Luminous: JavaScript events blocker Icon

en-US es pt-BR

An experimental extension to identify, analyze and block code execution and event collection through JavaScript in your browser.

Warning: This document has been automatically translated. Please send us a pull request if you find any errors.


We have amazing projects like Lightbeam, NoScript, ScriptSafe, uBlock Origin, HTTPS Everywhere and many others. All have the proposal to identify and/ or prevent the execution of questionable codes and requests.

These tools are vital, but we inevitably need to make concessions to access many websites as we have a massive use of JavaScript on the web. When you access for example the Google Translate website, with a combo of 3 extensions (HTTPS Everywhere, uBlock Origin and ScriptSafe) and Luminous, we have the following result after a few moments:


It’s about this number (7,6 thousand) that we are lost and with hands tied, it’s there that we do not know what happens and we still do not have the freedom to decide what can or can’t be executed. This is the main purpose of the project, filling this gap and being able to see and control what happens. As a side effect we end up also having an interesting tool that helps in JavaScript code developing process by giving us visibility about what is happening.

Understanding the UI

Interface Overview

How to install

Try it!

Install the extension and go to our demo page to experience and better understand how it works:

Demo Page


See some screenshots here.

Going deeper


Guides are documents on many specific subjects where we can go deep into the details and easily find the information we are looking for. See all guides.

How to contribute

Spread the word

Write some guide

Collaborate by writing some guide on subjects related to the project.


Tell your friends, family, and co-workers about how the extension was used to improve your web experience and teach them how to use it too!

Write and talk about it

Did you find a website invading your privacy? Did you block events you did’nt want? Did you make it easier for you to develop your code or debug errors? Record a video, prepare a talk, write an article or anything like that telling how it was done, explaining how the extension helped you and showing the possibilities.

Help with translations

Translate the .md files found inside the doc/ directory and the .json files into the _locales/ directory for your language and help us reach more people!

Report issues

Issues on specific websites

Had trouble accessing a site because of the extension? Was it slow? Caused errors? Has the site stopped working? Not all events were identified? Open an issue and tell us what happened.

Issues in some browser

Open an issue if something didn’t work as expected in a browser. We want everything to work fine for all possible browsers!

Get your hands dirty

Improve the UI

We don’t have the most beautiful and friendly interface in the world. Discussions and proposals on a new interface or improvements to the existing one (html/interface-sample.html) will be very welcome! Do not underestimate the power of this kind of collaboration: better_errors#6 - better_errors#22

Improve performance

Example 1: The sooner we can inject code into websites and the less resources we use to process information, the more executions we’ll be able to identify and the better our experience will be by having an extension that does not slow navigation.

Look for example to our demo page (html/demos/detections/index.html):

(function() { setTimeout(function() {
  // JavaScript code...
}, 100); })();

This delay of 100 milliseconds exists because without it the code is executed too fast and we can not intercept it. How can we improve this so we do not need this delay or can we reduce it?

Example 2: We capture only one piece of the intercepted function, because it can be very large and let the reading of the information slow (js/content/interceptor.js):

listener: ('' + listener).slice(0, 400)

How can we improve this? Is this the best way to deal with this problem?

Example 3: The way we found to pass messages from the context of the document to the context of the extension was by parsing the data in JSON reading an HTML element (js/content/readers/data.js):


Are there alternatives? Is parsing information constantly the best option?

Create new features

We start with a basic idea: identify and block events. We can expand this idea, some thoughts that have already arisen:

Improve code quality

This is an experimental project that grew in an uncontrolled way, we do not have a defined standard of nomenclature, a strong organization based on some design pattern or automated tests. Discussions to improve the quality of the code will be very welcome!

Known Issues

Without workarounds

With workarounds

Mozilla Firefox Service Workers

In Mozilla Firefox and derivatives, some websites that use Service Workers (like WhatsApp Web) can block the code interception because of a bug in the interception of headers with the Content-Security-Policy guidelines. The current workaround is to reload the Service Worker:

Understanding the code






/content/injections_controller.js: Responsible for making decisions about the code injections.

/content/interceptor.js: Responsible for intercepting executions of JavaScript codes in the context of the document and collecting details about them.


Responsible for rendering and handle interactions on the pop-up that is opened by clicking the extension icon:


Responsible for rendering and handle interactions on the settings pages:


Third party libraries


This project is licensed under the GPLv3 license.


There is no kind of organization for receiving donations at the moment. See our guide on “how to contribute” to other ways of contributing. If you really want to make a donation, here are some incredible foundations that’s share some ideals of this project that you can help: