UnmapJS – Source Map Exposure Scanner

Finds exposed JavaScript source maps and downloads recoverable source files as a ZIP archive.

UnmapJS helps security researchers and developers check whether a web application exposes JavaScript source maps in production. What it does: - Scans the current tab for JavaScript chunks and source map references - Verifies source map availability and extracts recoverable source files - Exports recovered files as a ZIP for analysis Privacy-first behavior: - Site access is requested per-site when you click Analyze - Auto-scan is optional and off by default - Notifications are optional and off by default - Data is processed locally in your browser and stored in chrome.storage.local - No external analytics, no selling of user data Important: Use only on applications you own or are explicitly authorized to test. Permission justification (for CWS form) - activeTab: run analysis on the user's currently active tab after explicit action. - scripting: collect in-page script/resource references needed for source map discovery. - downloads: save recovered source files as ZIP. - storage: save user settings. - tabs: read active tab URL for current-tab analysis. - notifications: optional alert when auto-scan finds exposed sources. - optional_host_permissions (<all_urls>): enables user-granted, per-origin scanning without permanent global access.