allowed_origins": ["chrome-extension://<YOUR_EXTENSION_KEY>"]}'
Set Environment Variables: Retrieve the Publishable key from your Clerk dashboard and set it as an environment variable.
# Vite
VITE_CLERK_PUBLISHABLE_KEY=pk_test_xxx
# Plasmo
PLASMO_PUBLIC_CLERK_PUBLISHABLE_KEY=pk_test_xxx
Update the extension manifest: You'll need to update your extension manifest permissions to support Clerk.
Add Clerk to your app: Though not required, we generally suggest using Plasmo for browser extension development. This will enforce common standards across your extension as well as allow for easier integration with other browsers in the future.
ClerkProvider
: This is the general approach to all extensions. From here you'll be able to support extension-only authentication as well as sharing authentication with a website in the same browser.You can get in touch with us in any of the following ways:
We're open to all community contributions! If you'd like to contribute in any way, please read our contribution guidelines and code of conduct.
@clerk/chrome-extension
follows good practices of security, but 100% security cannot be assured.
@clerk/chrome-extension
is provided "as is" without any warranty. Use at your own risk.
For more information and to report security issues, please refer to our security documentation.
This project is licensed under the MIT license.
See LICENSE for more information.
FAQs
Clerk SDK for Chrome extensions
The npm package @clerk/chrome-extension receives a total of 5,844 weekly downloads. As such, @clerk/chrome-extension popularity was classified as popular.
We found that @clerk/chrome-extension demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.
Security News
Sonar’s acquisition of Tidelift highlights a growing industry shift toward sustainable open source funding, addressing maintainer burnout and critical software dependencies.