Stylus
🔍 Security Report Available View on Chrome Web StoreChrome will indicate if you already have this installed.
Overview
Redesign your favorite websites with Stylus, an actively developed and community driven userstyles manager. Easily install custom themes from popular online repositories, or create, edit, and manage your own personalized CSS stylesheets.
Features
* Versatility of theme installation options. Stylus supports installs from popular online repositories. Additionally, styles can now also be installed from .user.css or .user.styl URLs (see Usercss format documentation in our github wiki).
* A backup feature for your entire database of installed styles which is compatible with other userstyles managers.
* An intuitive and configurable automatic update function for installed styles.
* A highly customizable UI, including theming, optional layouts, icon and badge color choices, along with many other tweaks.
* Two different optional code validators with user configurable rules.
Useful Links
* Beta version: https://chrome.google.com/webstore/detail/stylus-beta/apmmpaebfobifelkijhaljbmpcgbjbdo
* Source code: https://github.com/openstyles/stylus
* Video tutorial: https://youtu.be/fCVvGwoF5cQ
* Chat room: https://discord.gg/tzXVNJz
* Frequently asked questions: https://github.com/openstyles/stylus/wiki/FAQ
* Technical bug report: https://github.com/openstyles/stylus/issues
* General discussion and bug report: https://add0n.com/stylus.html#reviews
* Localization: https://www.transifex.com/github-7/Stylus/dashboard/
Permissions
Stylus uses only a small subset of each permission. As you can see in WebExtensions API documentation or simplified tutorials, there's no way to apply any modifications to a web page without gaining the full access permission to that page. Stylus is mostly used to apply global themes, which is why it requests a global permission. In the future we might be able to implement a more granular approach but it's not exactly trivial.
* Read and change all your data on the websites you visit - required for the style elements to be added into the page, not to access any of your data.
Privacy Policy
Unlike other similar extensions, we don't find you to be all that interesting. Your questionable browsing history should remain between you and the NSA. Stylus collects nothing. Period.
See https://github.com/openstyles/stylus/blob/master/privacy-policy.md
Tags
Privacy Practices
Security Analysis — Stylus
Permissions
Package Contents
What This Extension Does
Stylus lets users install custom CSS themes on websites to change their appearance.
Your Data
The extension does not access personal data or send information outside the browser, as it only modifies webpage styles locally.
Code Findings
No automated code flags were raised for this extension.
Trustworthiness
- Developer: Developer is not explicitly named, but the source code is hosted on GitHub under openstyles/stylus.
- Privacy Policy: A privacy policy exists and states that no data is collected. It aligns with the extension's behavior as described in this scan.
- Install Base: With 800,000 users and active development indicated through GitHub activity, Stylus appears to be a well-maintained extension.
Nothing in this scan suggests behavior beyond what is needed for managing website themes. Users can confidently install it based on its stated purpose.
Extension Overview
Stylus lets users install custom CSS themes on websites to change their appearance.
Data Exposure (Technical)
No external domains are referenced. The extension operates entirely within the browser environment and does not transmit any data to third parties.
Code Findings
No automated code flags were raised for this extension.
Code Analysis
- Obfuscation: none
- Content Security Policy: Content Security Policy is not set, which may allow some unsafe script execution or inline content if present.
- Architecture: The extension appears to be built using Manifest V2 or an older version with no background service worker. It likely injects styles via content scripts without a persistent background process.
Transparency
- Developer: Developer is not explicitly named, but the source code is hosted on GitHub under openstyles/stylus.
- Privacy Policy: A privacy policy exists and states that no data is collected. It aligns with the extension's behavior as described in this scan.
- Code Visibility: Source code is publicly available on GitHub, making it auditable by independent developers or security researchers.
- Install Base: With 800,000 users and active development indicated through GitHub activity, Stylus appears to be a well-maintained extension.
The extension has minimal attack surface due to lack of network access or high-risk permissions, but the absence of a Content Security Policy raises concerns about potential code injection vulnerabilities if future updates introduce dynamic script loading. The architecture is typical for a style manager and does not present immediate risks beyond standard browser extension threats.
