Save Grandma is a Chrome extension that detects phishing attempts in Gmail using DOM-based analysis. This runs locally in your browser for perfect privacy. Click on warning icons (
The extension uses direct DOM manipulation to analyze Gmail emails for better privacy and no external dependencies.
Key Features:
- Privacy-First: No external requests or dependencies. All functionality is self-contained within the extension.
- DOM-Based Analysis: Directly analyzes Gmail's DOM structure to extract email content
- Local Processing: All email analysis happens locally in your browser
- No Data Collection: Your emails never leave your device
Dependencies:
- Compromise.js for English grammar/spelling analysis in email content
npm install
npm run buildBuild Output: The build process creates separate bundles for different parts of the extension:
dist/content-script.bundle.js- Gmail content scriptdist/popup.bundle.js- Extension popup interfacedist/service-worker.bundle.js- Background service workerdist/popup.html&dist/popup.css- Popup assets
Available Build Commands:
# Build the extension
npm run build
# Build and run tests
npm run build-and-test
# Run tests only
npm test
# Run tests in watch mode
npm run test:watch
# Run tests with coverage report
npm run test:coverage- Open Chrome and go to
chrome://extensions - Enable "Developer mode" (toggle in top right)
- Click "Load unpacked extension"
- Select the SaveGrandma directory
The extension follows a modern modular architecture:
src/
├── common/ # Shared utilities and modules
│ ├── chromeApi/ # Chrome extension API wrappers
│ ├── domUtils/ # DOM manipulation utilities
│ ├── stats/ # Statistics tracking system
│ ├── storage/ # Data persistence layer
│ └── whitelist/ # Email whitelist management
├── contentScripts/ # Content script logic
│ └── gmail/ # Gmail-specific content script
├── frontend/ # User interface components
│ └── popup/ # Extension popup interface
└── serviceWorker/ # Background service worker
Key Components:
- Content Scripts: Inject into Gmail pages to analyze emails
- Popup Interface: User-facing dashboard with statistics and controls
- Service Worker: Background processing and messaging
- Common Modules: Reusable utilities for DOM manipulation, storage, and statistics
The project includes a comprehensive Jest testing suite with 70% coverage requirements:
# Run all tests
npm test
# Run tests in watch mode (re-runs on file changes)
npm run test:watch
# Run tests with coverage report
npm run test:coverageTest Structure:
- Tests are located in
__tests__directories alongside the code they test - Chrome extension APIs are automatically mocked in the test environment
- Coverage thresholds: 70% minimum for branches, functions, lines, and statements
Testing Chrome Extension APIs:
test('should use chrome storage', () => {
// Chrome APIs are already mocked
expect(global.chrome.storage.local.set).toBeDefined();
});See TESTING.md for detailed testing documentation.
- Open Gmail in a new tab
- Click the SaveGrandma extension icon in the Chrome toolbar to open the popup menu
- The popup will show:
- App name and logo
- Statistics (emails scanned, threats identified, emails whitelisted)
- Whitelist management (view, remove individual emails, or clear all)
- Help link to support form
- Open Chrome Developer Tools (F12) and check the Console tab for SaveGrandma logs
- You should see:
SaveGrandma: Extension loading (DOM-based approach)...SaveGrandma: Status changed to: initializingSaveGrandma: DOM monitoring initialized successfullySaveGrandma: Status changed to: initializedSaveGrandma: Email analysis complete(when emails are processed)
The extension includes comprehensive debug tracking:
- Status Tracking: Monitor DOM monitoring and initialization status
- Event Logging: Track all email detection and analysis events
- Error Handling: Capture and log any errors that occur
- Periodic Updates: Status checks every 30 seconds
- Global Debug Object: Access
window.SaveGrandmaDebugin console for detailed info
Debug Commands (run in console):
// Check current status
SaveGrandmaDebug.status
// View all detected messages
SaveGrandmaDebug.messageViews
// View all detected threads
SaveGrandmaDebug.threadViews
// View any errors
SaveGrandmaDebug.errors
// Get full debug info
SaveGrandmaDebug
// Check save failure counts (new in v2.1)
SaveGrandmaDebug.getSaveFailureCounts()
// Reset save failure counts (new in v2.1)
SaveGrandmaDebug.resetSaveFailureCounts()The extension is fully functional with DOM-based email analysis (v2.0.0):
- ✅ Manifest V3 Compatible: Updated to use Chrome's latest extension standard
- ✅ DOM-Based Integration: Uses Gmail DOM manipulation for complete privacy
- ✅ Webpack Bundling: Properly bundles extension code (no external dependencies)
- ✅ Privacy-First: Emails scanned and analyzed locally. No data leaves your browser
- ✅ Email Data Extraction: Locally captures sender, subject, body, attachments, and metadata
- ✅ Smart Scan Completion: Detects when email processing is finished
- ✅ Scan Reporting: Generates comprehensive scan summaries
- ✅ Extension Popup Menu: Beautiful popup interface with statistics and whitelist management
- ✅ Statistics Tracking: Real-time tracking of emails scanned, threats identified, and whitelisted emails
- ✅ Whitelist Management: Add/remove emails from whitelist with individual or bulk operations
- ✅ Phishing Detection Logic: DOM-based threat analysis with visual indicators
- ✅ Grammar Analysis: Uses Compromise.js for English grammar/spelling analysis
- ✅ Smart Save Failure Handling: Automatically stops retrying saves after 3 failed attempts to prevent infinite loops