Manifest.js
crx-monkey requires a manifest file called manifest.js to configure the extension.
This is automatically generated by create-crx-monkey.
This file exports by default the manifest v3 object with its own options included.
/ @ts-check
/** @type {import('crx-monkey').CrxMonkeyManifest} */
const manifest = {
name: 'name',
version: '1.0.0',
manifest_version: 3,
description: 'description',
content_scripts: [
{
matches: ['https://example.com/*'],
js: ['src/contentScript/contentScript.ts'],
css: ['src/contentScript/style.css'],
run_at: 'document_idle',
world: 'MAIN',
connection_isolated: true,
userscript_direct_inject: true,
bind_GM_api: false,
trusted_inject: false
},
],
background: {
service_worker: 'src/sw/sw.ts',
},
icons: {
16: 'public/icon/icon16.png',
48: 'public/icon/icon48.png',
128: 'public/icon/icon128.png',
},
action: {
default_popup: 'src/popup/index.html',
},
};
export default manifest;
CRX MONKEY proprietary options defined
connection_isolated
Enable Connector required API in content scripts.
{
"content_scripts": [
{
"connection_isolated": true,
}
]
}
userscript_direct_inject
When run as a user script, it executes the script directly on the page, not on the sandbox.
When this option is enabled, an unsafeWindow is automatically added to the @grant in the userscript header.
{
"content_scripts": [
{
"userscript_direct_inject": true
}
]
}
bind_GM_api
{
"content_scripts": [
{
"bind_GM_api": true
}
]
}
This is a means of using the GM API when code is running directly on the DOM with userscript_direct_inject enabled.
We will try to hide as much as possible by using random variable names, but the security is undeniably reduced.
trusted_inject
{
"content_scripts": [
{
"trusted_inject": true
}
]
}
When userscript_direct_inject is enabled, scripts are injected into the DOM using Trusted Types if the browser supports it.