Chrome extension that lets you check whether the site you are on is LegitScript Certified, and remembers the result locally so you do not have to look it up again next time.
Unofficial extension. This project is not affiliated with, endorsed by, or sponsored by LegitScript LLC. It simply opens the public lookup page on legitscript.com and caches the status you confirm. "LegitScript" is a trademark of LegitScript LLC.
LegitScript's lookup page (https://www.legitscript.com/websites/?checker_keywords=…)
requires a reCAPTCHA to submit, so a fully background check would either fail
or amount to scraping that violates the site's terms. Instead this extension:
- Shows you the active tab's domain in a popup with the cached status (if any).
- When you click Check on LegitScript, opens the checker in a new tab with the domain pre-filled.
- You solve the reCAPTCHA on that page yourself.
- A small content-script widget on
legitscript.com/websites/*watches the result, tries to detect the status automatically, and gives you a dropdown to confirm or correct it before saving. - The saved record (domain → status, timestamp, source) lives in
chrome.storage.localonly — nothing is uploaded anywhere.
Everything runs locally in your browser. The only network requests the extension itself makes are the ones you trigger by clicking the check button, which open LegitScript's normal public page.
activeTab— read the current tab's URL when you click the icon, so the popup can show the right domain.storage— store cached results locally.- Host permission for
https://www.legitscript.com/*— let the content script run on the LegitScript lookup page so it can parse results.
No other sites are accessed. The extension does not run on tabs you visit unless you click its icon.
- Open
chrome://extensions/. - Toggle Developer mode on (top right).
- Click Load unpacked and select this folder
(
legitscript-checker/). - Pin the extension from the puzzle-piece menu so the icon is visible.
- Visit any site (e.g. a pharmacy you want to vet).
- Click the LegitScript Check icon.
- Click Check on LegitScript — a new tab opens at the LegitScript lookup.
- Solve the reCAPTCHA / submit. When the result page loads, the widget in the bottom-right asks you to save the status. The auto-detected option will be pre-selected; correct it if it is wrong, then click Save result.
- Next time you open the popup on that domain, the cached status is shown with a "checked X ago" note. Forget cached result clears it.
| Status | Meaning |
|---|---|
| Certified | LegitScript Certified — meets their standards. |
| Probationary | Provisional certification. |
| Not Certified | Failed certification or unverified. |
| Rogue / Unapproved | Flagged as problematic. |
| Not in database | LegitScript has no record for this domain. |
| Unknown | Could not determine — saved as a skip. |
- LegitScript can change the result-page HTML at any time; if the auto-detect fails, use the dropdown to pick the status manually.
- The cache never expires automatically. Use Forget cached result to re-check a domain.
- Subdomains are normalized by stripping a leading
www.; other subdomains are treated as separate domains.
manifest.json— MV3 manifest, declares permissions and entry points.popup.html/popup.css/popup.js— UI shown when you click the icon.background.js— service worker, owns the cache and message handling.content.js/content.css— runs on legitscript.com/websites/*, parses the result and offers the save widget.icons/— extension icons.
store/— 1280×800 screenshots, 1400×560 marquee, and the short + detailed descriptions.SUBMISSION.md— paste-sheet for every store form field.PRIVACY.md/privacy.html— the privacy policy. The HTML version is served from GitHub Pages athttps://coygg.github.io/legitscript-checker/privacy.html.
The extension is plain HTML/JS/CSS, no bundler. Two Python scripts wrap the
release flow (stdlib only — no pip install needed):
python tools/build_zip.py # → dist/certification-checker-v<ver>.zip
python tools/publish.py auth # one-time, prints refresh token
python tools/publish.py upload --publish # upload + publish in one go
Credentials live in .env (see .env.example) and are
never committed. CI uses the same script via
.github/workflows/publish.yml: push a
tag like v0.2.0 and it builds, uploads, and publishes using repository
secrets.
tools/make_icons.py— re-generatesicons/*.png.tools/make_store_assets.py— re-generates the screenshots, marquee, and description.
Both require Pillow (pip install pillow). They're only needed if you
tweak the look — the assets they produce are checked in.