Building Chromegg: A Chrome Extension for Real-Time Secret Detection

Chromegg, a Chrome extension designed to prevent secret leakage through web forms, offers real-time scanning of form fields using GitGuardian's API, alerting users to potential leaks before submission. It addresses the common issue of accidentally exposing sensitive information, such as API keys, by providing immediate visual feedback with a red border around field containing secrets. Built with Chrome's Manifest V3, Chromegg emphasizes security through minimal permissions and a strict Content Security Policy, while using a background service worker to handle API calls and bypass CORS restrictions. The extension optimizes performance by aggregating form data into single API requests, using chunking to manage large payloads, and implementing batched DOM updates for efficient UI rendering. Chromegg supports two operational modes: an automatic continuous scan mode for constant protection and a manual mode to control scan initiation, making it versatile for different user needs. Open-sourced on GitHub, Chromegg exemplifies best practices in extension development and offers extensive testing to ensure compatibility with various forms, highlighting its viability and utility in preventing data exposure.