Skip to content

SunHuawei/SourceDetector

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

49 Commits
.github
.github
 
 
docs
docs
 
 
public
public
 
 
rules
rules
 
 
scripts
scripts
 
 
src
src
 
 
tests
tests
 
 
.cursorrules
.cursorrules
 
 
.eslintrc.json
.eslintrc.json
 
 
.ga4-website-measurement-id
.ga4-website-measurement-id
 
 
.gitignore
.gitignore
 
 
.nvmrc
.nvmrc
 
 
.prettierrc
.prettierrc
 
 
CHANGELOG.md
CHANGELOG.md
 
 
E2E_TEST_REPORT.md
E2E_TEST_REPORT.md
 
 
LAUNCH_CHECKLIST.md
LAUNCH_CHECKLIST.md
 
 
LICENSE
LICENSE
 
 
PRIVACY.md
PRIVACY.md
 
 
README.ja.md
README.ja.md
 
 
README.md
README.md
 
 
README.zh-CN.md
README.zh-CN.md
 
 
TEST_REPORT.md
TEST_REPORT.md
 
 
TEST_STRATEGY.md
TEST_STRATEGY.md
 
 
eslint.config.js
eslint.config.js
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
playwright.config.ts
playwright.config.ts
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

Source Detector

English | 简体中文 | 日本語

Source Detector is a Chrome extension for discovering source maps, collecting client-side artifacts, and detecting potential secret leakage in web assets.

What it does

  • Detects source map files on visited pages
  • Detects potential API/AI key leakage via built-in and custom rules
  • Shows popup risk summaries with drill-down evidence
  • Provides a unified Source Explorer for domains, pages, versions, and code evidence
  • Supports ZIP export for selected versions or domain batches
  • Lets you manage built-in and custom scanner rules from Settings

Who it is for

  • Security researchers
  • Bug bounty hunters
  • Front-end engineers
  • Developers auditing client-side exposure

How it works

  1. Visit a website in Chrome.
  2. Source Detector watches relevant client-side assets and source map references.
  3. The extension stores findings locally on your device.
  4. Built-in and custom rules scan collected assets for risky patterns.
  5. You review evidence in the popup / explorer and export artifacts when needed.

Privacy and permissions

Source Detector is designed to work locally on your device.

  • Local-first storage for collected artifacts and settings
  • No account required
  • No remote backend required for core functionality
  • Permissions are used for source map discovery, local storage, and analysis workflows

Read the full policy here:

Install

Chrome Web Store

Install here:

Local development

  1. Clone the repository
  2. Install dependencies
  3. Start watch build:
npm run dev:chrome
  1. Load extension in Chrome:
    • Open chrome://extensions
    • Enable Developer mode
    • Click Load unpacked
    • Select dist/chrome

Build

npm run build:chrome

Artifacts:

  • Unpacked extension: dist/chrome
  • Packed zip: dist/source-detector-chrome.zip

Automated GitHub Release

This repo includes .github/workflows/release.yml.

Trigger

  • Push a semver tag: v*.*.* (example: v1.3.1)
  • Or run manually from Actions → Release Extension → Run workflow

What it does

  1. npm ci
  2. npm run build:chrome
  3. Verifies dist/source-detector-chrome.zip
  4. Creates or updates a GitHub Release and uploads the zip artifact

Feedback

License

MIT

About

Discover source maps. Inspect client-side assets. Catch risky leaks faster.

sunhuawei.github.io/SourceDetector/

Resources

Readme

License

MIT license
Activity

Stars

630 stars

Watchers

7 watching

Forks

76 forks
Report repository

Releases 5

Source Detector v1.4.1 Latest
Mar 19, 2026
+ 4 releases

Packages

 
 
 

Contributors

Languages