Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
webext-buildtools-chrome-webstore-builder
Advanced tools
webext-buildtools builder for deploying to Chrome Webstore. Based on chrome-webstore-upload
webext-buildtools builder which allows you to upload, publish and download crx file from Chrome Web Store.
If you need a complete solution for Web Extension build/deploy, go to webext-buildtools-integrated-builder repo.
To read what are webext-buildtools and builders go to webext-buildtools-builder-types repo.
npm install webext-buildtools-chrome-webstore-builder
Builder is based on typed-chrome-webstore-api package and allows you to upload and publish your Web Extension to Chrome Web Store and then download published crx file.
Builder doesn't allow publish new extension, only update existing (specified by extensionId
in options)
with new version.
const ChromeWebstoreBuilder = require('webext-buildtools-chrome-webstore-builder').default;
const fs = require('fs-extra');
const options = { ... }; // see description below
const logMethod = console.log;
const builder = new ChromeWebstoreBuilder(options, logMethod);
builder.setInputManifest(await fs.readJson('./ext_dir/package.json'));
builder.setInputZipBuffer(await fs.read('./packed.zip'));
builder.requireUploadedExt();
builder.requirePublishedExt();
builder.requirePublishedCrxFile();
const buildResult = await builder.build();
Options object described in declarations/options.d.ts
See how to get logMethod
for pretty output.
To setup API access you need to specify clientId
, clientSecret
and refreshToken
in options.apiAccess
.
To find out how to obtain them you can read:
setInputManifest(...)
. Object with parsed extension's package.json
. Required to produce update.xml
filesetInputZipBuffer(...)
. Buffer with zipped extension dir. Required to produce packed crx
fileYou can use webext-buildtools-dir-reader-mw to generate needed inputs from extension directory.
Require to upload extension to Chrome Web Store (first step before publish)
Required options: extensionId
, apiAccess
Require methods: requireUploadedExt()
Assets:
const uploadInfo = buildResult.getAssets().uploadedExt.getValue()
upload info definition
Require to publish extension to Chrome Web Store (second step).
Normally is used with requireUploadedExt()
, but can be used to publish already uploaded version
Required options: extensionId
, apiAccess
Require methods: requirePublishedExt()
Assets:
const publishInfo = buildResult.getAssets().publishedExt.getValue()
publish info definition
Download published crx file from Chrome Web Store (undocumented feature). Normally is
used together with requireUploadedExt()
and requirePublishedExt()
, but can be used
separately to download crx file for extensionId
specified in options.
Required options: downloadCrx.outCrxFilePath
(for not temporary file), extensionId
Require methods: requirePublishedCrxFile()
, requirePublishedCrxBuffer()
Assets:
const crxFilePath = buildResult.getAssets().publishedCrxFile.getValue()
const crxBuffer = buildResult.getAssets().publishedCrxBuffer.getValue()
FAQs
webext-buildtools builder for deploying to Chrome Webstore. Based on chrome-webstore-upload
The npm package webext-buildtools-chrome-webstore-builder receives a total of 30 weekly downloads. As such, webext-buildtools-chrome-webstore-builder popularity was classified as not popular.
We found that webext-buildtools-chrome-webstore-builder demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.