Hushbug — Bug Detection for Developers

A silent QA engineer that watches every page you touch and catches what you miss. Passive bug detection — zero setup, zero SDK.

Hushbug monitors your browser for bugs while you work. Console errors, failed API calls, layout shifts, accessibility violations, mixed content, missing security headers -- it catches the problems that happen while you are looking at something else. You install it. You keep coding. When something breaks, the badge turns red and shows a count. Open the side panel to see what happened, with full stack traces, HTTP details, element selectors, and timestamps. Dismiss the noise, suppress recurring false positives, and copy the useful stuff to your clipboard in a format Claude Code or Cursor can actually parse. No SDK integration. No account creation. No data leaves your browser. Everything Hushbug detects stays in chrome.storage.local on your machine. WHAT IT DETECTS Hushbug runs 10 detectors organized into 5 categories: Console -- Catches uncaught exceptions, unhandled promise rejections, and console.error() calls. Includes the full error message and stack trace when the browser provides one. Network -- Flags failed fetch() and XHR requests (HTTP 4xx and 5xx responses). Includes the URL, method, status code, and response time in milliseconds. A separate slow resource detector flags requests that exceed per-type thresholds (3s for images, 4s for stylesheets, 5s for scripts, 10s for API calls). Performance -- Detects Cumulative Layout Shift (CLS) events above your threshold and flags potential memory leaks by monitoring JS heap size growth patterns. Also flags deprecated browser APIs your code is calling. Accessibility -- Finds images without alt text, form inputs without labels, and elements missing required ARIA roles. A separate low-contrast detector calculates text-to-background contrast ratios against WCAG AA standards and shows you the exact ratio vs. the threshold. Security -- Detects mixed content (HTTP resources loaded on HTTPS pages) and scans for missing security headers (CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy). HOW IT WORKS Hushbug injects a thin content script into every page you visit. The script patches console.error, fetch, and XMLHttpRequest to intercept calls, and uses browser-native APIs (PerformanceObserver, MutationObserver) to detect performance and DOM issues. All detection runs in the page's JavaScript context so it sees exactly what your code sees. Detections are deduplicated in the content script (5-second local window), then sent to a service worker that runs global dedup against stored issues, applies your suppression rules, and updates the badge. The side panel reads directly from chrome.storage.local and updates in real time via storage change listeners. The content script adds under 5ms of overhead per page interaction. The total bundle is under 200KB. Hushbug uses no remote servers, no analytics, and no telemetry. FREE VS. PRO The free tier includes two detectors -- ConsoleError and NetworkFailure -- with no time limit and no account required. You get the badge, the side panel, the issue list, dismiss, and clipboard export. If the only bugs you care about are console errors and broken API calls, the free tier does the job. Pro ($7/month) unlocks all 10 detectors, suppression patterns (create reusable rules that auto-hide recurring noise), custom detection thresholds, baseline snapshots (save the current state of a page and compare it on your next visit to catch regressions), and persistent issue history across sessions. No Pro+ tier, no enterprise tier, no per-seat pricing. One plan at $7/month or $67/year. License key via Stripe checkout -- paste it into the extension settings and you are done. PERMISSIONS Hushbug requests five permissions: storage: Stores detected issues, suppression rules, baselines, and settings locally. Nothing is sent to any server. sidePanel: Opens the issue review panel when you click the extension icon. activeTab: Required to read the current page URL and set the badge count per tab. alarms: Runs periodic cleanup to evict old issues (every 30 minutes) and enforce storage caps. tabs: Manages per-tab badge state when you switch tabs and cleans up stored data when tabs close. That is the full list. No host permissions, no remote code, no debugger access. WHO THIS IS FOR Hushbug fills a specific gap: the space between "I have no monitoring" and "I integrated the Sentry SDK into my app." If you are a solo developer or on a small team, shipping to production without dedicated QA, and your current bug detection strategy is "I hope I notice it in the console" -- this is for you. It is not a replacement for Sentry, Datadog, or LogRocket. Those tools monitor production with SDK integration. Hushbug monitors your development browser with zero integration. Different problem, different workflow, different price point. PRIVACY Hushbug collects no user data. No analytics. No telemetry. No phone-home after license validation. Every detection, every suppression pattern, every baseline snapshot lives in chrome.storage.local on your machine and nowhere else. The extension makes exactly one network request ever: validating your license key with Stripe when you enter it. After that, nothing. FAQ Q: Does Hushbug slow down my pages? A: The content script adds under 5ms per page interaction. Detections are batched (500ms window) and rate-limited (max 10 per second). If a page generates extreme detection volume, Hushbug automatically throttles. Performance budgets are enforced per detector. Q: Does it work on localhost? A: Yes, localhost and 127.0.0.1 are monitored by default. You can toggle this off in the Config tab. Q: Does it work on pages I did not build? A: Yes. Hushbug monitors every page you visit. This is useful for debugging client sites, auditing third-party tools, or checking staging environments. Suppress what is not relevant. Q: Will it conflict with other extensions or Sentry SDK? A: Hushbug preserves original console and fetch functions before patching. Your other tools still receive the same calls. Hushbug intercepts and records, then passes through. Q: What about Single Page Apps? A: Hushbug patches pushState and replaceState to detect SPA navigation. When the URL changes, the detection engine resets and re-monitors the new route.