Forem: SHOTA The latest articles on Forem by SHOTA (@_350df62777eb55e1). https://forem.com/_350df62777eb55e1 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3680827%2F10e2d5e7-842d-4134-b315-1544f502a431.png Forem: SHOTA https://forem.com/_350df62777eb55e1 en Building a Cookie Manager Chrome Extension: What I Learned From the MV3 Transition SHOTA Fri, 08 May 2026 15:22:08 +0000 https://forem.com/_350df62777eb55e1/building-a-cookie-manager-chrome-extension-what-i-learned-from-the-mv3-transition-3h95 https://forem.com/_350df62777eb55e1/building-a-cookie-manager-chrome-extension-what-i-learned-from-the-mv3-transition-3h95 <p>Cookie management extensions are one of the oldest categories in the Chrome Web Store. EditThisCookie has been around since 2011 and still has millions of users. The category is established, the use cases are well-understood, and it's a good study in how to migrate a conceptually simple tool to Manifest V3.</p> <p>I built <strong>CookieJar</strong> as an EditThisCookie alternative built natively on MV3. Here's what the development revealed.</p> <h2> The <code>cookies</code> API in MV3 </h2> <p>The Chrome <code>cookies</code> API is straightforward. To get all cookies for the current tab:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">async</span> <span class="kd">function</span> <span class="nf">getCookiesForTab</span><span class="p">(</span><span class="nx">tabId</span><span class="p">:</span> <span class="kr">number</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">chrome</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="nx">Cookie</span><span class="p">[]</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">tab</span><span class="p">]</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">tabs</span><span class="p">.</span><span class="nf">query</span><span class="p">({</span> <span class="na">active</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">currentWindow</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">tab</span><span class="p">?.</span><span class="nx">url</span><span class="p">)</span> <span class="k">return</span> <span class="p">[];</span> <span class="k">return</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="nf">getAll</span><span class="p">({</span> <span class="na">url</span><span class="p">:</span> <span class="nx">tab</span><span class="p">.</span><span class="nx">url</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>The <code>url</code> parameter scopes the query to cookies accessible to that origin (matching domain and secure flag). Pass <code>{}</code> instead to get all cookies the extension can see.</p> <p><strong>The MV3 change that matters</strong>: In MV2, you could listen to <code>chrome.cookies.onChanged</code> from a persistent background page indefinitely. In MV3, the service worker is terminated after inactivity. Real-time cookie monitoring requires a different approach.</p> <h2> Real-Time Cookie Monitoring Without a Persistent Background </h2> <p>If a user has the extension open and is modifying cookies on the page, I want the UI to update. But <code>chrome.cookies.onChanged</code> is only active while the service worker is running.</p> <p>The solution: keep a port connection alive between the popup and the service worker. A port connection keeps the service worker active as long as the port is open:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// In popup</span> <span class="kd">const</span> <span class="nx">port</span> <span class="o">=</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">runtime</span><span class="p">.</span><span class="nf">connect</span><span class="p">({</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">cookie-monitor</span><span class="dl">'</span> <span class="p">});</span> <span class="nx">port</span><span class="p">.</span><span class="nx">onMessage</span><span class="p">.</span><span class="nf">addListener</span><span class="p">((</span><span class="nx">msg</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">msg</span><span class="p">.</span><span class="kd">type</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">COOKIE_CHANGED</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Update UI</span> <span class="nf">refreshCookies</span><span class="p">();</span> <span class="p">}</span> <span class="p">});</span> <span class="c1">// Cleanup when popup closes</span> <span class="nb">window</span><span class="p">.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">'</span><span class="s1">unload</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nx">port</span><span class="p">.</span><span class="nf">disconnect</span><span class="p">());</span> <span class="c1">// In service worker</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">runtime</span><span class="p">.</span><span class="nx">onConnect</span><span class="p">.</span><span class="nf">addListener</span><span class="p">((</span><span class="nx">port</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">port</span><span class="p">.</span><span class="nx">name</span> <span class="o">!==</span> <span class="dl">'</span><span class="s1">cookie-monitor</span><span class="dl">'</span><span class="p">)</span> <span class="k">return</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">listener</span> <span class="o">=</span> <span class="p">(</span><span class="na">changeInfo</span><span class="p">:</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="nx">CookieChangeInfo</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">port</span><span class="p">.</span><span class="nf">postMessage</span><span class="p">({</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">COOKIE_CHANGED</span><span class="dl">'</span><span class="p">,</span> <span class="na">cookie</span><span class="p">:</span> <span class="nx">changeInfo</span><span class="p">.</span><span class="nx">cookie</span> <span class="p">});</span> <span class="p">};</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="nx">onChanged</span><span class="p">.</span><span class="nf">addListener</span><span class="p">(</span><span class="nx">listener</span><span class="p">);</span> <span class="nx">port</span><span class="p">.</span><span class="nx">onDisconnect</span><span class="p">.</span><span class="nf">addListener</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="nx">onChanged</span><span class="p">.</span><span class="nf">removeListener</span><span class="p">(</span><span class="nx">listener</span><span class="p">);</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>The port keeps the service worker alive while the popup is open. When the popup closes, the port disconnects, and the listener is removed cleanly.</p> <h2> Cookie Editing: The Session/Persistent Distinction </h2> <p>There are two cookie types users care about: session cookies (no explicit expiry, deleted when browser closes) and persistent cookies (explicit <code>Max-Age</code> or <code>Expires</code> attribute).</p> <p>The <code>chrome.cookies.set()</code> API mirrors the HTTP Set-Cookie header:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">async</span> <span class="kd">function</span> <span class="nf">updateCookie</span><span class="p">(</span> <span class="nx">original</span><span class="p">:</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="nx">Cookie</span><span class="p">,</span> <span class="nx">updates</span><span class="p">:</span> <span class="nb">Partial</span><span class="o">&lt;</span><span class="nx">CookieEditFields</span><span class="o">&gt;</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">chrome</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="nx">Cookie</span> <span class="o">|</span> <span class="kc">null</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">url</span> <span class="o">=</span> <span class="nf">buildCookieUrl</span><span class="p">(</span><span class="nx">original</span><span class="p">);</span> <span class="kd">const</span> <span class="na">details</span><span class="p">:</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="nx">SetDetails</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">url</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="nx">updates</span><span class="p">.</span><span class="nx">name</span> <span class="o">??</span> <span class="nx">original</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="na">value</span><span class="p">:</span> <span class="nx">updates</span><span class="p">.</span><span class="nx">value</span> <span class="o">??</span> <span class="nx">original</span><span class="p">.</span><span class="nx">value</span><span class="p">,</span> <span class="na">domain</span><span class="p">:</span> <span class="nx">updates</span><span class="p">.</span><span class="nx">domain</span> <span class="o">??</span> <span class="nx">original</span><span class="p">.</span><span class="nx">domain</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="nx">updates</span><span class="p">.</span><span class="nx">path</span> <span class="o">??</span> <span class="nx">original</span><span class="p">.</span><span class="nx">path</span><span class="p">,</span> <span class="na">secure</span><span class="p">:</span> <span class="nx">updates</span><span class="p">.</span><span class="nx">secure</span> <span class="o">??</span> <span class="nx">original</span><span class="p">.</span><span class="nx">secure</span><span class="p">,</span> <span class="na">httpOnly</span><span class="p">:</span> <span class="nx">updates</span><span class="p">.</span><span class="nx">httpOnly</span> <span class="o">??</span> <span class="nx">original</span><span class="p">.</span><span class="nx">httpOnly</span><span class="p">,</span> <span class="na">sameSite</span><span class="p">:</span> <span class="nx">updates</span><span class="p">.</span><span class="nx">sameSite</span> <span class="o">??</span> <span class="nx">original</span><span class="p">.</span><span class="nx">sameSite</span><span class="p">,</span> <span class="p">};</span> <span class="c1">// Handle session vs persistent</span> <span class="k">if </span><span class="p">(</span><span class="nx">updates</span><span class="p">.</span><span class="nx">expirationDate</span> <span class="o">!==</span> <span class="kc">undefined</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">updates</span><span class="p">.</span><span class="nx">expirationDate</span> <span class="o">===</span> <span class="kc">null</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Make it a session cookie (no expirationDate in details)</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">details</span><span class="p">.</span><span class="nx">expirationDate</span> <span class="o">=</span> <span class="nx">updates</span><span class="p">.</span><span class="nx">expirationDate</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">original</span><span class="p">.</span><span class="nx">session</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Preserve session nature — don't add expirationDate</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">details</span><span class="p">.</span><span class="nx">expirationDate</span> <span class="o">=</span> <span class="nx">original</span><span class="p">.</span><span class="nx">expirationDate</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="nx">details</span><span class="p">);</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">buildCookieUrl</span><span class="p">(</span><span class="nx">cookie</span><span class="p">:</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="nx">Cookie</span><span class="p">):</span> <span class="kr">string</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">scheme</span> <span class="o">=</span> <span class="nx">cookie</span><span class="p">.</span><span class="nx">secure</span> <span class="p">?</span> <span class="dl">'</span><span class="s1">https</span><span class="dl">'</span> <span class="p">:</span> <span class="dl">'</span><span class="s1">http</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">domain</span> <span class="o">=</span> <span class="nx">cookie</span><span class="p">.</span><span class="nx">domain</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">.</span><span class="dl">'</span><span class="p">)</span> <span class="p">?</span> <span class="nx">cookie</span><span class="p">.</span><span class="nx">domain</span><span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span> <span class="p">:</span> <span class="nx">cookie</span><span class="p">.</span><span class="nx">domain</span><span class="p">;</span> <span class="k">return</span> <span class="s2">`</span><span class="p">${</span><span class="nx">scheme</span><span class="p">}</span><span class="s2">://</span><span class="p">${</span><span class="nx">domain</span><span class="p">}${</span><span class="nx">cookie</span><span class="p">.</span><span class="nx">path</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>The <code>domain</code> handling is subtle: Chrome stores domain cookies with a leading <code>.</code> (indicating host-only = false), but <code>cookies.set()</code> wants the domain without the leading <code>.</code> when building the URL. Forgetting this causes silent failures where the set operation appears to succeed but the cookie isn't updated.</p> <h2> The <code>httpOnly</code> Problem </h2> <p><code>httpOnly</code> cookies cannot be set directly via JavaScript — that's the whole point. But the <code>chrome.cookies</code> API can read and set them because it bypasses the JavaScript restriction. This is one of the key reasons developers need a cookie manager extension rather than just using DevTools.</p> <p>When editing an <code>httpOnly</code> cookie, CookieJar preserves the flag:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// When displaying httpOnly cookies</span> <span class="p">{</span><span class="nx">cookie</span><span class="p">.</span><span class="nx">httpOnly</span> <span class="o">&amp;&amp;</span> <span class="p">(</span> <span class="o">&lt;</span><span class="nx">Badge</span> <span class="nx">variant</span><span class="o">=</span><span class="dl">"</span><span class="s2">secondary</span><span class="dl">"</span> <span class="nx">title</span><span class="o">=</span><span class="dl">"</span><span class="s2">Cannot be accessed by JavaScript</span><span class="dl">"</span><span class="o">&gt;</span> <span class="nx">httpOnly</span> <span class="o">&lt;</span><span class="sr">/Badge</span><span class="err">&gt; </span><span class="p">)}</span> </code></pre> </div> <p>The badge both informs the user and serves as a reminder that this cookie is protected from XSS-based theft.</p> <h2> Search and Filter </h2> <p>With 50+ cookies on a complex page, the list gets unwieldy. I added filtering that handles the common patterns:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">function</span> <span class="nf">filterCookies</span><span class="p">(</span> <span class="nx">cookies</span><span class="p">:</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="nx">Cookie</span><span class="p">[],</span> <span class="nx">query</span><span class="p">:</span> <span class="kr">string</span> <span class="p">):</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="nx">Cookie</span><span class="p">[]</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">q</span> <span class="o">=</span> <span class="nx">query</span><span class="p">.</span><span class="nf">toLowerCase</span><span class="p">().</span><span class="nf">trim</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">q</span><span class="p">)</span> <span class="k">return</span> <span class="nx">cookies</span><span class="p">;</span> <span class="k">return</span> <span class="nx">cookies</span><span class="p">.</span><span class="nf">filter</span><span class="p">((</span><span class="nx">c</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span> <span class="nx">c</span><span class="p">.</span><span class="nx">name</span><span class="p">.</span><span class="nf">toLowerCase</span><span class="p">().</span><span class="nf">includes</span><span class="p">(</span><span class="nx">q</span><span class="p">)</span> <span class="o">||</span> <span class="nx">c</span><span class="p">.</span><span class="nx">value</span><span class="p">.</span><span class="nf">toLowerCase</span><span class="p">().</span><span class="nf">includes</span><span class="p">(</span><span class="nx">q</span><span class="p">)</span> <span class="o">||</span> <span class="nx">c</span><span class="p">.</span><span class="nx">domain</span><span class="p">.</span><span class="nf">toLowerCase</span><span class="p">().</span><span class="nf">includes</span><span class="p">(</span><span class="nx">q</span><span class="p">)</span> <span class="p">);</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>I also added quick filters for common categories: session-only, httpOnly, secure, and by domain — the most common use cases I observed when I interviewed developers about their cookie management workflow.</p> <h2> Import/Export </h2> <p>CookieJar supports exporting the current page's cookies as JSON and re-importing them. This is useful for sharing a session state, preserving cookies before clearing storage, or transferring a session between environments.</p> <p>The export format is the Chrome <code>cookies.Cookie</code> type directly — no transformation needed. The import uses <code>chrome.cookies.set()</code> for each cookie, with error handling for cookies that can't be set (e.g., cookies for a domain you're not currently on):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">async</span> <span class="kd">function</span> <span class="nf">importCookies</span><span class="p">(</span> <span class="nx">cookies</span><span class="p">:</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="nx">Cookie</span><span class="p">[]</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">failed</span><span class="p">:</span> <span class="kr">number</span> <span class="p">}</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">success</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">failed</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">cookie</span> <span class="k">of</span> <span class="nx">cookies</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">updateCookie</span><span class="p">(</span><span class="nx">cookie</span><span class="p">,</span> <span class="p">{});</span> <span class="nx">success</span><span class="o">++</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">{</span> <span class="nx">failed</span><span class="o">++</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">success</span><span class="p">,</span> <span class="nx">failed</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <h2> The MV3 Lesson </h2> <p>Cookie managers are a good test case for MV3 constraints because they need real-time DOM observation and background API access. The port-based keep-alive pattern for the service worker solves the real-time monitoring problem, but it's not an obvious solution and isn't documented prominently by Google.</p> <p>The key constraint: anything that needs to be "always on" has to be driven by an open UI (popup, side panel, or new tab page). If your background monitoring logic is important even when no UI is open, you need to rethink the architecture for MV3 — the service worker model simply doesn't support persistent background processes.</p> <p>CookieJar is on the Chrome Web Store.</p> <p><em>Built with Vite + React + TypeScript. Uses <code>chrome.cookies</code>, <code>chrome.tabs</code>, and port-based service worker keep-alive.</em></p> chrome javascript webdev tutorial Building a Cookie Editor Chrome Extension — Why I Built CookieJar After EditThisCookie Died SHOTA Fri, 08 May 2026 00:00:00 +0000 https://forem.com/_350df62777eb55e1/building-a-cookie-editor-chrome-extension-why-i-built-cookiejar-after-editthiscookie-died-4o00 https://forem.com/_350df62777eb55e1/building-a-cookie-editor-chrome-extension-why-i-built-cookiejar-after-editthiscookie-died-4o00 <h2> EditThisCookie Is Gone — Now What? </h2> <p>In late 2024, EditThisCookie — the most popular cookie editor for Chrome with millions of users — was removed from the Chrome Web Store. The reason: it never migrated to Manifest V3.</p> <p>Overnight, millions of developers and testers lost their go-to cookie management tool. I saw an opportunity and built <strong>CookieJar</strong> — a modern, MV3-native cookie editor with features EditThisCookie never had.</p> <h2> What CookieJar Does Differently </h2> <h3> 1. Automatic Cookie Classification </h3> <p>EditThisCookie showed you a flat list of cookies. CookieJar automatically classifies every cookie into 6 categories:</p> <ul> <li> <strong>Essential</strong> — Session tokens, CSRF tokens, auth cookies</li> <li> <strong>Functional</strong> — Language preferences, UI settings</li> <li> <strong>Analytics</strong> — Google Analytics, Mixpanel, Hotjar trackers</li> <li> <strong>Advertising</strong> — Facebook Pixel, Google Ads, retargeting cookies</li> <li> <strong>Social</strong> — Social media widgets, share buttons</li> <li> <strong>Unknown</strong> — Unclassified cookies</li> </ul> <p>Classification uses a combination of:</p> <ul> <li>Pattern matching on cookie names (e.g., <code>_ga</code> → Analytics)</li> <li>Domain matching against the Disconnect.me tracking list</li> <li>Heuristic analysis of cookie attributes (HttpOnly, SameSite, expiry)</li> </ul> <h3> 2. Privacy Score </h3> <p>Every site gets a <strong>0-100 privacy score</strong> displayed as a circular gauge in the popup header. The score factors in:</p> <ul> <li>Number and type of tracking cookies</li> <li>Presence of third-party cookies</li> <li>Cookie security attributes (Secure, HttpOnly, SameSite)</li> <li>Total cookie count relative to category average</li> </ul> <p>A developer can instantly see whether a site's cookie practices are reasonable.</p> <h3> 3. Profile Management </h3> <p>Save and restore cookie sets as profiles:</p> <ul> <li>Testing multi-role authentication? Save "Admin" and "User" profiles</li> <li>Switching between staging and production? One click</li> <li>Debugging OAuth flows? Save pre-auth and post-auth states</li> </ul> <h3> 4. Export Formats </h3> <p>CookieJar exports cookies in 5 formats:</p> <ul> <li>JSON (for programmatic use)</li> <li>Netscape/curl format (for cURL commands)</li> <li>HTTP Header format (for direct API testing)</li> <li>Puppeteer format (for automation scripts)</li> <li>CookieJar format (for import into another CookieJar instance)</li> </ul> <h2> Technical Architecture </h2> <h3> MV3 Cookie Access </h3> <p>In MV3, cookie access requires the <code>cookies</code> permission and proper host permissions:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"permissions"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"cookies"</span><span class="p">,</span><span class="w"> </span><span class="s2">"storage"</span><span class="p">],</span><span class="w"> </span><span class="nl">"host_permissions"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"&lt;all_urls&gt;"</span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>The <code>chrome.cookies</code> API provides methods for reading, setting, and removing cookies. CookieJar wraps these in a type-safe abstraction layer.</p> <h3> Real-Time Updates </h3> <p>CookieJar uses <code>chrome.cookies.onChanged</code> to show real-time cookie updates without polling. When a site sets, modifies, or deletes a cookie, the popup updates instantly.</p> <h3> Performance </h3> <p>With sites sometimes having 50+ cookies, rendering performance matters. CookieJar uses:</p> <ul> <li>Virtual scrolling for large cookie lists</li> <li>Debounced search filtering</li> <li>Lazy classification (classify on first view, cache results)</li> </ul> <h2> 8-Language Localization </h2> <p>CookieJar ships with full localization in:<br> English, Japanese, Chinese (Simplified), Korean, Spanish, French, German, Portuguese</p> <p>All UI text goes through a localization system — no hardcoded strings.</p> <h2> Privacy Commitment </h2> <p>CookieJar itself collects zero data. No analytics, no tracking, no server communication. All cookie data stays in your browser. The irony of a cookie management tool that tracks you would not be lost on developers.</p> <h2> Installation </h2> <p>CookieJar is free and available on the <a href="https://chromewebstore.google.com/detail/lhngfkchfepfjjdfhimconagoejemofg" rel="noopener noreferrer">Chrome Web Store</a>.</p> <p>Pro features (profile management, bulk operations, export) are available for $4.99/month.</p> <p><em>Built by <a href="https://dev-tools-hub.xyz/?utm_source=devto&amp;utm_medium=article&amp;utm_campaign=cookiejar" rel="noopener noreferrer">S-Hub</a> — Chrome extensions for developers and productivity enthusiasts.</em></p> <h3> More Developer Tools from S-Hub </h3> <ul> <li> <a href="https://chromewebstore.google.com/detail/onpagex" rel="noopener noreferrer">OnPageX</a> — SEO meta analysis for any page</li> <li> <a href="https://chromewebstore.google.com/detail/epoehadeccangbpjldlbkapnakndbpkf" rel="noopener noreferrer">DataPick</a> — Extract data from any webpage</li> <li> <a href="https://chromewebstore.google.com/detail/procshot" rel="noopener noreferrer">Procshot</a> — Auto-capture browser steps into guides</li> <li> <a href="https://chromewebstore.google.com/detail/databridge" rel="noopener noreferrer">DataBridge</a> — Transfer data between web apps</li> </ul> <p>See all extensions at <a href="https://dev-tools-hub.xyz/?utm_source=devto&amp;utm_medium=article&amp;utm_campaign=cookiejar" rel="noopener noreferrer">dev-tools-hub.xyz</a></p> chrome webdev javascript security Real Numbers: Freemium Chrome Extension Monetization After 6 Months SHOTA Wed, 06 May 2026 16:03:03 +0000 https://forem.com/_350df62777eb55e1/real-numbers-freemium-chrome-extension-monetization-after-6-months-5hga https://forem.com/_350df62777eb55e1/real-numbers-freemium-chrome-extension-monetization-after-6-months-5hga <p>I've been publishing Chrome extensions for about a year. Six months ago I started adding freemium monetization to my extensions using ExtensionPay. Here are the actual numbers and what I've learned.</p> <p>I'm sharing this because almost no one publishes real conversion data for Chrome extension monetization. The advice is almost always theoretical. Here's what I've observed across 5 monetized extensions.</p> <h2> The Portfolio </h2> <p>Five extensions with ExtensionPay freemium:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Extension</th> <th>Category</th> <th>Price</th> <th>Free Limit</th> <th>Installs</th> </tr> </thead> <tbody> <tr> <td>Procshot</td> <td>Productivity</td> <td>$4.99/mo</td> <td>2 guides/month</td> <td>~900</td> </tr> <tr> <td>Japanese Font Finder</td> <td>Dev Tools</td> <td>$2.99/mo</td> <td>30 inspections/day</td> <td>~1,200</td> </tr> <tr> <td>PaletteGrab</td> <td>Dev Tools</td> <td>$3.99 one-time</td> <td>10 colors in tray</td> <td>~600</td> </tr> <tr> <td>AdLegalCheck</td> <td>Productivity</td> <td>$9.99/mo</td> <td>3 scans/month</td> <td>~150</td> </tr> <tr> <td>ToritekiCheck</td> <td>Productivity</td> <td>$4.99/mo</td> <td>3 analyses/month</td> <td>~80</td> </tr> </tbody> </table></div> <p>Installs are approximate active users from CWS Insights. Monthly active users are lower.</p> <h2> Conversion Rates </h2> <p>Across all five extensions, my overall free-to-paid conversion rate is <strong>0.8%</strong>.</p> <p>That sounds low. For SaaS, 2-5% free-to-paid is considered decent. For Chrome extensions, I've come to believe 0.5-2% is realistic.</p> <p>Why so low?</p> <ol> <li><p><strong>Zero friction to install and use the free tier.</strong> There's no sign-up, no credit card, no friction at all. The baseline installed count includes a lot of casual installs that never became engaged users.</p></li> <li><p><strong>The upgrade decision happens at an inconvenient moment.</strong> Users hit the free limit while they're trying to do something. The friction of the upgrade prompt competes with the task they were trying to complete.</p></li> <li><p><strong>Trust gap.</strong> Chrome extension payments are unusual. ExtensionPay shows a payment page that says "extensionpay.com" — which many users don't recognize. Some users who would pay for a web app won't pay for an extension.</p></li> </ol> <h2> The Limit Design Matters More Than the Price </h2> <p>My highest-converting extension is Japanese Font Finder at about 1.4% conversion. The free limit is 30 inspections per day, which sounds generous but is calibrated to the power user's usage pattern.</p> <p>A designer who uses JFF seriously will hit 30 inspections in a work session. The limit creates just enough friction for real users without frustrating casual users.</p> <p>My lowest-converting extension (by rate) is PaletteGrab at 0.3%. The free limit is 10 colors in the color tray. This turns out to be fine for most use cases — you can pick and copy colors without saving them. The upgrade prompt appears too rarely.</p> <p><strong>What I've learned</strong>: The free limit should be just below the threshold for your power user's typical session. Too generous = no upgrade pressure. Too tight = users abandon before getting value.</p> <h2> The Upgrade Prompt Matters </h2> <p>My initial upgrade prompts were modal alerts: "You've reached your limit. Upgrade to Pro?"</p> <p>Conversion from prompt to upgrade: 2%.</p> <p>I rewrote them to show what the user would get: "You've made 2 guides this month. Pro users get unlimited guides + PDF export + annotation tools." Then two buttons: "Upgrade to Pro ($4.99/month)" and "Maybe later."</p> <p>Conversion from prompt to upgrade: 8%.</p> <p>The difference is showing value rather than showing a wall. Users need to remember why they'd pay before they decide to.</p> <h2> ExtensionPay Observations </h2> <p>ExtensionPay is the only practical solution for Chrome extension payments that I've found. It handles the Stripe integration, the payment UI, and the license verification API.</p> <p>A few things I've noticed:</p> <p><strong>The payment flow is not optimized for conversion.</strong> The user leaves the extension, opens a new tab, sees "extensionpay.com", enters their email, then pays. Each step is a drop-off point. I estimate 30-40% of users who click "Upgrade" complete the payment.</p> <p><strong>Monthly vs. one-time matters by category.</strong> Productivity tools (recurring use) convert better to monthly subscriptions. Utility tools (occasional use) convert better to one-time payments. PaletteGrab switched from $2.99/month to $3.99 one-time and conversion improved 60%.</p> <p><strong>Free users complain; paid users don't.</strong> My CWS reviews are overwhelmingly from free users frustrated by limits. Paid users tend to leave positive reviews or no review at all. This is expected but worth knowing.</p> <h2> The Revenue Reality </h2> <p>My current monthly recurring revenue across all five extensions is approximately $180/month. That's well below what I'd need to make this a business, but it's meaningful signal.</p> <p>The trajectory matters more: three months ago it was $60/month. Six months ago it was $0.</p> <p>The install base is growing (mostly through CWS organic search), and conversion rates have improved as I've refined the upgrade prompts and limit designs. At current growth rates, I expect to cross $400/month within 6 months.</p> <h2> What I'd Do Differently </h2> <p><strong>Ship freemium from day one.</strong> Extensions I launched without monetization have free users who feel entitled to free forever. Adding a paywall retroactively generates negative reviews. New extensions now launch with the freemium model from the first public version.</p> <p><strong>One-time pricing for tools, subscription for productivity.</strong> The recurring revenue math is better for subscriptions, but one-time pricing converts better for tools users reach for occasionally. Match the pricing model to the usage pattern.</p> <p><strong>The free limit should be lower for higher-priced plans.</strong> My $9.99/month AdLegalCheck has a free limit of 3 scans/month. That's appropriate for a $10 product. My $2.99/month JFF has a limit of 30/day — much more generous, appropriate for a $3 product. The limit signals the value relative to the price.</p> <p><em>I track my Chrome extension revenue and growth at dev-tools-hub.xyz.</em></p> chrome javascript webdev productivity Monetizing Chrome Extensions with Freemium — Real Numbers from 7 Paid Extensions SHOTA Wed, 06 May 2026 00:00:00 +0000 https://forem.com/_350df62777eb55e1/monetizing-chrome-extensions-with-freemium-real-numbers-from-7-paid-extensions-5cj https://forem.com/_350df62777eb55e1/monetizing-chrome-extensions-with-freemium-real-numbers-from-7-paid-extensions-5cj <h2> Can You Actually Make Money with Chrome Extensions? </h2> <p>Yes. But the numbers are smaller than you think, and the strategy matters more than the code.</p> <p>I run 7 freemium Chrome extensions through ExtensionPay + Stripe. Here's the real data — no vanity metrics, no cherry-picking.</p> <h2> The Portfolio </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Extension</th> <th>Category</th> <th>Free Tier</th> <th>Pro Price</th> </tr> </thead> <tbody> <tr> <td>Procshot</td> <td>Productivity</td> <td>5 captures/mo</td> <td>$9.99/mo</td> </tr> <tr> <td>DataPick</td> <td>Data tools</td> <td>10-row preview</td> <td>$19/mo</td> </tr> <tr> <td>PromptStash</td> <td>AI tools</td> <td>3 saved prompts</td> <td>$5/mo</td> </tr> <tr> <td>ReadMark</td> <td>Reading</td> <td>5 bookmarks</td> <td>$4.99/mo</td> </tr> <tr> <td>InvoiceReader</td> <td>Business</td> <td>10 checks/mo</td> <td>980 JPY/mo</td> </tr> <tr> <td>CookieJar</td> <td>Dev tools</td> <td>Basic features</td> <td>$4.99/mo</td> </tr> <tr> <td>FocusGuard</td> <td>Productivity</td> <td>Basic blocking</td> <td>$5/mo</td> </tr> </tbody> </table></div> <h2> The Freemium Model </h2> <h3> Why Freemium Over Paid-Only? </h3> <p>Chrome Web Store doesn't have a built-in payment system. Users can't buy your extension before installing it. This means:</p> <ol> <li>User installs (free)</li> <li>User tries the extension</li> <li>User hits a limitation</li> <li>User decides to pay</li> </ol> <p>Freemium is the only model that works naturally with CWS's install flow.</p> <h3> The Reverse Trial Approach </h3> <p>Instead of a traditional free trial, I use a <strong>reverse trial</strong>: users get Pro features for 7 days immediately after install, then drop to the free tier.</p> <p><strong>Why this works:</strong></p> <ul> <li>Users experience the full product before deciding</li> <li>No credit card required upfront</li> <li>The "loss" of features is more motivating than never having them</li> <li>Conversion happens when users feel the pain of downgrade</li> </ul> <h3> Setting Free Tier Limits </h3> <p>The hardest part of freemium is setting the right limit. Too generous and nobody pays. Too restrictive and users uninstall.</p> <p><strong>My framework:</strong></p> <ul> <li>The free tier must be genuinely useful (not a crippled demo)</li> <li>The limit should be hit after the user has gotten value (not before)</li> <li>Pro features should be visible but locked (grey out, don't hide)</li> </ul> <p><strong>Example — Procshot:</strong></p> <ul> <li>Free: 5 procedure captures per month</li> <li>Pro: Unlimited captures + markdown/HTML/PDF export</li> <li>The limit hits after the user has already created valuable documentation</li> <li>Export formats are visible but locked with a Pro badge</li> </ul> <h2> Payment Infrastructure </h2> <h3> ExtensionPay + Stripe </h3> <p>I use <a href="https://extensionpay.com" rel="noopener noreferrer">ExtensionPay</a> which wraps Stripe for Chrome extension payments. The setup:</p> <ol> <li>Register extension on ExtensionPay</li> <li>Add ExtPay SDK to your extension</li> <li>ExtPay handles the payment page, Stripe processes payments</li> <li>Your extension checks payment status via ExtPay API</li> </ol> <p><strong>Cost:</strong> ExtensionPay takes a flat fee per transaction on top of Stripe's standard 2.9% + 30 cents.</p> <h3> Subscription Management in MV3 </h3> <p>The tricky part is checking subscription status in a Manifest V3 service worker that can be terminated at any time:</p> <ol> <li>Background service worker holds the ExtPay instance</li> <li>On payment/trial events, cache the subscription in chrome.storage.local</li> <li>Content scripts and popups query the background via chrome.runtime.sendMessage</li> <li>If background is sleeping, fall back to cached data (5-minute TTL)</li> <li>Periodic refresh via chrome.alarms (every 60 minutes)</li> </ol> <p>This ensures paid users never get locked out, even if the network or service worker is temporarily unavailable.</p> <h2> What I've Learned </h2> <h3> Pricing Insights </h3> <ul> <li> <strong>$3-5/mo is the sweet spot</strong> for utility extensions. Higher prices work only for niche professional tools.</li> <li> <strong>Annual plans convert at 2x monthly</strong> when offered at a 40-50% discount</li> <li> <strong>JPY pricing for Japanese users</strong> increases conversion significantly (InvoiceReader: 980 JPY vs $9.99 equivalent)</li> </ul> <h3> Conversion Patterns </h3> <ul> <li>Average free-to-paid conversion: <strong>2-4%</strong> across all extensions</li> <li>Reverse trial increases conversion by <strong>~60%</strong> compared to no trial</li> <li>Users who hit the free limit within 7 days are <strong>5x more likely</strong> to convert</li> <li>The paywall modal shown at the moment of limitation (not randomly) converts <strong>3x better</strong> </li> </ul> <h3> What Doesn't Work </h3> <ul> <li>Aggressive upsell popups (users uninstall)</li> <li>Hiding features completely (users don't know what they're missing)</li> <li>Time-limited free trials without reverse trial (users forget to convert)</li> <li>Pricing above $10/mo for general-purpose tools</li> </ul> <h2> Revenue Growth Strategy </h2> <p>My 90-day plan to reach $650/month:</p> <ol> <li> <strong>Month 1</strong>: Optimize free tier limits + implement reverse trial on all 7 extensions</li> <li> <strong>Month 2</strong>: Add annual pricing + improve paywall design + cross-promotion</li> <li> <strong>Month 3</strong>: Content marketing (Dev.to, Zenn) + Product Hunt launch for top extension</li> </ol> <p>The key insight: revenue growth comes from <strong>reducing friction in the conversion funnel</strong>, not from adding more features.</p> <h2> Key Takeaways </h2> <ol> <li>Freemium is the only viable model for CWS</li> <li>Reverse trials outperform traditional trials</li> <li>Set free limits at the point of value, not before</li> <li>Cache subscription state aggressively for MV3 resilience</li> <li>Price at $3-5/mo for utility extensions</li> <li>Show Pro features locked, never hidden</li> </ol> <p><em>Built by <a href="https://dev-tools-hub.xyz/?utm_source=devto&amp;utm_medium=article&amp;utm_campaign=monetization" rel="noopener noreferrer">S-Hub</a> — 17 Chrome extensions, 7 with freemium monetization.</em></p> <h3> Explore S-Hub Extensions </h3> <ul> <li> <a href="https://chromewebstore.google.com/detail/procshot" rel="noopener noreferrer">Procshot</a> — Auto-capture browser steps</li> <li> <a href="https://chromewebstore.google.com/detail/epoehadeccangbpjldlbkapnakndbpkf" rel="noopener noreferrer">DataPick</a> — Extract data from any webpage</li> <li> <a href="https://chromewebstore.google.com/detail/promptstash" rel="noopener noreferrer">PromptStash</a> — Save and manage AI prompts</li> <li> <a href="https://chromewebstore.google.com/detail/inejhohffndeacbihghjcobndpoejdfn" rel="noopener noreferrer">ReadMark</a> — Save your reading position</li> </ul> <p>See all extensions at <a href="https://dev-tools-hub.xyz/?utm_source=devto&amp;utm_medium=article&amp;utm_campaign=monetization" rel="noopener noreferrer">dev-tools-hub.xyz</a></p> chrome webdev marketing javascript I Built a Chrome Extension That Checks Japanese Subscription Terms with AI SHOTA Tue, 05 May 2026 16:00:45 +0000 https://forem.com/_350df62777eb55e1/i-built-a-chrome-extension-that-checks-japanese-subscription-terms-with-ai-1mkf https://forem.com/_350df62777eb55e1/i-built-a-chrome-extension-that-checks-japanese-subscription-terms-with-ai-1mkf <p>Japanese subscription services have a problem with terms and conditions.</p> <p>Not the length — that's universal. The specific issue is that Japanese cancellation terms, automatic renewal clauses, and price change notifications are buried in dense legal Japanese that's difficult to parse even for native speakers. The phrasing is designed to be compliant, not readable.</p> <p>I've been surprised by charges I didn't expect. A streaming service I thought I'd cancelled. A software license that auto-renewed at double the introductory price. A free trial that converted to a paid plan because the cancellation window was "within 3 days of the trial end date" buried in paragraph 12 of the terms.</p> <p><strong>ToritekiCheck</strong> (取適チェック) is a Chrome extension that analyzes subscription terms and conditions pages with GPT and summarizes the important parts in plain Japanese.</p> <h2> What It Analyzes </h2> <p>When you're on a service's terms page or subscription confirmation page, the extension scans for:</p> <ul> <li> <strong>自動更新条件</strong> (Auto-renewal conditions): When does it renew, what triggers it, how far in advance can you cancel?</li> <li> <strong>解約方法・期限</strong> (Cancellation method and deadline): How do you cancel, what's the deadline?</li> <li> <strong>価格変更通知</strong> (Price change notification): How will you be told if the price changes?</li> <li> <strong>無料期間の終了</strong> (Free trial end): Exactly when does the trial end and what happens after?</li> <li> <strong>返金ポリシー</strong> (Refund policy): Under what conditions can you get a refund?</li> </ul> <p>The output is a structured summary in plain Japanese, not the original legalese.</p> <h2> Architecture </h2> <p>The extension uses a side panel (Chrome's <code>sidePanel</code> API) rather than a popup, which gives enough vertical space to display detailed findings without feeling cramped.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>ToritekiCheck/ ├── entrypoints/ │ ├── content.ts # Page text extraction │ ├── sidepanel/ # React UI for results │ └── background.ts # API calls, message routing └── lib/ ├── extractor.ts # Terms text extraction heuristics ├── analyzer.ts # GPT call via Vercel proxy └── storage.ts # Usage count, settings </code></pre> </div> <h3> Extracting Terms Text </h3> <p>Not every page that has "terms" in the URL is a terms page in the relevant sense. I need to find the actual terms content while ignoring navigation, footers, and cookie banners.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">function</span> <span class="nf">extractTermsText</span><span class="p">(</span><span class="nx">doc</span><span class="p">:</span> <span class="nx">Document</span><span class="p">):</span> <span class="kr">string</span> <span class="p">{</span> <span class="c1">// Common terms container patterns in Japanese sites</span> <span class="kd">const</span> <span class="nx">selectors</span> <span class="o">=</span> <span class="p">[</span> <span class="dl">'</span><span class="s1">article</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">[class*="terms"]</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">[class*="kiyaku"]</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// 規約 in romaji</span> <span class="dl">'</span><span class="s1">[class*="agreement"]</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">[id*="terms"]</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">[id*="policy"]</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">main</span><span class="dl">'</span><span class="p">,</span> <span class="p">];</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">selector</span> <span class="k">of</span> <span class="nx">selectors</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">el</span> <span class="o">=</span> <span class="nx">doc</span><span class="p">.</span><span class="nf">querySelector</span><span class="p">(</span><span class="nx">selector</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">el</span> <span class="o">&amp;&amp;</span> <span class="nx">el</span><span class="p">.</span><span class="nx">textContent</span> <span class="o">&amp;&amp;</span> <span class="nx">el</span><span class="p">.</span><span class="nx">textContent</span><span class="p">.</span><span class="nf">trim</span><span class="p">().</span><span class="nx">length</span> <span class="o">&gt;</span> <span class="mi">500</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">cleanText</span><span class="p">(</span><span class="nx">el</span><span class="p">.</span><span class="nx">textContent</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// Fallback: body text minus nav/header/footer</span> <span class="k">return</span> <span class="nf">extractBodyContent</span><span class="p">(</span><span class="nx">doc</span><span class="p">);</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">cleanText</span><span class="p">(</span><span class="nx">text</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="kr">string</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">text</span> <span class="p">.</span><span class="nf">replace</span><span class="p">(</span><span class="sr">/</span><span class="se">\s</span><span class="sr">+/g</span><span class="p">,</span> <span class="dl">'</span><span class="s1"> </span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">replace</span><span class="p">(</span><span class="sr">/</span><span class="se">[\u</span><span class="sr">200B-</span><span class="se">\u</span><span class="sr">200D</span><span class="se">\u</span><span class="sr">FEFF</span><span class="se">]</span><span class="sr">/g</span><span class="p">,</span> <span class="dl">''</span><span class="p">)</span> <span class="c1">// Zero-width characters</span> <span class="p">.</span><span class="nf">trim</span><span class="p">()</span> <span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="mi">8000</span><span class="p">);</span> <span class="c1">// GPT context limit</span> <span class="p">}</span> </code></pre> </div> <p>The 8000-character limit cuts most terms documents significantly, but the auto-renewal and cancellation clauses usually appear in the first third of any terms document (near the subscription-specific sections).</p> <h3> The GPT Analysis Prompt </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">ANALYSIS_PROMPT</span> <span class="o">=</span> <span class="s2">` あなたは日本のサブスクリプションサービスの規約分析の専門家です。 以下の利用規約・特定商取引法に基づく表示から、ユーザーが特に注意すべき項目を抽出してください。 【抽出する項目】 1. 自動更新条件(更新タイミング、事前通知の有無) 2. 解約方法と解約期限(どのように、いつまでに解約が必要か) 3. 無料期間の終了条件(いつ有料に切り替わるか) 4. 価格変更の通知方法 5. 返金ポリシー 【出力形式】JSON { "autoRenewal": { "exists": boolean, "conditions": string, "riskLevel": "high"|"medium"|"low" }, "cancellation": { "method": string, "deadline": string, "riskLevel": "high"|"medium"|"low" }, "freeTrial": { "endCondition": string, "conversionDate": string | null }, "priceChange": { "notificationMethod": string }, "refundPolicy": { "available": boolean, "conditions": string }, "summary": "最も重要な点を1-2文で要約" } 見つからない項目は null にしてください。 `</span><span class="p">;</span> </code></pre> </div> <p>The structured JSON output makes it easy to render each section with appropriate risk indicators in the UI.</p> <h3> Free Tier Limits </h3> <p>The extension has a free tier (3 analyses per month) and a Pro tier (unlimited). Usage is tracked per calendar month:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">async</span> <span class="kd">function</span> <span class="nf">checkAndIncrementUsage</span><span class="p">():</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="p">{</span> <span class="na">allowed</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">remaining</span><span class="p">:</span> <span class="kr">number</span> <span class="p">}</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">now</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">monthKey</span> <span class="o">=</span> <span class="s2">`</span><span class="p">${</span><span class="nx">now</span><span class="p">.</span><span class="nf">getFullYear</span><span class="p">()}</span><span class="s2">-</span><span class="p">${</span><span class="nc">String</span><span class="p">(</span><span class="nx">now</span><span class="p">.</span><span class="nf">getMonth</span><span class="p">()</span> <span class="o">+</span> <span class="mi">1</span><span class="p">).</span><span class="nf">padStart</span><span class="p">(</span><span class="mi">2</span><span class="p">,</span> <span class="dl">'</span><span class="s1">0</span><span class="dl">'</span><span class="p">)}</span><span class="s2">`</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">storage</span><span class="p">.</span><span class="nx">local</span><span class="p">.</span><span class="nf">get</span><span class="p">([</span><span class="dl">'</span><span class="s1">usage</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">isPro</span><span class="dl">'</span><span class="p">]);</span> <span class="k">if </span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">isPro</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span> <span class="na">allowed</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">remaining</span><span class="p">:</span> <span class="kc">Infinity</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">usage</span> <span class="o">=</span> <span class="nx">data</span><span class="p">.</span><span class="nx">usage</span> <span class="o">??</span> <span class="p">{};</span> <span class="kd">const</span> <span class="nx">currentMonthCount</span> <span class="o">=</span> <span class="nx">usage</span><span class="p">[</span><span class="nx">monthKey</span><span class="p">]</span> <span class="o">??</span> <span class="mi">0</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">currentMonthCount</span> <span class="o">&gt;=</span> <span class="nx">FREE_LIMITS</span><span class="p">.</span><span class="nx">MONTHLY_ANALYSES</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">allowed</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">remaining</span><span class="p">:</span> <span class="mi">0</span> <span class="p">};</span> <span class="p">}</span> <span class="c1">// Increment</span> <span class="k">await</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">storage</span><span class="p">.</span><span class="nx">local</span><span class="p">.</span><span class="nf">set</span><span class="p">({</span> <span class="na">usage</span><span class="p">:</span> <span class="p">{</span> <span class="p">...</span><span class="nx">usage</span><span class="p">,</span> <span class="p">[</span><span class="nx">monthKey</span><span class="p">]:</span> <span class="nx">currentMonthCount</span> <span class="o">+</span> <span class="mi">1</span> <span class="p">},</span> <span class="p">});</span> <span class="k">return</span> <span class="p">{</span> <span class="na">allowed</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">remaining</span><span class="p">:</span> <span class="nx">FREE_LIMITS</span><span class="p">.</span><span class="nx">MONTHLY_ANALYSES</span> <span class="o">-</span> <span class="nx">currentMonthCount</span> <span class="o">-</span> <span class="mi">1</span><span class="p">,</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <p>Month-key storage means usage resets automatically without any cleanup job — old month keys accumulate but are tiny. A periodic cleanup job removes keys older than 3 months.</p> <h2> The Proxy Requirement </h2> <p>Like my other AI-powered extensions, ToritekiCheck routes GPT calls through a Vercel serverless function. The API key lives server-side. The extension sends only the extracted terms text.</p> <p>The data handling is important to be transparent about: the terms text (up to 8000 characters from a public terms page) is sent to the proxy, then to OpenAI for analysis. The text is not stored. This is disclosed in the CWS privacy settings and the in-extension UI.</p> <h2> What I Learned About Freemium for Utility Extensions </h2> <p>The 3-analysis-per-month limit is intentionally generous for casual users. Most people check subscription terms 1-2 times a month at most. The Pro tier is for people who review contracts professionally or have a high volume of subscriptions to manage.</p> <p>This is different from productivity tools where the free limit needs to be tight enough to create upgrade pressure. For an occasional-use utility, being too restrictive hurts word-of-mouth without gaining proportional upgrades.</p> <p>ToritekiCheck is live on the Chrome Web Store.</p> <p><em>Built with WXT + React + TypeScript. AI analysis via GPT-4o-mini through a Vercel proxy.</em></p> chrome javascript webdev japan I Built a Chrome Extension That Auto-Fills Any Form — Encrypted, No Cloud SHOTA Tue, 05 May 2026 15:59:09 +0000 https://forem.com/_350df62777eb55e1/i-built-a-chrome-extension-that-auto-fills-any-form-encrypted-no-cloud-3l90 https://forem.com/_350df62777eb55e1/i-built-a-chrome-extension-that-auto-fills-any-form-encrypted-no-cloud-3l90 <p>I run a few side projects. The paperwork reality of running side projects is filling in the same company name, address, phone number, and tax ID into web forms, over and over, on vendor portals, invoice tools, e-commerce seller dashboards, and government registration pages.</p> <p>My password manager handles login credentials. It doesn't handle business info particularly well. So I built FormFill Vault.</p> <h2> The problem is more specific than it sounds </h2> <p>Password managers are great at what they do. But "what they do" is structured around credentials: username, password, maybe a TOTP. When you hit an invoice form that wants your company legal name, postal code (Japanese 7-digit format), city/ward, building, floor, room number, fax, and tax registration number — in separate fields — the auto-fill either ignores most of it or fills random fields incorrectly.</p> <p>The other option is a browser profile. Browsers let you save your address. One address. In one format. That doesn't cover the seller who has three business registrations.</p> <p>FormFill Vault's model is simple: you create named profiles (Personal, Work, Side Project A), fill them in once, and click a button to fill whatever form is in front of you. The extension matches fields heuristically, fires the right events for React/Vue apps, and moves on.</p> <h2> The technical part I found interesting: storing encrypted data in chrome.storage.local </h2> <p>The obvious implementation is: save profiles as JSON in <code>chrome.storage.local</code>. But profiles contain business addresses and potentially invoice numbers. Storing them in plaintext felt wrong.</p> <p>So I added AES-256-GCM encryption via the Web Crypto API. The implementation itself is straightforward:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">key</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">crypto</span><span class="p">.</span><span class="nx">subtle</span><span class="p">.</span><span class="nf">generateKey</span><span class="p">(</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">AES-GCM</span><span class="dl">'</span><span class="p">,</span> <span class="na">length</span><span class="p">:</span> <span class="mi">256</span> <span class="p">},</span> <span class="kc">true</span><span class="p">,</span> <span class="p">[</span><span class="dl">'</span><span class="s1">encrypt</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">decrypt</span><span class="dl">'</span><span class="p">]</span> <span class="p">);</span> <span class="kd">const</span> <span class="nx">iv</span> <span class="o">=</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">getRandomValues</span><span class="p">(</span><span class="k">new</span> <span class="nc">Uint8Array</span><span class="p">(</span><span class="mi">12</span><span class="p">));</span> <span class="kd">const</span> <span class="nx">ciphertext</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">crypto</span><span class="p">.</span><span class="nx">subtle</span><span class="p">.</span><span class="nf">encrypt</span><span class="p">({</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">AES-GCM</span><span class="dl">'</span><span class="p">,</span> <span class="nx">iv</span> <span class="p">},</span> <span class="nx">key</span><span class="p">,</span> <span class="nx">encoded</span><span class="p">);</span> </code></pre> </div> <p>The part that tripped me up: persisting the key.</p> <p><code>chrome.storage.local</code> uses JSON serialization internally. An <code>ArrayBuffer</code> — which is what <code>crypto.subtle.exportKey('raw', key)</code> returns — serializes to <code>{}</code>. You store it, you read back an empty object, your key is gone, and all your encrypted profiles are permanently unreadable.</p> <p>The fix is one line, but it's the kind of thing you only know if you've already lost data to it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Broken: ArrayBuffer becomes {} in JSON</span> <span class="k">await</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">storage</span><span class="p">.</span><span class="nx">local</span><span class="p">.</span><span class="nf">set</span><span class="p">({</span> <span class="na">key</span><span class="p">:</span> <span class="nx">exportedKeyBuffer</span> <span class="p">});</span> <span class="c1">// Working: serialize to plain number array before storing</span> <span class="k">await</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">storage</span><span class="p">.</span><span class="nx">local</span><span class="p">.</span><span class="nf">set</span><span class="p">({</span> <span class="na">key</span><span class="p">:</span> <span class="nb">Array</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="k">new</span> <span class="nc">Uint8Array</span><span class="p">(</span><span class="nx">exportedKeyBuffer</span><span class="p">))</span> <span class="p">});</span> <span class="c1">// On retrieval:</span> <span class="kd">const</span> <span class="nx">keyBuffer</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Uint8Array</span><span class="p">(</span><span class="nx">storedArray</span><span class="p">).</span><span class="nx">buffer</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">key</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">crypto</span><span class="p">.</span><span class="nx">subtle</span><span class="p">.</span><span class="nf">importKey</span><span class="p">(</span><span class="dl">'</span><span class="s1">raw</span><span class="dl">'</span><span class="p">,</span> <span class="nx">keyBuffer</span><span class="p">,</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">AES-GCM</span><span class="dl">'</span> <span class="p">},</span> <span class="kc">false</span><span class="p">,</span> <span class="p">[</span><span class="dl">'</span><span class="s1">encrypt</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">decrypt</span><span class="dl">'</span><span class="p">]);</span> </code></pre> </div> <p>The key lives in <code>chrome.storage.local</code> as a plain number array. On every read, it's reconstructed into a <code>CryptoKey</code>. The IV is prepended to the ciphertext and stored as Base64. The key never leaves the browser.</p> <h2> The form filling part: matching fields without a schema </h2> <p>The harder problem is that forms don't have a standard schema. Every vendor portal has different field names. Some use <code>last_name</code>, some use <code>familyName</code>, some use <code>surname</code>, some use Japanese <code>姓</code>.</p> <p>I built a heuristic matcher that checks, in order:</p> <ol> <li>The field's <code>name</code> and <code>id</code> attributes</li> <li>The <code>placeholder</code> and <code>aria-label</code> text</li> <li>The <code>autocomplete</code> attribute</li> <li>The associated <code>&lt;label for="..."&gt;</code> text if the field has an <code>id</code> </li> </ol> <p>Each field type in the profile has a regex pattern. The address fields include Japanese kanji and katakana patterns. It's not perfect — edge cases in deeply custom enterprise portals exist — but it handles the common 80% of business forms without configuration.</p> <p>One more thing: injecting values into React or Vue forms. You can't just <code>element.value = 'new value'</code> and dispatch a standard event. Those frameworks intercept the native input value setter. The fix is to use <code>Object.getOwnPropertyDescriptor</code> to get the original setter and call it directly, then dispatch both <code>input</code> and <code>change</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">nativeInputValueSetter</span> <span class="o">=</span> <span class="nb">Object</span><span class="p">.</span><span class="nf">getOwnPropertyDescriptor</span><span class="p">(</span> <span class="nx">HTMLInputElement</span><span class="p">.</span><span class="nx">prototype</span><span class="p">,</span> <span class="dl">'</span><span class="s1">value</span><span class="dl">'</span> <span class="p">)?.</span><span class="kd">set</span><span class="p">;</span> <span class="nx">nativeInputValueSetter</span><span class="p">?.</span><span class="nf">call</span><span class="p">(</span><span class="nx">element</span><span class="p">,</span> <span class="nx">value</span><span class="p">);</span> <span class="nx">element</span><span class="p">.</span><span class="nf">dispatchEvent</span><span class="p">(</span><span class="k">new</span> <span class="nc">Event</span><span class="p">(</span><span class="dl">'</span><span class="s1">input</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">bubbles</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}));</span> <span class="nx">element</span><span class="p">.</span><span class="nf">dispatchEvent</span><span class="p">(</span><span class="k">new</span> <span class="nc">Event</span><span class="p">(</span><span class="dl">'</span><span class="s1">change</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">bubbles</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}));</span> </code></pre> </div> <p>This is the standard workaround for triggering React state updates from external scripts.</p> <h2> What the extension actually is </h2> <p>FormFill Vault stores up to 3 profiles on the free plan. Pro removes the limit. All encryption, autofill, and the postal code lookup (a local static dictionary — no API calls) run locally. No network requests for profile operations.</p> <p>It's available on the Chrome Web Store: [FormFill Vault — link coming soon]</p> <p>If you do any amount of paperwork involving the same business data across multiple sites, it's the kind of tool you don't notice until you don't have it.</p> <p><em>I'm also building <a href="https://chromewebstore.google.com/detail/ieblehdloggcpmkncplccjofeoakhkll" rel="noopener noreferrer">Procshot</a> (browser workflow documentation) and other small dev tools at <a href="https://dev-tools-hub.xyz" rel="noopener noreferrer">dev-tools-hub.xyz</a>. These posts are technical notes from building them.</em></p> chromeextension webdev productivity javascript I Built an AI-Powered Japanese Trade Law Compliance Checker as a Chrome Extension SHOTA Tue, 05 May 2026 09:00:00 +0000 https://forem.com/_350df62777eb55e1/i-built-an-ai-powered-japanese-trade-law-compliance-checker-as-a-chrome-extension-1bk8 https://forem.com/_350df62777eb55e1/i-built-an-ai-powered-japanese-trade-law-compliance-checker-as-a-chrome-extension-1bk8 <p>Japan's Subcontracting Act (Toriteki-ho / 取引適正化促進法, commonly called 下請法) governs transactions between large businesses and their subcontractors. It mandates specific payment terms, required contract clauses, and prohibits certain business practices — and violations carry significant penalties from the Fair Trade Commission.</p> <p>The problem: compliance checking is tedious. Most small businesses and freelancers either don't know the rules or spend time manually cross-referencing contract documents against the law's requirements. I built <a href="https://chromewebstore.google.com/detail/toritekicheck/YOUR_ID" rel="noopener noreferrer">ToritekiCheck</a>, an AI-powered Chrome extension that analyzes contract text and flags potential violations in seconds.</p> <h2> What the Law Actually Requires </h2> <p>The Subcontracting Act applies to transactions where a larger company subcontracts to a smaller company (thresholds based on capital: manufacturing &gt;=30M yen, services &gt;=50M yen). When it applies, the ordering company must:</p> <ol> <li>Issue a written order (発注書) with specific required fields</li> <li>Pay within 60 days of receiving the goods/service</li> <li>Not require promissory note payment (手形払い) in many cases</li> <li>Not unilaterally reduce prices after work is complete</li> <li>Not return deliverables without cause</li> </ol> <p>The extension checks for these conditions — specifically scanning for payment term violations and missing required clauses that are most commonly flagged in FTC investigations.</p> <h2> Architecture: Extension + Vercel API Proxy </h2> <p>The core analysis is done by an LLM. Rather than requiring users to provide their own API key, the extension routes requests through a Vercel serverless function:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Chrome Extension -&gt; POST /api/llm/chat (Vercel) -&gt; Claude API -&gt; Response </code></pre> </div> <p>The Vercel function holds the API key server-side:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// /api/llm/chat/route.ts</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">POST</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">Request</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">messages</span><span class="p">,</span> <span class="nx">system</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">request</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">https://api.anthropic.com/v1/messages</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">x-api-key</span><span class="dl">'</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">ANTHROPIC_API_KEY</span><span class="o">!</span><span class="p">,</span> <span class="dl">'</span><span class="s1">anthropic-version</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">2023-06-01</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">content-type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">model</span><span class="p">:</span> <span class="dl">'</span><span class="s1">claude-haiku-4-5-20251001</span><span class="dl">'</span><span class="p">,</span> <span class="na">max_tokens</span><span class="p">:</span> <span class="mi">1024</span><span class="p">,</span> <span class="nx">system</span><span class="p">,</span> <span class="nx">messages</span><span class="p">,</span> <span class="p">}),</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">Response</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">());</span> <span class="p">}</span> </code></pre> </div> <p>Using <code>claude-haiku-4-5-20251001</code> keeps latency low and cost manageable for free-tier users.</p> <h2> Extracting Contract Text from the DOM </h2> <p>Contract documents come in several formats: PDF viewers, HTML pages, Google Docs embeds, and plain text areas. The extension uses a priority-ordered extraction strategy:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">function</span> <span class="nf">extractContractText</span><span class="p">():</span> <span class="kr">string</span> <span class="p">{</span> <span class="c1">// Priority 1: User-selected text</span> <span class="kd">const</span> <span class="nx">selection</span> <span class="o">=</span> <span class="nb">window</span><span class="p">.</span><span class="nf">getSelection</span><span class="p">()?.</span><span class="nf">toString</span><span class="p">().</span><span class="nf">trim</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">selection</span> <span class="o">&amp;&amp;</span> <span class="nx">selection</span><span class="p">.</span><span class="nx">length</span> <span class="o">&gt;</span> <span class="mi">50</span><span class="p">)</span> <span class="k">return</span> <span class="nx">selection</span><span class="p">;</span> <span class="c1">// Priority 2: Active textarea / contenteditable</span> <span class="kd">const</span> <span class="nx">activeEl</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nx">activeElement</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">activeEl</span> <span class="k">instanceof</span> <span class="nx">HTMLTextAreaElement</span><span class="p">)</span> <span class="k">return</span> <span class="nx">activeEl</span><span class="p">.</span><span class="nx">value</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">activeEl</span><span class="p">?.</span><span class="nf">getAttribute</span><span class="p">(</span><span class="dl">'</span><span class="s1">contenteditable</span><span class="dl">'</span><span class="p">)</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">true</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">activeEl</span><span class="p">.</span><span class="nx">textContent</span> <span class="o">||</span> <span class="dl">''</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Priority 3: Main content heuristic</span> <span class="kd">const</span> <span class="nx">candidates</span> <span class="o">=</span> <span class="p">[</span> <span class="nb">document</span><span class="p">.</span><span class="nf">querySelector</span><span class="p">(</span><span class="dl">'</span><span class="s1">article</span><span class="dl">'</span><span class="p">),</span> <span class="nb">document</span><span class="p">.</span><span class="nf">querySelector</span><span class="p">(</span><span class="dl">'</span><span class="s1">main</span><span class="dl">'</span><span class="p">),</span> <span class="nb">document</span><span class="p">.</span><span class="nf">querySelector</span><span class="p">(</span><span class="dl">'</span><span class="s1">[role="main"]</span><span class="dl">'</span><span class="p">),</span> <span class="nb">document</span><span class="p">.</span><span class="nf">querySelector</span><span class="p">(</span><span class="dl">'</span><span class="s1">.contract</span><span class="dl">'</span><span class="p">),</span> <span class="nb">document</span><span class="p">.</span><span class="nx">body</span><span class="p">,</span> <span class="p">].</span><span class="nf">filter</span><span class="p">(</span><span class="nb">Boolean</span><span class="p">)</span> <span class="k">as</span> <span class="nx">Element</span><span class="p">[];</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">el</span> <span class="k">of</span> <span class="nx">candidates</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">text</span> <span class="o">=</span> <span class="nx">el</span><span class="p">.</span><span class="nx">textContent</span><span class="p">?.</span><span class="nf">trim</span><span class="p">()</span> <span class="o">||</span> <span class="dl">''</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">text</span><span class="p">.</span><span class="nx">length</span> <span class="o">&gt;</span> <span class="mi">200</span><span class="p">)</span> <span class="k">return</span> <span class="nx">text</span><span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="mi">8000</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="dl">''</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>The 8000-character limit prevents hitting the LLM's context window and keeps costs predictable.</p> <h2> The Analysis Prompt </h2> <p>The system prompt is the heart of the product. After several iterations with real contract samples, I settled on structured JSON output with severity levels:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">SYSTEM_PROMPT</span> <span class="o">=</span> <span class="s2">`You are a Japanese Subcontracting Act compliance expert. Analyze the provided contract text and identify potential violations or missing required elements. Output a JSON object with this structure: { "applicable": boolean, "violations": [ { "type": string, "severity": "high" | "medium" | "low", "description": string, "relevant_text": string, "legal_basis": string } ], "required_clauses_present": { "transaction_type": boolean, "delivery_date": boolean, "inspection_date": boolean, "payment_method": boolean, "payment_date": boolean, "price": boolean }, "summary": string } Focus on: 1. Payment terms exceeding 60 days after receipt 2. Promissory note payment requirements 3. Missing mandatory order form fields (Article 3) 4. Price reduction clauses that may violate Article 4 5. Return conditions that may violate Article 4`</span><span class="p">;</span> </code></pre> </div> <h2> Rendering Results </h2> <p>The popup receives the JSON and renders a color-coded compliance report:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">function</span> <span class="nf">renderResults</span><span class="p">(</span><span class="nx">analysis</span><span class="p">:</span> <span class="nx">AnalysisResult</span><span class="p">):</span> <span class="k">void</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">container</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nf">getElementById</span><span class="p">(</span><span class="dl">'</span><span class="s1">results</span><span class="dl">'</span><span class="p">)</span><span class="o">!</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">analysis</span><span class="p">.</span><span class="nx">applicable</span><span class="p">)</span> <span class="p">{</span> <span class="nx">container</span><span class="p">.</span><span class="nx">innerHTML</span> <span class="o">=</span> <span class="s2">`&lt;div class="notice"&gt;この契約書には下請法が適用されない可能性があります。&lt;/div&gt;`</span><span class="p">;</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">highCount</span> <span class="o">=</span> <span class="nx">analysis</span><span class="p">.</span><span class="nx">violations</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="nx">v</span> <span class="o">=&gt;</span> <span class="nx">v</span><span class="p">.</span><span class="nx">severity</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">high</span><span class="dl">'</span><span class="p">).</span><span class="nx">length</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">statusClass</span> <span class="o">=</span> <span class="nx">highCount</span> <span class="o">&gt;</span> <span class="mi">0</span> <span class="p">?</span> <span class="dl">'</span><span class="s1">danger</span><span class="dl">'</span> <span class="p">:</span> <span class="nx">analysis</span><span class="p">.</span><span class="nx">violations</span><span class="p">.</span><span class="nx">length</span> <span class="o">&gt;</span> <span class="mi">0</span> <span class="p">?</span> <span class="dl">'</span><span class="s1">warning</span><span class="dl">'</span> <span class="p">:</span> <span class="dl">'</span><span class="s1">safe</span><span class="dl">'</span><span class="p">;</span> <span class="nx">container</span><span class="p">.</span><span class="nx">innerHTML</span> <span class="o">=</span> <span class="s2">` &lt;div class="status </span><span class="p">${</span><span class="nx">statusClass</span><span class="p">}</span><span class="s2">"&gt; </span><span class="p">${</span><span class="nx">highCount</span> <span class="o">&gt;</span> <span class="mi">0</span> <span class="p">?</span> <span class="s2">`Warning: </span><span class="p">${</span><span class="nx">highCount</span><span class="p">}</span><span class="s2"> critical issues`</span> <span class="p">:</span> <span class="nx">analysis</span><span class="p">.</span><span class="nx">violations</span><span class="p">.</span><span class="nx">length</span> <span class="o">&gt;</span> <span class="mi">0</span> <span class="p">?</span> <span class="s2">`Note: </span><span class="p">${</span><span class="nx">analysis</span><span class="p">.</span><span class="nx">violations</span><span class="p">.</span><span class="nx">length</span><span class="p">}</span><span class="s2"> issues`</span> <span class="p">:</span> <span class="dl">'</span><span class="s1">No issues detected</span><span class="dl">'</span><span class="p">}</span><span class="s2"> &lt;/div&gt; </span><span class="p">${</span><span class="nx">analysis</span><span class="p">.</span><span class="nx">violations</span><span class="p">.</span><span class="nf">map</span><span class="p">(</span><span class="nx">v</span> <span class="o">=&gt;</span> <span class="s2">` &lt;div class="violation severity-</span><span class="p">${</span><span class="nx">v</span><span class="p">.</span><span class="nx">severity</span><span class="p">}</span><span class="s2">"&gt; &lt;p&gt;</span><span class="p">${</span><span class="nx">v</span><span class="p">.</span><span class="nx">description</span><span class="p">}</span><span class="s2">&lt;/p&gt; &lt;code&gt;</span><span class="p">${</span><span class="nx">v</span><span class="p">.</span><span class="nx">relevant_text</span><span class="p">}</span><span class="s2">&lt;/code&gt; &lt;small&gt;</span><span class="p">${</span><span class="nx">v</span><span class="p">.</span><span class="nx">legal_basis</span><span class="p">}</span><span class="s2">&lt;/small&gt; &lt;/div&gt; `</span><span class="p">).</span><span class="nf">join</span><span class="p">(</span><span class="dl">''</span><span class="p">)}</span><span class="s2"> &lt;div class="summary"&gt;</span><span class="p">${</span><span class="nx">analysis</span><span class="p">.</span><span class="nx">summary</span><span class="p">}</span><span class="s2">&lt;/div&gt;`</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h2> Handling Japanese Legal Text </h2> <p>Japanese legal documents have conventions that don't map cleanly to standard NLP:</p> <ul> <li>Formal grammar patterns (〜するものとする, 〜する旨) differ significantly from everyday text</li> <li>Counter-intuitive negations: 「支払わないものとする」 looks structurally similar to 「支払うものとする」</li> <li>Payment terms might be expressed as 「60日以内」, 「2ヶ月」, or embedded in prose</li> </ul> <p>The LLM handles most of these naturally, but I add explicit guidance in the prompt to flag ambiguous payment clauses for human review rather than treating them as definitive violations.</p> <h2> Try ToritekiCheck </h2> <p>ToritekiCheck is free for basic compliance scanning. The Pro plan adds detailed clause-by-clause analysis, scan history, and PDF report export.</p> <p><a href="https://chromewebstore.google.com/detail/toritekicheck/YOUR_ID" rel="noopener noreferrer">View on Chrome Web Store</a></p> <p>If you work with Japanese business contracts and want to share feedback on analysis accuracy, leave a comment below.</p> <p><em>Other tools I've built:</em></p> <p><a href="https://chromewebstore.google.com/detail/ieblehdloggcpmkncplccjofeoakhkll" rel="noopener noreferrer">View on Chrome Web Store</a><br> <a href="https://chromewebstore.google.com/detail/epoehadeccangbpjldlbkapnakndbpkf" rel="noopener noreferrer">View on Chrome Web Store</a></p> chromeextension javascript japan ai Manifest V3 Migration: The Gotchas Nobody Warned Me About SHOTA Mon, 04 May 2026 16:04:09 +0000 https://forem.com/_350df62777eb55e1/manifest-v3-migration-the-gotchas-nobody-warned-me-about-2imh https://forem.com/_350df62777eb55e1/manifest-v3-migration-the-gotchas-nobody-warned-me-about-2imh <p>When Google announced the Manifest V3 deadline, the developer community had a lot to say — most of it negative. The service worker model was rightly criticized as a regression for ad blockers and complex extensions.</p> <p>I've now migrated 18 extensions from MV2 to MV3, or built them MV3-native from the start. The commonly documented issues (no persistent background pages, limited webRequest) are real. But there's a longer list of subtler problems I hit that weren't well-documented.</p> <p>Here's what actually caught me off guard.</p> <h2> 1. Service Workers Die at Inopportune Times </h2> <p>This is the most-discussed MV3 change, but the extent of it surprised me. The service worker doesn't just "stop when idle" — it can be terminated after as little as 30 seconds of inactivity, even mid-operation.</p> <p>The failure mode is subtle: a message from a content script reaches the service worker just as it's being terminated. The message is lost. The content script gets no response. No error, no log, just silence.</p> <p><strong>The fix</strong>: Always assume the service worker might not be running. Content scripts should retry with exponential backoff:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">async</span> <span class="kd">function</span> <span class="nf">sendToBackground</span><span class="o">&lt;</span><span class="nx">T</span><span class="o">&gt;</span><span class="p">(</span> <span class="nx">message</span><span class="p">:</span> <span class="nx">unknown</span><span class="p">,</span> <span class="nx">maxRetries</span> <span class="o">=</span> <span class="mi">3</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">T</span><span class="o">&gt;</span> <span class="p">{</span> <span class="k">for </span><span class="p">(</span><span class="kd">let</span> <span class="nx">attempt</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="nx">attempt</span> <span class="o">&lt;</span> <span class="nx">maxRetries</span><span class="p">;</span> <span class="nx">attempt</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="k">return</span> <span class="k">await</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">runtime</span><span class="p">.</span><span class="nf">sendMessage</span><span class="p">(</span><span class="nx">message</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">attempt</span> <span class="o">===</span> <span class="nx">maxRetries</span> <span class="o">-</span> <span class="mi">1</span><span class="p">)</span> <span class="k">throw</span> <span class="nx">err</span><span class="p">;</span> <span class="c1">// Brief delay — gives the service worker time to restart</span> <span class="k">await</span> <span class="k">new</span> <span class="nc">Promise</span><span class="p">(</span><span class="nx">res</span> <span class="o">=&gt;</span> <span class="nf">setTimeout</span><span class="p">(</span><span class="nx">res</span><span class="p">,</span> <span class="mi">100</span> <span class="o">*</span> <span class="nb">Math</span><span class="p">.</span><span class="nf">pow</span><span class="p">(</span><span class="mi">2</span><span class="p">,</span> <span class="nx">attempt</span><span class="p">)));</span> <span class="p">}</span> <span class="p">}</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Service worker unreachable</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h2> 2. <code>chrome.alarms</code> Is the Only Reliable Timer </h2> <p><code>setTimeout</code> and <code>setInterval</code> do not persist across service worker suspensions. A 5-minute timer set with <code>setTimeout</code> will fire 30 seconds later — when the service worker happens to wake up and continue execution.</p> <p>Use <code>chrome.alarms</code> for anything time-based:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// ❌ This timer won't fire reliably in a service worker</span> <span class="nf">setTimeout</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="nf">doSomething</span><span class="p">(),</span> <span class="mi">5</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">);</span> <span class="c1">// ✅ This will fire even if the service worker was suspended</span> <span class="k">await</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">alarms</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="dl">'</span><span class="s1">my-task</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">delayInMinutes</span><span class="p">:</span> <span class="mi">5</span> <span class="p">});</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">alarms</span><span class="p">.</span><span class="nx">onAlarm</span><span class="p">.</span><span class="nf">addListener</span><span class="p">((</span><span class="nx">alarm</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">alarm</span><span class="p">.</span><span class="nx">name</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">my-task</span><span class="dl">'</span><span class="p">)</span> <span class="nf">doSomething</span><span class="p">();</span> <span class="p">});</span> </code></pre> </div> <p>The minimum alarm interval is 1 minute. For shorter intervals, you have to use a different approach (keeping the service worker alive with a port connection, though this is unreliable and Google discourages it).</p> <h2> 3. <code>chrome.storage</code> Race Conditions at Startup </h2> <p>When your service worker wakes up to handle an event, <code>chrome.storage.local.get()</code> might be slow if the storage backend needs to initialize. Code that reads storage synchronously at module level will fail intermittently:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// ❌ Race condition — storage might not be ready</span> <span class="kd">const</span> <span class="nx">settings</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">storage</span><span class="p">.</span><span class="nx">local</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">settings</span><span class="dl">'</span><span class="p">);</span> <span class="kd">let</span> <span class="nx">cachedSettings</span> <span class="o">=</span> <span class="nx">settings</span><span class="p">;</span> <span class="c1">// Module-level variable</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">runtime</span><span class="p">.</span><span class="nx">onMessage</span><span class="p">.</span><span class="nf">addListener</span><span class="p">((</span><span class="nx">msg</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">cachedSettings</span><span class="p">.</span><span class="nx">enabled</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Might be undefined on first wake</span> <span class="c1">// ...</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <p><strong>Fix</strong>: Read storage inside event handlers, not at module initialization:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// ✅ Always read from storage when handling an event</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">runtime</span><span class="p">.</span><span class="nx">onMessage</span><span class="p">.</span><span class="nf">addListener</span><span class="p">(</span><span class="k">async </span><span class="p">(</span><span class="nx">msg</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">settings</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">storage</span><span class="p">.</span><span class="nx">local</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">settings</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">settings</span><span class="p">?.</span><span class="nx">enabled</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// ...</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <h2> 4. <code>chrome.runtime.lastError</code> Must Be Checked </h2> <p>In MV3, failing to check <code>chrome.runtime.lastError</code> in callbacks causes uncaught errors that terminate the service worker immediately. This was less fatal in MV2 persistent background pages.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// ❌ If this fails, the service worker dies</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">storage</span><span class="p">.</span><span class="nx">local</span><span class="p">.</span><span class="nf">set</span><span class="p">({</span> <span class="na">key</span><span class="p">:</span> <span class="nx">value</span> <span class="p">},</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">saved</span><span class="dl">'</span><span class="p">);</span> <span class="p">});</span> <span class="c1">// ✅ Always check</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">storage</span><span class="p">.</span><span class="nx">local</span><span class="p">.</span><span class="nf">set</span><span class="p">({</span> <span class="na">key</span><span class="p">:</span> <span class="nx">value</span> <span class="p">},</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">chrome</span><span class="p">.</span><span class="nx">runtime</span><span class="p">.</span><span class="nx">lastError</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Storage error:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">runtime</span><span class="p">.</span><span class="nx">lastError</span><span class="p">.</span><span class="nx">message</span><span class="p">);</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">saved</span><span class="dl">'</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>If you're using the Promise-based API (Chrome 88+), this is automatic — rejected promises propagate normally. Use the Promise API whenever possible.</p> <h2> 5. Content Script Injection Timing Changed </h2> <p>MV2 allowed <code>"run_at": "document_start"</code> scripts to reliably modify the page before any other scripts ran. In MV3, the timing of dynamically injected scripts via <code>chrome.scripting.executeScript</code> is less predictable.</p> <p>For extensions that need early injection (to intercept fetch calls, patch globals, etc.), stick with the manifest-declared content scripts:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"content_scripts"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"matches"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"&lt;all_urls&gt;"</span><span class="p">],</span><span class="w"> </span><span class="nl">"js"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"content.js"</span><span class="p">],</span><span class="w"> </span><span class="nl">"run_at"</span><span class="p">:</span><span class="w"> </span><span class="s2">"document_start"</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="err">Still</span><span class="w"> </span><span class="err">reliable</span><span class="w"> </span><span class="err">in</span><span class="w"> </span><span class="err">manifest</span><span class="w"> </span><span class="err">declaration</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Avoid <code>chrome.scripting.executeScript</code> for anything timing-sensitive.</p> <h2> 6. The <code>host_permissions</code> Split </h2> <p>MV2 combined <code>permissions</code> and <code>host_permissions</code> in one array. MV3 separates them. This isn't just a syntax change — it affects the install warning dialog.</p> <p>Extensions with <code>host_permissions: ["&lt;all_urls&gt;"]</code> show a scary install warning. Extensions that request host permissions for specific domains show domain-specific warnings. Be intentional about which hosts you actually need:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">//</span><span class="w"> </span><span class="err">❌</span><span class="w"> </span><span class="err">Request</span><span class="w"> </span><span class="err">only</span><span class="w"> </span><span class="err">if</span><span class="w"> </span><span class="err">truly</span><span class="w"> </span><span class="err">needed</span><span class="w"> </span><span class="err">for</span><span class="w"> </span><span class="err">all</span><span class="w"> </span><span class="err">sites</span><span class="w"> </span><span class="nl">"host_permissions"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"&lt;all_urls&gt;"</span><span class="p">]</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="err">✅</span><span class="w"> </span><span class="err">Only</span><span class="w"> </span><span class="err">request</span><span class="w"> </span><span class="err">what</span><span class="w"> </span><span class="err">you</span><span class="w"> </span><span class="err">use</span><span class="w"> </span><span class="nl">"host_permissions"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"https://api.example.com/*"</span><span class="p">,</span><span class="w"> </span><span class="s2">"https://extensionpay.com/*"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span></code></pre> </div> <p>For my extensions that genuinely need all-host access (content scripts that run on user-chosen pages), I keep <code>&lt;all_urls&gt;</code> and explain it in the CWS listing.</p> <h2> 7. <code>eval()</code> and <code>new Function()</code> Are Forbidden </h2> <p>MV3 enforces a strict Content Security Policy that disallows <code>eval()</code> and <code>new Function()</code>. This breaks several popular libraries that use dynamic code execution internally — including some older versions of template engines and math expression parsers.</p> <p>Check your dependencies. The error is a CSP violation logged to the console, easy to miss during development if you're not looking for it.</p> <h2> 8. The <code>offscreen</code> API Is for Background Media </h2> <p>MV3 removed background pages entirely, which broke extensions that needed a persistent DOM context (e.g., to play audio, use the Clipboard API, or parse HTML). The <code>offscreen</code> document API is the replacement:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">async</span> <span class="kd">function</span> <span class="nf">ensureOffscreenDocument</span><span class="p">():</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="k">void</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">existing</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">offscreen</span><span class="p">.</span><span class="nf">hasDocument</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">existing</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">offscreen</span><span class="p">.</span><span class="nf">createDocument</span><span class="p">({</span> <span class="na">url</span><span class="p">:</span> <span class="dl">'</span><span class="s1">offscreen.html</span><span class="dl">'</span><span class="p">,</span> <span class="na">reasons</span><span class="p">:</span> <span class="p">[</span><span class="nx">chrome</span><span class="p">.</span><span class="nx">offscreen</span><span class="p">.</span><span class="nx">Reason</span><span class="p">.</span><span class="nx">CLIPBOARD</span><span class="p">],</span> <span class="na">justification</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Clipboard operations require a DOM context</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The offscreen document is a hidden page that provides a DOM context for background operations. It has the same limitations as service workers (no user-visible UI) but can use DOM APIs.</p> <h2> The Actual Impact </h2> <p>Most of these issues are solvable with a few patterns. The real cost is that MV3 requires more defensive programming. You can't assume your background context is alive, you can't use in-memory state reliably, and you have to be more explicit about when and how you access Chrome APIs.</p> <p>For simple extensions, MV3 is fine. For complex extensions with long-running operations, you need to design differently.</p> <p><em>All my extensions are MV3-native. Source and notes at dev-tools-hub.xyz.</em></p> chrome javascript webdev tutorial Manifest V3 Migration Pitfalls — Lessons from 17 Chrome Extensions SHOTA Mon, 04 May 2026 00:00:00 +0000 https://forem.com/_350df62777eb55e1/manifest-v3-migration-pitfalls-lessons-from-17-chrome-extensions-2j3h https://forem.com/_350df62777eb55e1/manifest-v3-migration-pitfalls-lessons-from-17-chrome-extensions-2j3h <h2> Manifest V3 Is Here — And It Broke Everything </h2> <p>Google's Manifest V3 migration deadline has come and gone. After migrating 17 Chrome extensions from MV2 to MV3, I've compiled every pitfall, workaround, and lesson learned.</p> <p>If you're still migrating — or building new extensions — this guide will save you weeks of debugging.</p> <h2> Pitfall 1: Service Workers Die Without Warning </h2> <p><strong>The problem:</strong> MV3 replaces persistent background pages with service workers. Service workers are terminated after ~30 seconds of inactivity. Any state stored in global variables is lost.</p> <p><strong>What broke:</strong> My subscription checking code stored the user's payment status in a variable. After the service worker restarted, the variable was undefined, and paid users saw free-tier limitations.</p> <p><strong>The fix:</strong> Never store state in global variables. Use chrome.storage for everything:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// BAD: Lost when service worker restarts</span> <span class="kd">let</span> <span class="nx">userIsPaid</span> <span class="o">=</span> <span class="kc">false</span><span class="p">;</span> <span class="c1">// GOOD: Persisted across restarts</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">isPaid</span><span class="p">():</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">boolean</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">subscriptionCache</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">storage</span><span class="p">.</span><span class="nx">local</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">subscriptionCache</span><span class="dl">'</span><span class="p">);</span> <span class="k">return</span> <span class="nx">subscriptionCache</span><span class="p">?.</span><span class="nx">paid</span> <span class="o">??</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p><strong>Bonus pitfall:</strong> chrome.storage.session exists but is only accessible from the service worker by default. If you need it in popup/content scripts, you must call <code>chrome.storage.session.setAccessLevel({ accessLevel: 'TRUSTED_AND_UNTRUSTED_CONTEXTS' })</code> in the service worker.</p> <h2> Pitfall 2: webRequest Blocking Is Gone </h2> <p><strong>The problem:</strong> <code>chrome.webRequest.onBeforeRequest</code> with <code>blocking</code> capability no longer exists. Extensions that modified or blocked requests must use <code>declarativeNetRequest</code>.</p> <p><strong>What broke:</strong> FocusGuard used webRequest to redirect blocked sites. The entire blocking mechanism stopped working.</p> <p><strong>The fix:</strong> Migrate to declarativeNetRequest with dynamic rules:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">await</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">declarativeNetRequest</span><span class="p">.</span><span class="nf">updateDynamicRules</span><span class="p">({</span> <span class="na">addRules</span><span class="p">:</span> <span class="p">[{</span> <span class="na">id</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">priority</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">action</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">redirect</span><span class="dl">'</span><span class="p">,</span> <span class="na">redirect</span><span class="p">:</span> <span class="p">{</span> <span class="na">extensionPath</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/blocked.html</span><span class="dl">'</span> <span class="p">}</span> <span class="p">},</span> <span class="na">condition</span><span class="p">:</span> <span class="p">{</span> <span class="na">urlFilter</span><span class="p">:</span> <span class="dl">'</span><span class="s1">*://*.twitter.com/*</span><span class="dl">'</span><span class="p">,</span> <span class="na">resourceTypes</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">main_frame</span><span class="dl">'</span><span class="p">]</span> <span class="p">}</span> <span class="p">}],</span> <span class="na">removeRuleIds</span><span class="p">:</span> <span class="p">[</span><span class="mi">1</span><span class="p">]</span> <span class="p">});</span> </code></pre> </div> <p><strong>Gotcha:</strong> Dynamic rules have a limit of 5,000 rules per extension. If your extension needs to block thousands of URLs, use the <code>rule_resources</code> approach with static rulesets instead.</p> <h2> Pitfall 3: Alarm Minimum Is 1 Minute </h2> <p><strong>The problem:</strong> <code>chrome.alarms.create</code> enforces a minimum period of 1 minute in production (30 seconds in development).</p> <p><strong>What broke:</strong> My subscription refresh used a 30-second polling interval. In production, it silently upgraded to 60 seconds, causing stale data.</p> <p><strong>The fix:</strong> Design around the 1-minute minimum. For anything that needs sub-minute precision, use <code>setTimeout</code> inside the service worker — but remember the worker can be terminated. For critical timing, accept the 1-minute granularity.</p> <h2> Pitfall 4: Content Script Communication Changes </h2> <p><strong>The problem:</strong> When the service worker is inactive, <code>chrome.runtime.sendMessage</code> from a content script can fail silently or throw.</p> <p><strong>What broke:</strong> Content scripts in my extensions would call the background for subscription status. If the service worker was sleeping, the Promise would hang forever.</p> <p><strong>The fix:</strong> Always add timeouts and fallbacks:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">async</span> <span class="kd">function</span> <span class="nf">getSubscription</span><span class="p">():</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">SubscriptionInfo</span><span class="o">&gt;</span> <span class="p">{</span> <span class="c1">// Check cache first</span> <span class="kd">const</span> <span class="nx">cache</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">storage</span><span class="p">.</span><span class="nx">local</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">subscriptionCache</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">cache</span><span class="p">.</span><span class="nx">subscriptionCache</span><span class="p">?.</span><span class="nx">timestamp</span> <span class="o">&gt;</span> <span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">()</span> <span class="o">-</span> <span class="mi">300000</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">cache</span><span class="p">.</span><span class="nx">subscriptionCache</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Ask background with timeout</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Promise</span><span class="p">((</span><span class="nx">resolve</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">timeout</span> <span class="o">=</span> <span class="nf">setTimeout</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="nf">resolve</span><span class="p">(</span><span class="nx">cache</span><span class="p">.</span><span class="nx">subscriptionCache</span> <span class="o">||</span> <span class="nx">DEFAULT</span><span class="p">),</span> <span class="mi">3000</span><span class="p">);</span> <span class="k">try</span> <span class="p">{</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">runtime</span><span class="p">.</span><span class="nf">sendMessage</span><span class="p">({</span> <span class="na">action</span><span class="p">:</span> <span class="dl">'</span><span class="s1">getSubscription</span><span class="dl">'</span> <span class="p">},</span> <span class="p">(</span><span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">clearTimeout</span><span class="p">(</span><span class="nx">timeout</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">chrome</span><span class="p">.</span><span class="nx">runtime</span><span class="p">.</span><span class="nx">lastError</span> <span class="o">||</span> <span class="o">!</span><span class="nx">res</span><span class="p">)</span> <span class="p">{</span> <span class="nf">resolve</span><span class="p">(</span><span class="nx">cache</span><span class="p">.</span><span class="nx">subscriptionCache</span> <span class="o">||</span> <span class="nx">DEFAULT</span><span class="p">);</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="nf">resolve</span><span class="p">(</span><span class="nx">res</span><span class="p">);</span> <span class="p">});</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">{</span> <span class="nf">clearTimeout</span><span class="p">(</span><span class="nx">timeout</span><span class="p">);</span> <span class="nf">resolve</span><span class="p">(</span><span class="nx">cache</span><span class="p">.</span><span class="nx">subscriptionCache</span> <span class="o">||</span> <span class="nx">DEFAULT</span><span class="p">);</span> <span class="p">}</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <h2> Pitfall 5: Downloads API Requires User Gesture </h2> <p><strong>The problem:</strong> <code>chrome.downloads.download()</code> now requires a user gesture in some contexts. Programmatic downloads from background scripts may fail.</p> <p><strong>What broke:</strong> DataPick's export feature triggered downloads from the content script via the background. It worked in MV2 but silently failed in MV3.</p> <p><strong>The fix:</strong> Trigger downloads from the content script directly using a Blob URL and an anchor click, or ensure the background download is in direct response to a user action message.</p> <h2> Pitfall 6: executeScript Changes </h2> <p><strong>The problem:</strong> <code>chrome.tabs.executeScript</code> is replaced by <code>chrome.scripting.executeScript</code> with a different API shape.</p> <p><strong>The old way:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">chrome</span><span class="p">.</span><span class="nx">tabs</span><span class="p">.</span><span class="nf">executeScript</span><span class="p">(</span><span class="nx">tabId</span><span class="p">,</span> <span class="p">{</span> <span class="na">code</span><span class="p">:</span> <span class="dl">'</span><span class="s1">document.title</span><span class="dl">'</span> <span class="p">});</span> </code></pre> </div> <p><strong>The new way:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="p">[</span><span class="nx">result</span><span class="p">]</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">scripting</span><span class="p">.</span><span class="nf">executeScript</span><span class="p">({</span> <span class="na">target</span><span class="p">:</span> <span class="p">{</span> <span class="nx">tabId</span> <span class="p">},</span> <span class="na">func</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nb">document</span><span class="p">.</span><span class="nx">title</span><span class="p">,</span> <span class="p">});</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">result</span><span class="p">);</span> <span class="c1">// The page title</span> </code></pre> </div> <p><strong>Gotcha:</strong> The <code>func</code> parameter must be a serializable function. It cannot reference variables from the outer scope. Pass data via the <code>args</code> parameter.</p> <h2> Pitfall 7: Extension Size and Permissions Scrutiny </h2> <p><strong>The problem:</strong> MV3 extensions face stricter review. Google now flags extensions with broad permissions (<code>&lt;all_urls&gt;</code>, <code>tabs</code>, etc.) and large bundle sizes.</p> <p><strong>What broke:</strong> Two of my extensions were rejected for requesting <code>activeTab</code> + <code>&lt;all_urls&gt;</code> together, which was considered redundant.</p> <p><strong>The fix:</strong></p> <ul> <li>Request minimum permissions</li> <li>Use <code>activeTab</code> instead of host permissions where possible</li> <li>Provide permission justifications in the CWS developer dashboard</li> <li>Keep bundle sizes small (tree-shake aggressively)</li> </ul> <h2> My MV3 Migration Checklist </h2> <p>After 17 migrations, here's my go-to checklist:</p> <ul> <li>[ ] Replace all global state with chrome.storage</li> <li>[ ] Migrate webRequest to declarativeNetRequest</li> <li>[ ] Replace chrome.tabs.executeScript with chrome.scripting.executeScript</li> <li>[ ] Add timeout/fallback to all runtime.sendMessage calls</li> <li>[ ] Test with service worker restart (chrome://serviceworker-internals)</li> <li>[ ] Verify alarms work with 1-minute minimum</li> <li>[ ] Review and minimize permissions</li> <li>[ ] Test content script ↔ background communication after SW sleep</li> <li>[ ] Verify downloads work without persistent background</li> </ul> <h2> Key Takeaway </h2> <p>MV3 is a fundamentally different programming model. The service worker lifecycle changes everything. Design for statelessness from day one, and treat the service worker as an unreliable intermediary that might not be running when you need it.</p> <p><em>Built by <a href="https://dev-tools-hub.xyz/?utm_source=devto&amp;utm_medium=article&amp;utm_campaign=mv3-migration" rel="noopener noreferrer">S-Hub</a> — 17 Chrome extensions, all running on Manifest V3.</em></p> <h3> Explore S-Hub Extensions </h3> <ul> <li> <a href="https://chromewebstore.google.com/detail/procshot" rel="noopener noreferrer">Procshot</a> — Auto-capture browser steps</li> <li> <a href="https://chromewebstore.google.com/detail/epoehadeccangbpjldlbkapnakndbpkf" rel="noopener noreferrer">DataPick</a> — Extract data from any webpage</li> <li> <a href="https://chromewebstore.google.com/detail/focusguard" rel="noopener noreferrer">FocusGuard</a> — Block distracting sites</li> </ul> <p>See all extensions at <a href="https://dev-tools-hub.xyz/?utm_source=devto&amp;utm_medium=article&amp;utm_campaign=mv3-migration" rel="noopener noreferrer">dev-tools-hub.xyz</a></p> chrome javascript webdev typescript CWS Listing SEO: What Actually Moved the Needle After Publishing 18 Extensions SHOTA Sat, 02 May 2026 14:47:08 +0000 https://forem.com/_350df62777eb55e1/cws-listing-seo-what-actually-moved-the-needle-after-publishing-18-extensions-37i1 https://forem.com/_350df62777eb55e1/cws-listing-seo-what-actually-moved-the-needle-after-publishing-18-extensions-37i1 <p>Chrome Web Store SEO is poorly documented. Google's official guidance is sparse. There's no Ahrefs for CWS search ranking. Most advice comes from forum posts that are 3-4 years old and may or may not still apply.</p> <p>After publishing 18 extensions and iterating on listings for 6 months, here's what I've found actually moves install numbers.</p> <h2> The Title Is Everything </h2> <p>The CWS title is the single most important ranking factor. It functions like an HTML <code>&lt;h1&gt;</code> — the primary signal for what this extension does.</p> <p><strong>What doesn't work</strong>: Brand names or clever names without keywords. "ReadMark" tells the CWS search algorithm nothing. "ReadMark — Scroll Position Saver for Chrome" tells it exactly what the extension does.</p> <p><strong>What works</strong>: Primary keyword first, then clarification:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>❌ Procshot ✅ Procshot — Auto Step-by-Step Screenshot Manual Creator ❌ DataPick ✅ DataPick — Click-to-Extract Web Scraper (No Code) ❌ Japanese Font Finder ✅ Japanese Font Finder — Click to Identify &amp; Copy Web Fonts </code></pre> </div> <p>The character limit for CWS titles is 75 characters. Use most of them. Don't pad with fluff, but don't leave ranking signals on the table.</p> <h2> Short Description: The SEO Body Copy </h2> <p>The short description (132 characters max) appears in search results and category listings. It's the second most important field for ranking.</p> <p>Pack it with semantically related terms — the words people would use to search for your extension:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Before: "Identify fonts on any webpage and copy CSS font-family syntax." After: "Click any element to identify the rendered font, copy CSS syntax, detect web fonts (Google/Adobe). Free font inspector for designers." </code></pre> </div> <p>The second version includes: font inspector, rendered font, CSS syntax, Google Fonts, Adobe Fonts, designers — all search-relevant terms without being spammy.</p> <h2> Long Description: Depth Over Breadth </h2> <p>The long description doesn't seem to rank for individual keywords the way a web page does, but it influences whether users install after they click through. High click-to-install conversion improves ranking indirectly.</p> <p>What converts:</p> <p><strong>1. Lead with the problem, not the solution.</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>❌ "DataPick is a Chrome extension that extracts web data." ✅ "Copying data from websites to Excel shouldn't require writing code. DataPick lets you click on any element to extract it — tables, prices, names, links — and export directly to Google Sheets." </code></pre> </div> <p><strong>2. Use bullet points with verbs.</strong></p> <p>"View fonts" is weaker than "Click any element to instantly reveal its rendered font." Action-oriented bullets communicate value more clearly.</p> <p><strong>3. Include the free/paid boundary explicitly.</strong></p> <p>Users are suspicious of extensions that don't clarify pricing. State it clearly: "Free: 3 scans/month. Pro ($9.99/month): unlimited scans + AI analysis."</p> <p><strong>4. List what the extension does NOT do.</strong></p> <p>This sounds counterintuitive but it builds trust: "DataPick does not send your data to external servers. All extraction runs locally." Users who almost clicked away because of data concerns will install.</p> <h2> Screenshot Quality Is a Ranking Factor </h2> <p>Chrome Web Store A/B tests screenshot carousels for conversion. High-converting listings get better placement.</p> <p>My screenshots follow a formula:</p> <ul> <li>Screenshot 1: The core action (click something → get result)</li> <li>Screenshot 2: The output or result state</li> <li>Screenshot 3: Settings or Pro features</li> </ul> <p>1280×800 is the standard size. Use a real browser with realistic content, not placeholder text. Annotations (arrows, callouts) help but should be minimal.</p> <p>I've measured approximately 20-30% higher CTR for listings with annotated screenshots vs. plain browser screenshots.</p> <h2> Category Selection </h2> <p>Most extensions fit multiple categories. The category affects which browse pages you appear on, which affects discovery separate from search.</p> <p>My rules:</p> <ul> <li>If it's for developers: <strong>Developer Tools</strong> </li> <li>If it's for productivity: <strong>Productivity</strong> </li> <li>Don't use <strong>Other</strong> unless nothing fits</li> </ul> <p>Developer Tools has less competition than Productivity for most queries, but smaller total audience. Pick based on where your target user is browsing.</p> <h2> Review Velocity Matters More Than Review Count </h2> <p>A fresh 4.8-star extension with 15 reviews can rank above a 4.9-star extension with 150 reviews if the 15 reviews came in the last 30 days. CWS appears to weight recency.</p> <p>This means: if your extension is growing, make sure your review request is well-timed and converts.</p> <p>I prompt for reviews after a "success moment" — after the user has successfully completed the core action for the third time. Not on first launch, not on a timer. After they've experienced value.</p> <p>The prompt text matters: "If DataPick saved you time today, a quick review helps other people find it." Specific, honest, no-pressure. I've measured about 12% conversion rate from prompt shown to review left.</p> <h2> The Permission Warning Problem </h2> <p>Extensions that request broad permissions show a warning during install: "This extension can read all your browser data." This is accurate but alarming phrasing.</p> <p>Two things help:</p> <ol> <li>Request only the permissions you actually need</li> <li>Explain permissions in your listing description: "DataPick requires access to all sites because you can use it on any website. We never collect or transmit your data."</li> </ol> <p>Extensions with unexplained broad permissions have measurably lower install rates. The listing is where you explain, not the install dialog.</p> <h2> What Doesn't Move the Needle </h2> <p><strong>Keyword stuffing in the description.</strong> The algorithm seems to penalize this now, and it hurts conversion anyway.</p> <p><strong>Promo images.</strong> The 1400×560 marquee image is shown in promotional spots (featured sections), not in regular search. Unless you're getting featured, it doesn't matter.</p> <p><strong>Video demos.</strong> I've tested with and without. No measurable install difference from search. Videos do help for extensions with complex UX that's hard to show in a screenshot.</p> <h2> Tracking What Works </h2> <p>CWS provides an Insights dashboard with impressions, clicks, and installs broken down by traffic source (search, browse, referral). Use it. Track which source drives installs, then optimize for that source.</p> <p>For me, CWS search accounts for ~70% of installs. That's where the SEO work pays off.</p> <p><em>I publish Chrome extensions at dev-tools-hub.xyz. These notes are based on 6 months of iteration across 18 extensions.</em></p> chrome javascript webdev productivity Chrome Web Store SEO: How I Optimized 17 Extensions for Search SHOTA Sat, 02 May 2026 00:00:00 +0000 https://forem.com/_350df62777eb55e1/chrome-web-store-seo-how-i-optimized-17-extensions-for-search-2maj https://forem.com/_350df62777eb55e1/chrome-web-store-seo-how-i-optimized-17-extensions-for-search-2maj <h2> Chrome Web Store Has a Search Engine — and Nobody Optimizes for It </h2> <p>Most Chrome extension developers publish their extension and hope for the best. But the Chrome Web Store has its own search algorithm, and optimizing for it can dramatically increase your install rate.</p> <p>After publishing 17 extensions and experimenting with different approaches, here's everything I've learned about CWS SEO.</p> <h2> How CWS Search Works </h2> <p>The Chrome Web Store search algorithm considers:</p> <ol> <li> <strong>Extension name</strong> (highest weight)</li> <li> <strong>Short description</strong> (the 132-character summary)</li> <li> <strong>Full description</strong> (the detailed listing text)</li> <li><strong>Category selection</strong></li> <li><strong>User ratings and review count</strong></li> <li><strong>Weekly active users (WAU)</strong></li> <li><strong>Install/uninstall ratio</strong></li> </ol> <p>Let me break down each factor with real examples from my extensions.</p> <h2> Factor 1: Extension Name — Keyword First </h2> <p>The single biggest SEO lever is your extension name. CWS heavily weights the name field for search ranking.</p> <p><strong>Before optimization:</strong></p> <ul> <li>"Procshot" → Ranked nowhere for "screenshot chrome extension"</li> <li>"ZenRead" → Invisible for "reader mode chrome"</li> </ul> <p><strong>After optimization (keyword-first format):</strong></p> <ul> <li>"Procshot — Automatic Procedure Capture &amp; Step-by-Step Guide Maker"</li> <li>"ZenRead — Reader Mode &amp; Read Aloud for Chrome"</li> </ul> <p><strong>Results:</strong> Average search impression increase of <strong>340%</strong> across 17 extensions after switching to keyword-first names.</p> <h3> The Formula </h3> <p><code>[Brand] — [Primary Keyword] [Secondary Keyword] [Modifier]</code></p> <p>Examples:</p> <ul> <li>DataPick — Web Data Extractor &amp; Scraper for Chrome</li> <li>CookieJar — Cookie Editor, Manager &amp; Privacy Analyzer</li> <li>FocusGuard — Website Blocker &amp; Focus Timer</li> </ul> <h2> Factor 2: Short Description (132 Characters) </h2> <p>The short description appears in search results and listing cards. Every character matters.</p> <p><strong>Rules:</strong></p> <ul> <li>Lead with the primary benefit, not the feature</li> <li>Include your top 2-3 keywords naturally</li> <li>End with a differentiator</li> </ul> <p><strong>Example for DataPick:</strong></p> <blockquote> <p>"Extract tables, lists &amp; text from any webpage. Export to CSV, Excel, JSON or Google Sheets. No coding required."</p> </blockquote> <p>This hits: extract, tables, webpage, CSV, Excel, JSON, Google Sheets, no coding — all high-volume search terms.</p> <h2> Factor 3: Full Description </h2> <p>The full description supports long-tail keywords. Structure it as:</p> <ol> <li> <strong>Opening paragraph</strong> — Problem statement with keywords</li> <li> <strong>Feature list</strong> — Each feature is a keyword opportunity</li> <li> <strong>Use cases</strong> — "Perfect for [persona] who need to [action]"</li> <li> <strong>Technical details</strong> — Manifest V3, permissions explanation</li> <li> <strong>Privacy statement</strong> — Builds trust and conversion</li> </ol> <h3> Localization Multiplier </h3> <p>CWS supports localized listings. I localize into 8 languages:</p> <ul> <li>English, Japanese, Chinese (Simplified), Korean, Spanish, French, German, Portuguese</li> </ul> <p>Each localization creates a new surface for search in that language. My Japanese Font Finder extension gets 40% of installs from Japanese-language searches.</p> <h2> Factor 4: Screenshots and Promo Images </h2> <p>Screenshots don't directly affect search ranking, but they massively impact <strong>click-through rate</strong> from search results to your listing page.</p> <p><strong>What works:</strong></p> <ul> <li>First screenshot should show the extension in action (not a marketing slide)</li> <li>Include text overlays explaining what's happening</li> <li>Use consistent branding across all screenshots</li> <li>1280x800 resolution, clean and professional</li> </ul> <p><strong>What doesn't work:</strong></p> <ul> <li>Generic mockups</li> <li>Too much text, too little product</li> <li>Inconsistent styling between screenshots</li> </ul> <h2> Factor 5: Ratings and Reviews </h2> <p>CWS algorithm favors extensions with:</p> <ul> <li>Higher average rating (4.0+ is the threshold for good ranking)</li> <li>More total reviews (even 5-10 reviews make a difference for new extensions)</li> <li>Recent reviews (recency matters)</li> </ul> <h3> Win-Ask Review Strategy </h3> <p>I implemented a "Win-Ask" review prompt in all my extensions:</p> <ul> <li>Trigger after a <strong>successful action</strong> (not on install, not randomly)</li> <li>For Procshot: After capturing 5 procedures successfully</li> <li>For DataPick: After 10 successful data extractions</li> <li>Two buttons: "Rate on Chrome Web Store" and "Not now"</li> <li>"Not now" dismisses permanently (no nagging)</li> </ul> <p>This approach respects users while still generating reviews.</p> <h2> Factor 6: Weekly Active Users </h2> <p>WAU is a ranking signal. Extensions with higher WAU rank better, creating a flywheel: better ranking → more installs → higher WAU → better ranking.</p> <p><strong>How to improve WAU:</strong></p> <ul> <li>Reduce uninstall rate (better onboarding, deliver value fast)</li> <li>Cross-promote between your extensions</li> <li>Content marketing (Dev.to, Zenn, Reddit)</li> <li>Keep the extension lightweight (slow extensions get uninstalled)</li> </ul> <h2> My CWS SEO Checklist </h2> <p>For every extension I publish, I run through this checklist:</p> <ul> <li>[ ] Keyword-first name format</li> <li>[ ] 132-char description with top keywords</li> <li>[ ] Full description with structured sections</li> <li>[ ] 5 screenshots with text overlays</li> <li>[ ] Small tile (440x280) with brand consistency</li> <li>[ ] 8-language localization</li> <li>[ ] Category selection optimized</li> <li>[ ] Win-Ask review prompt implemented</li> <li>[ ] Cross-promotion banner added</li> <li>[ ] GA4 tracking for install/update/feature_used events</li> </ul> <h2> Results </h2> <p>After applying these optimizations across all 17 extensions:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Metric</th> <th>Before</th> <th>After (30 days)</th> </tr> </thead> <tbody> <tr> <td>Total weekly installs</td> <td>120</td> <td>380</td> </tr> <tr> <td>Average search impressions</td> <td>2,400/week</td> <td>8,100/week</td> </tr> <tr> <td>Average CTR from search</td> <td>2.1%</td> <td>3.8%</td> </tr> <tr> <td>Average rating</td> <td>4.2</td> <td>4.5</td> </tr> </tbody> </table></div> <p>The biggest winner was DataPick, which went from 15 installs/week to 65 after the keyword-first name change alone.</p> <h2> Key Takeaway </h2> <p>CWS SEO isn't complicated, but almost nobody does it. The extension name is 80% of the battle. Get that right, and everything else follows.</p> <p><em>Built by <a href="https://dev-tools-hub.xyz/?utm_source=devto&amp;utm_medium=article&amp;utm_campaign=cws-seo" rel="noopener noreferrer">S-Hub</a> — 17 Chrome extensions for developers and productivity enthusiasts.</em></p> <h3> Explore S-Hub Extensions </h3> <ul> <li> <a href="https://chromewebstore.google.com/detail/procshot" rel="noopener noreferrer">Procshot</a> — Auto-capture browser steps</li> <li> <a href="https://chromewebstore.google.com/detail/epoehadeccangbpjldlbkapnakndbpkf" rel="noopener noreferrer">DataPick</a> — Extract data from any webpage</li> <li> <a href="https://chromewebstore.google.com/detail/lhngfkchfepfjjdfhimconagoejemofg" rel="noopener noreferrer">CookieJar</a> — Cookie editor and privacy analyzer</li> </ul> <p>See all extensions at <a href="https://dev-tools-hub.xyz/?utm_source=devto&amp;utm_medium=article&amp;utm_campaign=cws-seo" rel="noopener noreferrer">dev-tools-hub.xyz</a></p> chrome seo webdev marketing How I Cross-Promote 18 Chrome Extensions Without Annoying Users SHOTA Thu, 30 Apr 2026 15:48:07 +0000 https://forem.com/_350df62777eb55e1/how-i-cross-promote-18-chrome-extensions-without-annoying-users-1oa3 https://forem.com/_350df62777eb55e1/how-i-cross-promote-18-chrome-extensions-without-annoying-users-1oa3 <p>I publish Chrome extensions as a solo developer. I currently have 18 live extensions across two Chrome Web Store accounts, with more in development.</p> <p>Each extension runs in isolation. A user who installs ReadMark has no reason to know that Japanese Font Finder exists — unless I tell them. This is the cross-promotion problem.</p> <p>Done badly, cross-promotion is spammy: "You might also like..." banners competing with the actual UI, persistent notifications pushing other products, or promotional modals that appear on first launch. These damage trust and hurt retention.</p> <p>Done well, cross-promotion is genuinely useful: surfacing a related tool at the moment a user is most likely to want it, in a way that doesn't interrupt their workflow.</p> <p>Here's what I've implemented across my extensions and what actually works.</p> <h2> Where Cross-Promotion Lives </h2> <p>The four legitimate places I've found:</p> <p><strong>1. The onboarding screen</strong></p> <p>Every new extension I build has a welcome screen that appears once on first install. This is the highest-engagement moment — the user has just installed, they're curious, and they have no workflow to interrupt.</p> <p>The bottom of the onboarding screen includes a "You might also like" section showing 2-3 related extensions from my portfolio. The slot is populated based on the category of the extension they just installed:</p> <ul> <li>Productivity extensions → show other productivity tools</li> <li>Developer tools → show developer tools</li> <li>Japanese-language tools → show other Japan-focused tools </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">RELATED_BY_CATEGORY</span><span class="p">:</span> <span class="nb">Record</span><span class="o">&lt;</span><span class="nx">Category</span><span class="p">,</span> <span class="nx">ExtensionInfo</span><span class="p">[]</span><span class="o">&gt;</span> <span class="o">=</span> <span class="p">{</span> <span class="na">productivity</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">ReadMark</span><span class="dl">'</span><span class="p">,</span> <span class="na">cws</span><span class="p">:</span> <span class="dl">'</span><span class="s1">https://chromewebstore.google.com/...</span><span class="dl">'</span><span class="p">,</span> <span class="na">icon</span><span class="p">:</span> <span class="dl">'</span><span class="s1">...</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">FocusGuard</span><span class="dl">'</span><span class="p">,</span> <span class="na">cws</span><span class="p">:</span> <span class="dl">'</span><span class="s1">https://chromewebstore.google.com/...</span><span class="dl">'</span><span class="p">,</span> <span class="na">icon</span><span class="p">:</span> <span class="dl">'</span><span class="s1">...</span><span class="dl">'</span> <span class="p">},</span> <span class="p">],</span> <span class="dl">'</span><span class="s1">developer-tools</span><span class="dl">'</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Japanese Font Finder</span><span class="dl">'</span><span class="p">,</span> <span class="na">cws</span><span class="p">:</span> <span class="dl">'</span><span class="s1">...</span><span class="dl">'</span><span class="p">,</span> <span class="na">icon</span><span class="p">:</span> <span class="dl">'</span><span class="s1">...</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">DataBridge</span><span class="dl">'</span><span class="p">,</span> <span class="na">cws</span><span class="p">:</span> <span class="dl">'</span><span class="s1">...</span><span class="dl">'</span><span class="p">,</span> <span class="na">icon</span><span class="p">:</span> <span class="dl">'</span><span class="s1">...</span><span class="dl">'</span> <span class="p">},</span> <span class="p">],</span> <span class="c1">// ...</span> <span class="p">};</span> </code></pre> </div> <p>Conversion rate on this slot: ~8%. It's the best-performing placement I have, and it requires zero additional interruption — the user is already looking at an onboarding screen.</p> <p><strong>2. The settings/options page</strong></p> <p>My extensions all have a settings page accessible via the popup or options page. At the bottom, a small "Other tools by the same developer" section.</p> <p>This placement has low visibility — most users never open settings — but high intent. Someone exploring settings is an engaged user. Conversion here is ~4%.</p> <p><strong>3. Post-export or post-action moments</strong></p> <p>Some extensions have natural completion moments. Procshot, for example, has a "Guide created" state after the user finishes recording a workflow. At this point, the task is done and the user has a second of cognitive slack.</p> <p>I show a single inline suggestion: "Looking for complementary tools? Try [X]."</p> <p>This feels contextually relevant rather than promotional. If someone just created a procedure guide, they might also like a tool that helps them organize notes or manage their workflow.</p> <p><strong>4. The Chrome Web Store listing itself</strong></p> <p>I include links to related extensions in the long description text of each CWS listing. The format:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>--- Other tools you might find useful: • ReadMark (save scroll position): [link] • Procshot (create step-by-step guides): [link] </code></pre> </div> <p>CWS listing descriptions don't support hyperlinks that are clickable, but the URLs are visible and some users do copy and search them. More importantly, these listings show up in Google Search, which occasionally drives cross-traffic.</p> <h2> What I Don't Do </h2> <p><strong>Push notifications</strong>: I have <code>notifications</code> permission on some extensions for functional purposes (session timers, etc.). I never use this for promotions. Push notifications are for urgent, functional information only.</p> <p><strong>In-session banners</strong>: No banners appear while the user is actively using the extension. The active state is for doing the thing, not for advertising other things.</p> <p><strong>Frequency-based nudges</strong>: No "You've been using this for 30 days — here are our other products" messages. I've seen this pattern from larger companies and I find it manipulative.</p> <p><strong>Email capture for cross-promotion</strong>: Chrome extensions don't have a natural email capture point, and I don't manufacture one. My extensions work without accounts.</p> <h2> Measuring It </h2> <p>I track cross-promotion clicks with GA4 events:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">function</span> <span class="nf">trackCrossPromoClick</span><span class="p">(</span><span class="nx">source</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">targetExtension</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="k">void</span> <span class="p">{</span> <span class="nf">gtag</span><span class="p">(</span><span class="dl">'</span><span class="s1">event</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">cross_promo_click</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">source_location</span><span class="p">:</span> <span class="nx">source</span><span class="p">,</span> <span class="c1">// 'onboarding' | 'settings' | 'post_action'</span> <span class="na">target_extension</span><span class="p">:</span> <span class="nx">targetExtension</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>The conversion from click to install is hard to measure directly — I can see the click in GA4 but I can't easily track what happens in the CWS after the user navigates there. I proxy this with CWS install trends: when I add a cross-promotion slot pointing to Extension X, does Extension X's weekly installs increase?</p> <p>Over 12 weeks, the answer has been yes, modestly — about a 15-20% lift in weekly installs for extensions that are actively promoted from related extensions. Not explosive growth, but it compounds.</p> <h2> The Principle </h2> <p>Cross-promotion works when it answers the question "what else can help me with what I'm already trying to do?" It fails when it answers "what else can I sell this user?"</p> <p>The onboarding screen converts at 8% not because users are gullible but because the recommended extensions are actually useful to someone who just installed a related tool. The relevance makes the difference.</p> <p><em>I write about solo Chrome extension development at dev-tools-hub.xyz.</em></p> chrome javascript webdev productivity