M2K Developments

Contact Us

2 Understanding Chrome Extensions Manifest.json

When diving into the world of Chrome extensions, the manifest.json file is your essential roadmap. It’s the cornerstone that defines your extension’s identity, capabilities, and permissions. Think of it as the DNA of your extension, detailing everything from its name and version to the specific permissions it needs to function. Understanding this file is crucial for any budding developer looking to create powerful and efficient Chrome extensions. For a detailed breakdown of each section and more, check out the official Chrome extension documentation (https://developer.chrome.com/docs/extensions/reference/manifest) provided by Google.

When working with Chrome extensions, it’s important to understand the differences between Manifest V2 and Manifest V3, especially since Manifest V3 brings significant improvements and is now recommended for all new extensions.

Manifest V2 vs. Manifest V3:

Security Enhancements:

  • Manifest V3 introduces a more robust security model. It replaces background pages with service workers, which are more efficient and secure. This change reduces the extension’s potential attack surface and improves overall performance.
  • Manifest V2 uses persistent background pages, which can lead to higher memory usage and potential security risks.

Permissions and Privacy:

  • Manifest V3 enforces stricter permissions, ensuring that extensions only request the permissions they truly need. This change enhances user privacy and security.
  • Manifest V2 allowed for broader permission requests, which could lead to over-permissioning and privacy concerns.

Declarative Net Request:

  • Manifest V3 introduces the declarativeNetRequest API, which allows extensions to modify network requests declaratively. This approach is more secure and performant compared to the webRequest API used in Manifest V2.
  • Manifest V2 relies on the webRequest API, which can lead to performance issues and security vulnerabilities due to its imperative nature.

Background Service Workers:

  • Manifest V3 uses service workers for background tasks, providing a more modern and efficient way to handle background activities.
  • Manifest V2 uses background pages, which remain in memory as long as the extension is active, leading to higher resource consumption.

Content Security Policy (CSP):

  • Manifest V3 enforces stricter CSP rules, which help mitigate cross-site scripting (XSS) attacks and improve overall security.
  • Manifest V2 has more lenient CSP rules, which can be less secure.

Why Manifest V3 is Recommended:

The primary reason to adopt Manifest V3 is that it is now the recommended standard by Google for all new extensions. Starting from January 2023, the Chrome Web Store only accepts new extensions that use Manifest V3. This shift ensures that all new extensions adhere to the latest security and performance standards. Additionally, Manifest V3 extensions benefit from improved performance, enhanced security, and better privacy controls, aligning with the latest web development best practices.

How to write a manifest.json file

name , manifest_version and version are required.

{
  "manifest_version": 3,
  "name": "My Awesome Extension",
  "version": "1.0",
  "description": "A simple Chrome extension example.",
  "icons": {
    "16": "icons/icon16.png",
    "48": "icons/icon48.png",
    "128": "icons/icon128.png"
  },
  "action": {
    "default_popup": "popup.html",
    "default_icon": {
      "16": "icons/icon16.png",
      "48": "icons/icon48.png",
      "128": "icons/icon128.png"
    }
  },
  "permissions": [
    "activeTab",
    "storage"
  ],
  "background": {
    "service_worker": "background.js"
  },
  "content_scripts": [
    {
      "matches": ["<all_urls>"],
      "js": ["content.js"]
    }
  ],
  "web_accessible_resources": [
    {
      "resources": ["images/*"],
      "matches": ["*://*/*"]
    }
  ]
}

For a comprehensive guide on all aspects of the manifest.json file, visit the official Chrome extension documentation provided by Google.

  • manifest_version: Specifies the version of the manifest file format. 3 is the current version.
  • name: The name of your extension as it will appear in the Chrome Web Store and the extensions management page.
  • version: The version of your extension using the format MAJOR.MINOR.PATCH. This helps users know if they have the latest version.
  • description: A brief description of what your extension does.
  • icons: Defines the icons used by the extension in different sizes (16×16, 48×48, and 128×128 pixels).
  • action: Specifies the default behavior of the extension’s action button, including the popup that appears when clicked and the default icon.
  • permissions: Lists the permissions the extension needs, such as accessing active tabs and using the storage API.
  • background: Specifies a service worker script for handling background tasks.
  • content_scripts: Defines scripts that will run in the context of web pages matching the specified patterns. Here, content.js runs on all URLs.
  • web_accessible_resources: Specifies resources (like images) that can be accessed by web pages or scripts.

Leave a Reply

Your email address will not be published. Required fields are marked *

More Articles & Posts

Search

Popular Posts

Categories

Archives

Tags

There’s no content to show here yet.

Follow Us