@zigrivers/scaffold 3.33.4 → 3.33.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/content/knowledge/VERSION +1 -1
- package/content/knowledge/browser-extension/browser-extension-architecture.md +16 -4
- package/content/knowledge/browser-extension/browser-extension-content-scripts.md +16 -4
- package/content/knowledge/browser-extension/browser-extension-conventions.md +13 -3
- package/content/knowledge/browser-extension/browser-extension-cross-browser.md +16 -3
- package/content/knowledge/browser-extension/browser-extension-dev-environment.md +16 -3
- package/content/knowledge/browser-extension/browser-extension-manifest.md +17 -4
- package/content/knowledge/browser-extension/browser-extension-project-structure.md +15 -4
- package/content/knowledge/browser-extension/browser-extension-requirements.md +16 -4
- package/content/knowledge/browser-extension/browser-extension-security.md +19 -4
- package/content/knowledge/browser-extension/browser-extension-service-workers.md +17 -4
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
0.1.
|
|
1
|
+
0.1.10
|
|
@@ -1,13 +1,25 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: browser-extension-architecture
|
|
3
|
-
description:
|
|
4
|
-
|
|
3
|
+
description: >-
|
|
4
|
+
Component isolation across content scripts, background service workers, and popup pages; message passing patterns; and
|
|
5
|
+
state synchronization strategies
|
|
6
|
+
topics:
|
|
7
|
+
- browser-extension
|
|
8
|
+
- architecture
|
|
9
|
+
- message-passing
|
|
10
|
+
- state-synchronization
|
|
11
|
+
- service-worker
|
|
12
|
+
- content-scripts
|
|
5
13
|
volatility: evolving
|
|
6
|
-
last-reviewed:
|
|
7
|
-
version-pin:
|
|
14
|
+
last-reviewed: 2026-06-05
|
|
15
|
+
version-pin: Manifest V3
|
|
8
16
|
sources:
|
|
9
17
|
- url: https://developer.chrome.com/docs/extensions/mv3/architecture-overview
|
|
18
|
+
hash: sha256:138a4d2e5659d81c90bdf5914adef0d119793f3e665aeea5183863b06f469d12
|
|
19
|
+
retrieved: 2026-06-05
|
|
10
20
|
- url: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Anatomy_of_a_WebExtension
|
|
21
|
+
hash: sha256:25478eeaaec350aa31f533f52c1c34042cd13a133bd5add6d23f567265ce862b
|
|
22
|
+
retrieved: 2026-06-05
|
|
11
23
|
---
|
|
12
24
|
|
|
13
25
|
Browser extension architecture is fundamentally different from web app architecture because the application is split across multiple isolated execution environments that cannot share memory directly. Content scripts run inside host pages but in an isolated JavaScript world. Service workers run in a separate context that is terminated and re-created between events. Popup pages are ephemeral — they exist only while the popup is open. These constraints drive every architectural decision: communication is via message passing, state must be externalized to `chrome.storage`, and every component must tolerate being initialized from scratch at any time.
|
|
@@ -1,13 +1,25 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: browser-extension-content-scripts
|
|
3
|
-
description:
|
|
4
|
-
|
|
3
|
+
description: >-
|
|
4
|
+
DOM manipulation from content scripts, isolated worlds, CSS injection, and communicating with the host page via
|
|
5
|
+
postMessage
|
|
6
|
+
topics:
|
|
7
|
+
- browser-extension
|
|
8
|
+
- content-scripts
|
|
9
|
+
- dom-manipulation
|
|
10
|
+
- isolated-worlds
|
|
11
|
+
- css-injection
|
|
12
|
+
- postmessage
|
|
5
13
|
volatility: fast-moving
|
|
6
|
-
last-reviewed:
|
|
7
|
-
version-pin:
|
|
14
|
+
last-reviewed: 2026-06-05
|
|
15
|
+
version-pin: Manifest V3
|
|
8
16
|
sources:
|
|
9
17
|
- url: https://developer.chrome.com/docs/extensions/develop/concepts/content-scripts
|
|
18
|
+
hash: sha256:21d93ef79a4d62b9593ff5f7c28e095031baace9884dbc1128b18ea26194cec2
|
|
19
|
+
retrieved: 2026-06-05
|
|
10
20
|
- url: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Content_scripts
|
|
21
|
+
hash: sha256:6089f52945b1b44a6c9361351c91f0304634dc429bb822fa83c4e7ff109a37c2
|
|
22
|
+
retrieved: 2026-06-05
|
|
11
23
|
---
|
|
12
24
|
|
|
13
25
|
Content scripts are the extension's interface with the web page. They run inside the page's DOM but in an isolated JavaScript world — they see the same HTML and can manipulate the same elements, but they cannot access the page's JavaScript variables or prototype chain without explicitly crossing the world boundary. Understanding this isolation is essential for writing content scripts that are both functional and secure.
|
|
@@ -1,13 +1,23 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: browser-extension-conventions
|
|
3
3
|
description: Naming conventions for manifests, message action types, file organization, and i18n structure in browser extensions
|
|
4
|
-
topics:
|
|
4
|
+
topics:
|
|
5
|
+
- browser-extension
|
|
6
|
+
- conventions
|
|
7
|
+
- naming
|
|
8
|
+
- i18n
|
|
9
|
+
- file-organization
|
|
10
|
+
- messaging
|
|
5
11
|
volatility: evolving
|
|
6
|
-
last-reviewed:
|
|
7
|
-
version-pin:
|
|
12
|
+
last-reviewed: 2026-06-05
|
|
13
|
+
version-pin: Manifest V3
|
|
8
14
|
sources:
|
|
9
15
|
- url: https://developer.chrome.com/docs/extensions/reference/manifest
|
|
16
|
+
hash: sha256:873da4e4724c4352c91929415bcb9e7b98b79f7773e26bf4387ad0137ae69753
|
|
17
|
+
retrieved: 2026-06-05
|
|
10
18
|
- url: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Internationalization
|
|
19
|
+
hash: sha256:55fd96d3c9e92a0d13221f3485b9c7b82192a2fb95fa96586bfd2c091240ba04
|
|
20
|
+
retrieved: 2026-06-05
|
|
11
21
|
---
|
|
12
22
|
|
|
13
23
|
Browser extensions accumulate technical debt faster than typical web apps because they span multiple execution contexts — content scripts, service workers, popup pages, options pages — each with distinct constraints. Consistent naming conventions and file organization make cross-context code navigable and reduce the cognitive overhead of working across these boundaries. Establish conventions before writing code.
|
|
@@ -1,13 +1,26 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: browser-extension-cross-browser
|
|
3
|
-
description:
|
|
4
|
-
|
|
3
|
+
description: >-
|
|
4
|
+
Using webextension-polyfill for API compatibility, manifest differences between Chrome and Firefox, browser-specific
|
|
5
|
+
APIs, and managing a multi-browser build matrix
|
|
6
|
+
topics:
|
|
7
|
+
- browser-extension
|
|
8
|
+
- cross-browser
|
|
9
|
+
- firefox
|
|
10
|
+
- chrome
|
|
11
|
+
- webextension-polyfill
|
|
12
|
+
- compatibility
|
|
13
|
+
- build-matrix
|
|
5
14
|
volatility: evolving
|
|
6
|
-
last-reviewed:
|
|
15
|
+
last-reviewed: 2026-06-05
|
|
7
16
|
version-pin: null
|
|
8
17
|
sources:
|
|
9
18
|
- url: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Browser_support_for_JavaScript_APIs
|
|
19
|
+
hash: sha256:4b0a8d2d7f7db598b7c1b745e49b32e5408a7ca6a58a99450aea1e3bd01fde60
|
|
20
|
+
retrieved: 2026-06-05
|
|
10
21
|
- url: https://developer.chrome.com/docs/extensions/develop/migrate
|
|
22
|
+
hash: sha256:63ca45e8137178af34a42b750639120fe28502a27a59c476cfc77fb778f14b14
|
|
23
|
+
retrieved: 2026-06-05
|
|
11
24
|
---
|
|
12
25
|
|
|
13
26
|
Browser extensions that target both Chrome and Firefox share most of their codebase, but the differences between the two platforms are significant enough to require explicit management. API namespaces differ, manifest syntax diverges in subtle ways, and some APIs exist only in Chrome or only in Firefox. A systematic cross-browser strategy prevents the "works in Chrome, broken in Firefox" class of bugs.
|
|
@@ -1,13 +1,26 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: browser-extension-dev-environment
|
|
3
|
-
description:
|
|
4
|
-
|
|
3
|
+
description: >-
|
|
4
|
+
Build tooling with Webpack/Vite, hot reload via web-ext and crx-hotreload, and browser launch configuration for
|
|
5
|
+
extension development
|
|
6
|
+
topics:
|
|
7
|
+
- browser-extension
|
|
8
|
+
- dev-environment
|
|
9
|
+
- vite
|
|
10
|
+
- webpack
|
|
11
|
+
- hot-reload
|
|
12
|
+
- web-ext
|
|
13
|
+
- build
|
|
5
14
|
volatility: evolving
|
|
6
|
-
last-reviewed:
|
|
15
|
+
last-reviewed: 2026-06-05
|
|
7
16
|
version-pin: null
|
|
8
17
|
sources:
|
|
9
18
|
- url: https://developer.chrome.com/docs/extensions/get-started/tutorial/hello-world
|
|
19
|
+
hash: sha256:dc673d9b594c057cf68896851b5c211552f4b7f3876c22a568c95348b0155075
|
|
20
|
+
retrieved: 2026-06-05
|
|
10
21
|
- url: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Your_first_WebExtension
|
|
22
|
+
hash: sha256:0f4e414a029b2c3f6e6c1ba5709dd88822fc61cddde1ac58af60f3dffad8d53d
|
|
23
|
+
retrieved: 2026-06-05
|
|
11
24
|
---
|
|
12
25
|
|
|
13
26
|
Browser extension development requires a different local setup than web app development. There is no dev server to navigate to — the extension must be loaded into a real browser instance, and changes require either a manual reload or a dedicated hot-reload tool. Getting this setup right at the start of the project eliminates the most friction-heavy part of the development loop.
|
|
@@ -1,13 +1,26 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: browser-extension-manifest
|
|
3
|
-
description:
|
|
4
|
-
|
|
3
|
+
description: >-
|
|
4
|
+
Manifest V3 schema, permissions declarations, host_permissions, content_scripts configuration, and background
|
|
5
|
+
service_worker setup
|
|
6
|
+
topics:
|
|
7
|
+
- browser-extension
|
|
8
|
+
- manifest
|
|
9
|
+
- manifest-v3
|
|
10
|
+
- permissions
|
|
11
|
+
- content-scripts
|
|
12
|
+
- service-worker
|
|
13
|
+
- host-permissions
|
|
5
14
|
volatility: fast-moving
|
|
6
|
-
last-reviewed:
|
|
7
|
-
version-pin:
|
|
15
|
+
last-reviewed: 2026-06-05
|
|
16
|
+
version-pin: Manifest V3
|
|
8
17
|
sources:
|
|
9
18
|
- url: https://developer.chrome.com/docs/extensions/reference/manifest
|
|
19
|
+
hash: sha256:0bbe598d0affd4b9431dabcde7a0410f81e95b38092d6b258bf796135c438ab6
|
|
20
|
+
retrieved: 2026-06-05
|
|
10
21
|
- url: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json
|
|
22
|
+
hash: sha256:cea8bb2558b2918998720b80649d5e9551491afec633fede6d338f913b55a5bc
|
|
23
|
+
retrieved: 2026-06-05
|
|
11
24
|
---
|
|
12
25
|
|
|
13
26
|
The `manifest.json` is the contract between your extension and the browser. Every capability your extension uses must be declared here before it can be used. Manifest V3 (MV3) is the current standard, having replaced Manifest V2 (MV2) in Chrome. Understanding the MV3 schema in depth prevents runtime errors, store rejections, and security review failures.
|
|
@@ -1,13 +1,24 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: browser-extension-project-structure
|
|
3
|
-
description:
|
|
4
|
-
|
|
3
|
+
description: >-
|
|
4
|
+
Directory layout for browser extensions covering src/popup, src/content, src/background, src/options, public/icons,
|
|
5
|
+
and _locales
|
|
6
|
+
topics:
|
|
7
|
+
- browser-extension
|
|
8
|
+
- project-structure
|
|
9
|
+
- file-organization
|
|
10
|
+
- build
|
|
11
|
+
- icons
|
|
5
12
|
volatility: evolving
|
|
6
|
-
last-reviewed:
|
|
7
|
-
version-pin:
|
|
13
|
+
last-reviewed: 2026-06-05
|
|
14
|
+
version-pin: Manifest V3
|
|
8
15
|
sources:
|
|
9
16
|
- url: https://developer.chrome.com/docs/extensions/develop
|
|
17
|
+
hash: sha256:fc24f69c0d484d9806c95229ddf1c29a1fd9a03cc81ccc9f837548725171a5ef
|
|
18
|
+
retrieved: 2026-06-05
|
|
10
19
|
- url: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Anatomy_of_a_WebExtension
|
|
20
|
+
hash: sha256:25478eeaaec350aa31f533f52c1c34042cd13a133bd5add6d23f567265ce862b
|
|
21
|
+
retrieved: 2026-06-05
|
|
11
22
|
---
|
|
12
23
|
|
|
13
24
|
Browser extension project structure must account for multiple compilation targets (one bundle per execution context), static assets that bypass the build pipeline, and locale files consumed by the WebExtensions runtime. A well-organized project structure makes build configuration straightforward, keeps context-specific code isolated, and prevents accidentally importing browser APIs that are unavailable in a given context.
|
|
@@ -1,13 +1,25 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: browser-extension-requirements
|
|
3
|
-
description:
|
|
4
|
-
|
|
3
|
+
description: >-
|
|
4
|
+
User permissions model, store policies (Chrome Web Store, AMO), accessibility requirements, and performance budgets
|
|
5
|
+
for browser extensions
|
|
6
|
+
topics:
|
|
7
|
+
- browser-extension
|
|
8
|
+
- requirements
|
|
9
|
+
- permissions
|
|
10
|
+
- store-policies
|
|
11
|
+
- accessibility
|
|
12
|
+
- performance
|
|
5
13
|
volatility: evolving
|
|
6
|
-
last-reviewed:
|
|
7
|
-
version-pin:
|
|
14
|
+
last-reviewed: 2026-06-05
|
|
15
|
+
version-pin: Manifest V3
|
|
8
16
|
sources:
|
|
9
17
|
- url: https://developer.chrome.com/docs/webstore/program-policies
|
|
18
|
+
hash: sha256:b920f88cdb7ee59c5e91d45357680c06a781db04bdfc72aa242e3dde71862838
|
|
19
|
+
retrieved: 2026-06-05
|
|
10
20
|
- url: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/AMO/Policy
|
|
21
|
+
hash: sha256:9791bbdf9ed9ecd0f0b6b8478bda286ab4fce4c7544a0100186b5fa28988daa1
|
|
22
|
+
retrieved: 2026-06-05
|
|
11
23
|
---
|
|
12
24
|
|
|
13
25
|
Browser extension requirements differ fundamentally from web app requirements because the extension operates inside a user's browser with elevated trust and broad access to browsing data. Every permission requested must be justified, every store policy must be understood before writing code, and performance budgets must be set early because extensions run on every page a user visits — regressions directly degrade the entire browsing experience.
|
|
@@ -1,14 +1,29 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: browser-extension-security
|
|
3
|
-
description:
|
|
4
|
-
|
|
3
|
+
description: >-
|
|
4
|
+
Content Security Policy for extensions, prohibitions on eval and inline scripts, host permissions principle of least
|
|
5
|
+
privilege, and XSS prevention in extension UIs
|
|
6
|
+
topics:
|
|
7
|
+
- browser-extension
|
|
8
|
+
- security
|
|
9
|
+
- csp
|
|
10
|
+
- xss
|
|
11
|
+
- permissions
|
|
12
|
+
- least-privilege
|
|
13
|
+
- eval
|
|
5
14
|
volatility: evolving
|
|
6
|
-
last-reviewed:
|
|
7
|
-
version-pin:
|
|
15
|
+
last-reviewed: 2026-06-05
|
|
16
|
+
version-pin: Manifest V3
|
|
8
17
|
sources:
|
|
9
18
|
- url: https://developer.chrome.com/docs/extensions/reference/manifest/content-security-policy
|
|
19
|
+
hash: sha256:e4c7c42933e4e917edd5cf2b5aa3e3d6a13f07ebdfad927d4bda567f6c8c175f
|
|
20
|
+
retrieved: 2026-06-05
|
|
10
21
|
- url: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Content_Security_Policy
|
|
22
|
+
hash: sha256:d06e2e28a6173edd2dfd58b02f2d5c5e0665a76da98dea2b4f9a8f07c2ecfb4d
|
|
23
|
+
retrieved: 2026-06-05
|
|
11
24
|
- url: https://owasp.org/www-community/attacks/xss/
|
|
25
|
+
hash: sha256:e2d634a57647ee73a8aced85e0950560020e44324931468de07e36d1bba49c1d
|
|
26
|
+
retrieved: 2026-06-05
|
|
12
27
|
---
|
|
13
28
|
|
|
14
29
|
Browser extensions run with elevated browser privileges compared to ordinary web pages. A compromised extension can read browsing history, intercept network requests, steal cookies, and inject content into any page it has permission to access. Security is not optional — it is a first-class requirement enforced by the browser, the store review process, and the trust of every user who installs the extension.
|
|
@@ -1,13 +1,26 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: browser-extension-service-workers
|
|
3
|
-
description:
|
|
4
|
-
|
|
3
|
+
description: >-
|
|
4
|
+
Extension service worker lifecycle (install/activate), event-driven programming model, alarms API for recurring tasks,
|
|
5
|
+
and persistent state via chrome.storage
|
|
6
|
+
topics:
|
|
7
|
+
- browser-extension
|
|
8
|
+
- service-worker
|
|
9
|
+
- lifecycle
|
|
10
|
+
- alarms
|
|
11
|
+
- chrome-storage
|
|
12
|
+
- event-driven
|
|
13
|
+
- background
|
|
5
14
|
volatility: fast-moving
|
|
6
|
-
last-reviewed:
|
|
7
|
-
version-pin:
|
|
15
|
+
last-reviewed: 2026-06-05
|
|
16
|
+
version-pin: Manifest V3
|
|
8
17
|
sources:
|
|
9
18
|
- url: https://developer.chrome.com/docs/extensions/develop/concepts/service-workers
|
|
19
|
+
hash: sha256:088fdeebf41909724c31ae64f779d25853ce91dab3d30d48fe6876beb697984a
|
|
20
|
+
retrieved: 2026-06-05
|
|
10
21
|
- url: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Background_scripts
|
|
22
|
+
hash: sha256:74c09f9ce0e40ed769c4c1128493ee5749df7b9d5359b7a815c6dfbd18069aff
|
|
23
|
+
retrieved: 2026-06-05
|
|
11
24
|
---
|
|
12
25
|
|
|
13
26
|
The Manifest V3 background service worker is the most architecturally disruptive change from MV2. The persistent background page that could hold state indefinitely is gone. Service workers are event-driven and ephemeral — Chrome terminates them when idle and restarts them when events arrive. Every design decision for background logic must account for this constraint.
|