🤷‍♂️ What is Matlock?

Matlock is our first attempt at building an extension (currently for Chrome and Firefox) which detects and lists the Open Source libraries a webpage is using, along with relevant data about those libraries.

At the moment, this is limited to GitHub-hosted libraries, but we do have tests for 1,000+ libraries (and counting).

📸 Example Screenshots


🔨 How does it work?

Matlock works by running a series of tests on each page you navigate to, checking for specific variables, strings, headers, cookies 🍪 or function responses.

The results of these tests tell Matlock whether a certain library is being used, and in some cases, which version.

👮‍♀ ️Why does Matlock require so many permissions?

Here's a breakdown of each of the permissions Matlock needs, and the reason why:

<all_urls>

This permission allows Matlock to run on each of the pages you browse.

It's the core permission required to test the Matlock breadcrumbs 🍞.

cookies 🍪

This permission allows Matlock to access the cookies 🍪 that are saved for the webpages you visit.

It's particularly useful for determining the frameworks that a webpage may possibly be running on.

storage

The storage permission is required to cache the response of certain requests.

tabs

This permission is required to load Matlock in each of your open tabs upon installation, without requiring you to reload each tab.

webRequest

This permission allows Matlock to access the headers for webpages you visit.

It's useful for determining Open Source libraries which include programming languages, frameworks, or servers that a webpage may be running on.

This one is important because there are ways where we can artifically determine this by re-requesting the page you're on, and checking those headers. However doing this is risky, and while some other extensions use this approach, this can cause serious security issues (eg. re-submitting requests on poorly designed financial websites).


Breadcrumbs are JavaScript files that Matlock use to determine whether an Open Source library is being used, and if so, which version is being used.

Quick examples:

Existential testing

The following approaches are used for determining whether an Open Source library is being used on a page:

Coming soon

Version testing

The following approaches are used for determining the (possible) version of an Open Source library that is being used on a page:

Coming soon


👬 Who's behind it?

Matlock was built by Oliver Nassar and Adam Masson. We're based in Toronto 🇨🇦, and we both like coffee ☕.

🙏 Acknowledgments