Skip to main content
The Investigate feature is a powerful query tool that lets you search across multiple collections of extension data. Instead of looking up individual extensions, you can query specific attributes to find patterns, track trends, and identify extensions that match certain criteria.

Features

Collection Selection

Choose which type of data to query from six available collections:
  • Extensions - Core extension metadata and information
  • URLs - External domains and URLs used by extensions
  • Reviews - User reviews and ratings from marketplaces
  • Vulnerabilities - Known security vulnerabilities and CVEs
  • Signatures - Security pattern matches and threat detections
  • Manifest - Configuration-level security risks

Query Builder

Build custom queries with three simple components:
  1. Collection - Select the data type to search
  2. Field - Choose which attribute to filter by
  3. Value - Enter the value to match
For example:
  • Search Extensions where owner = ubo@raymondhill.net
  • Search URLs where domain = googleapis.com
  • Search Reviews where rating = 1
  • Search Vulnerabilities where severity = High

Column Customization

Customize your results table to show only the information you need:
  • Toggle columns on/off using the Columns dropdown
  • Available columns vary by collection
  • Column preferences are remembered per collection
  • Quickly focus on the most relevant data points

Platform Filtering

Filter results by marketplace platform:
  • Select Chrome, Edge, Firefox, VS Code, or OpenVSX
  • Platform filter applies to all queries
  • Quickly narrow down results to specific ecosystems
  • Consistent platform selection across your investigation

Results Table

Interactive table displaying your query results:
  • Sortable Columns - Click headers to sort data
  • Extension Links - Click extension IDs to view full details in a new tab
  • Expandable Rows - Click rows to expand and see more details
  • Result Count - See total number of matching results
  • Real-time Updates - Results update as you refine queries

Pagination

Navigate through large result sets efficiently:
  • 25 results per page by default
  • Previous/Next navigation buttons
  • Direct page number input for quick jumping
  • Page count display showing current position
  • Total result count always visible

Prebuilt Queries

Get started quickly with example queries:
  • Extensions owned by an email - Find all extensions from a specific publisher
  • Reviews left by a user - Track reviews from specific users
  • Extensions using a domain - Identify extensions connecting to certain domains
  • Low-rated reviews - Find extensions with poor user feedback
Click any prebuilt query to run it immediately and see results.

Available Fields by Collection

Extensions Collection

Query extension metadata including:
  • Extension ID, Name, Version
  • User count, Rating, Number of ratings
  • Owner, Organization
  • Last updated date
  • Website, Support site
  • Overview/Description
  • Permission hash (permhash), SHA256 hash
  • Manifest version
  • Visibility (public/unlisted)
  • Privacy data collected
  • Privacy terms
  • Featured status
  • Active status

URLs Collection

Query external communications including:
  • Extension ID
  • Domain name
  • Full URL
  • File path where URL is used
  • Extension version

Reviews Collection

Query user feedback including:
  • Extension ID
  • Review date
  • Rating (1-5 stars)
  • Username
  • Review text

Vulnerabilities Collection

Query security issues including:
  • Extension ID
  • Vulnerability name
  • Component/Package name
  • Extension version
  • Severity level
  • CVE identifiers
  • File path
  • Detection method
  • Vulnerable version range
  • Summary and details

Signatures Collection

Query pattern matches including:
  • Extension ID
  • Signature name
  • File path
  • Rule identifier
  • Author
  • Description
  • Extension version
  • Reference links
  • Tags

Manifest Collection

Query configuration risks including:
  • Extension ID
  • Risk type
  • Description
  • Severity level
  • Risk ID
  • Extension version

Use Cases

Security Research

  • Find all extensions from a compromised publisher
  • Identify extensions using suspicious domains
  • Track extensions with specific vulnerabilities
  • Discover extensions with dangerous permissions

Trend Analysis

  • Compare user adoption across publishers
  • Track review sentiment patterns
  • Monitor version update frequency
  • Analyze rating distributions

Threat Intelligence

  • Correlate malicious patterns across extensions
  • Track signature matches across versions
  • Identify supply chain vulnerabilities
  • Monitor suspicious network communications

Tips for Effective Investigation

Use Exact Matches

  • Field searches are exact matches (not partial)
  • For domains, use just the domain name (e.g., googleapis.com not https://googleapis.com)
  • For numeric fields like rating, use the exact number
  • Click extension IDs in results to view full details
  • Use Investigate to find candidates, then Search for deep analysis
  • Results open in new tabs so you don’t lose your place

Save Common Queries

  • Bookmark URLs with your query parameters
  • Share investigation URLs with team members
  • URL includes all query state for reproducibility
I