Hubbry Logo
TampermonkeyTampermonkeyMain
Open search
Tampermonkey
Community hub
Tampermonkey
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Tampermonkey
Tampermonkey
Tampermonkey
View on Wikipedia
from Wikipedia
Tampermonkey
Original authorJan Biniok
DeveloperJan Biniok
Initial releaseMay 2010
LicenseProprietary (donationware) [1]
Websitewww.tampermonkey.net
Repository

Tampermonkey is a closed-source donationware[2] userscript manager that is available as a browser extension. This software enables the user to add and use userscripts, which are JavaScript programs that can be used to modify web pages.

History

[edit]

Tampermonkey was first created in May 2010 by Jan Biniok. It first emerged as a Greasemonkey userscript that was wrapped to support Google Chrome. Eventually the code was re-used and published as a standalone extension for Chrome which had more features than Chrome's native script support.[2] In 2011, Tampermonkey was ported to Android, enabling users to use userscripts on Android's internal browser.[3] In January 2013, after the publication of version 2.9, Jan Biniok decided to change Tampermonkey from open source (GPLv3) to closed source (proprietary). By 2019, Tampermonkey had over 10 million users.[4] By 2022 Tampermonkey was one of 33 extensions on the Chrome Web Store to have at least 10 million users.[5]

Chrome manifest V3

[edit]

In January 2019, Biniok wrote in a Google Groups post that the new Chrome manifest V3 would break the extension. The new manifest would ban remotely accessed code which Tampermonkey is dependent on.[4] The userscripts use code that is created by developers not at Google, rather they are created by third-party developers at places like Userscripts.org and Greasyfork. This code is inserted after the extension is installed, however the manifest requires the code to be present at installation.[6]

Controversy

[edit]

On January 6, 2019, Opera banned the Tampermonkey extension from being installed through the Chrome Web Store, claiming it had been identified as malicious.[7] Later, Bleeping Computer was able to determine that a piece of adware called Gom Player would install the Chrome Web Store version of Tampermonkey and likely utilize the extension to facilitate the injection of ads or other malicious behavior. The site stated, "This does not mean that Tampermonkey is malicious, but rather that a malicious program is utilizing a legitimate program for bad behavior," going on to call Opera's blacklisting the extension for this reason a "strange decision".[8]

See also

[edit]

References

[edit]
[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Tampermonkey

View on Grokipedia
from Grokipedia
Tampermonkey is a developed by Jan Biniok that serves as a , enabling users to install, manage, and execute custom code—known as userscripts—to modify and enhance the functionality of web pages across various websites. First released in May 2010, Tampermonkey quickly gained traction as a versatile alternative to earlier tools like , expanding support beyond to include Chromium-based browsers such as and . Its development has involved ongoing updates to adapt to evolving browser standards, including transitions from Manifest V2 to V3 architectures in Chrome and Edge, ensuring continued compatibility while addressing security and performance improvements. By 2025, it remains actively maintained, with features like beta versions for testing new capabilities. Key features of Tampermonkey include easy script installation from sources like Greasy Fork or OpenUserJS, script editing via built-in or external editors, categorization and toggling of scripts for selective execution, and synchronization options using services such as , , or browser-native sync to maintain user configurations across devices. It also supports script blacklisting to mitigate risks from malicious code, local file access for advanced users, and export/import functionalities in formats like ZIP or for backups. These tools empower users to perform tasks like , interface customization, or automation on sites including platforms and pages. Tampermonkey is compatible with all major desktop and mobile browsers, including , Mozilla Firefox, , Apple , and , making it accessible to a broad audience. With over 10 million weekly active users as of 2025, it stands as the most widely adopted , fostering a large of community-contributed scripts that extend its utility for , , and enhancements.

Overview

Definition and Purpose

Tampermonkey is a free that functions as a , enabling users to inject and manage custom userscripts on websites to customize and enhance their browsing experience. Developed by Jan Biniok and first released in May 2010, it supports major browsers including Chrome, , , , and Next, with over 10 million users worldwide. The primary purpose of Tampermonkey is to allow non-technical users to alter webpage behavior, appearance, or functionality without modifying the site's original source code, facilitating tasks such as ad-blocking, user interface enhancements, or automation of repetitive actions. For instance, users can run scripts to add features like media download buttons or dark mode toggles to specific sites. This customization occurs through userscripts—small programs that execute automatically on matching web pages, providing a flexible way to personalize the web without requiring advanced programming knowledge. As a cross-browser solution, Tampermonkey emerged in the context of , the pioneering , by offering broad compatibility for Greasemonkey-style scripts while prioritizing support starting with Chrome, where no equivalent extension existed at the time. The basic workflow involves installing the extension from a browser's official store, adding userscripts from community repositories such as Greasy Fork, and having Tampermonkey automatically execute them on designated URLs to apply the desired modifications.

Core Functionality

Tampermonkey processes user scripts by first evaluating metadata directives in the script's header to determine applicability to the current webpage. Upon loading a page, the extension automatically scans installed scripts for matching patterns specified via the @match or @include directives. The @match directive employs structured patterns compliant with standards, allowing wildcards and schemes like https://*.example.com/* to trigger execution on specific domains or paths, while @include provides simpler glob-style matching such as http://www.example.com/*. These directives ensure scripts activate only on intended URLs, preventing unnecessary or unintended runs. Once matched, scripts execute within a sandboxed environment to isolate them from the webpage's native , mitigating risks of interference or security vulnerabilities. This isolation occurs in contexts like the extension's isolated world or a dedicated world, configurable via the @sandbox directive, which defaults to a raw mode for direct page interaction but can be set to or DOM-only modes for stricter separation. The @grant header further refines this by explicitly permitting access to functions (such as GM_* methods) or unsafeWindow, ensuring controlled permissions without exposing the full page scope. Essential headers like @name for identification, @version for versioning, and @namespace for uniqueness among scripts complete the metadata, enabling organized management during execution. For persistence, Tampermonkey integrates with the browser's storage mechanisms through the UserScript API, allowing scripts to store and retrieve data via functions like GM_setValue(key, value) and GM_getValue(key, defaultValue). These operations leverage the browser's local storage or IndexedDB, scoped to the script's to avoid conflicts with other extensions or pages, thus supporting features like user preferences or cached data across sessions. Script maintenance involves automated update handling, where Tampermonkey periodically checks remote repositories specified in the @updateURL header against the local @version. If a newer version is detected—determined by semantic comparison (e.g., 1.1 precedes 1.10)—the extension prompts or automatically downloads the updated script from the @downloadURL, ensuring scripts remain current without manual intervention. This process requires a valid @version tag and respects user-configured update intervals to balance with .

Features

Script Management Tools

Tampermonkey provides a centralized interface accessible through its options, where users can view a list of all installed scripts along with their metadata, such as names, versions, and enablement status. From this , users can enable or disable individual scripts with a single toggle, edit script configurations or code by clicking on the script name—which opens the built-in editor for modifications—and delete scripts by selecting the removal option and confirming the action. This interface allows for quick administrative control over the script library, ensuring users can manage active customizations without navigating external tools. For backups and transfers, Tampermonkey includes import and export functionality located in the Utilities tab of its settings. Users can export their entire collection of scripts, settings, and storage data to either documents or ZIP archives, which encapsulate all relevant files for easy portability across devices or reinstallations. Conversely, the same tab supports importing from these formats, allowing seamless restoration of scripts and configurations from previously saved files. Organization within the dashboard is facilitated through a tagging system, enabling users to categorize scripts for better management of large collections. Tags can be assigned directly in the script's settings page or via the @tag directive in the script header, such as // @tag [productivity](/page/Productivity), using user-defined tags such as '', 'utilities', or 'enhancements'. Once applied, tags appear in the script list, allowing users to filter, search, or bulk-toggle scripts by category, which streamlines workflows for users handling dozens of scripts. To maintain consistency across multiple devices, Tampermonkey supports script synchronization through various cloud services integrated into its Settings tab under the Script Sync section. Users can enable syncing with , , , or protocols, which automatically propagate script installations, updates, and settings changes in real-time or on-demand via a dedicated sync button. This feature ensures that configurations remain uniform without manual exports, though it requires granting the extension appropriate storage permissions. Security in script sourcing is managed via and whitelisting options to prevent unauthorized or risky installations. The Manual and @require Blacklist, configurable in advanced settings, allows users to block specific URLs or domains from installing scripts or loading external resources, cross-referencing against community-maintained lists like those on for known threats. Complementing this, whitelisting can be applied through file extension filters in the Downloads section or domain-specific approvals via the @connect directive in scripts, ensuring only trusted sources contribute to the user's environment.

Built-in Editor and Debugging

Tampermonkey provides an integrated code editor accessible from its dashboard, allowing users to create and modify userscripts directly within the browser extension. This editor features syntax highlighting for JavaScript and metadata blocks, enhancing readability and reducing errors during development. Additionally, it includes auto-completion support, triggered by Ctrl+Space, which suggests common UserScript APIs and functions to streamline coding workflows. The editor incorporates for real-time syntax checking and linting, displaying hints and warnings as users type to identify potential issues early. This integration helps maintain code quality without requiring external tools. For debugging, Tampermonkey leverages the browser's developer console, where users can enable debug mode in the extension settings to pause execution at debugger; statements inserted in scripts. Console logging is facilitated through the GM_log() , which outputs messages directly to the browser's console for monitoring script behavior and troubleshooting. Error reporting also routes through the console, integrating seamlessly with browser developer tools for stack traces and variable inspection. Script versions are managed using the @version metadata tag, which must be incremented for updates to ensure proper tracking and reloading. While basic is handled internally, Tampermonkey supports external editor integration, such as linking to via the dedicated Tampermonkey Editors extension, allowing developers to edit scripts in a full-featured IDE while syncing changes back to the extension. This setup bridges browser-based editing with advanced development environments, though scripts from local files require specific permissions and do not execute automatically.

History

Origins and Early Development

Tampermonkey was created in 2010 by German developer Jan Biniok as a extension designed to bring -like functionality to , which at the time lacked native support for userscripts in Chromium-based browsers. The extension originated as a wrapper around existing scripts to enable their execution in Chrome, addressing the growing demand for customizable browsing experiences amid Chrome's rapid adoption. Early development focused on core capabilities such as script injection into web pages and basic management tools, allowing users to install, enable, and disable userscripts without advanced configuration. The initial release occurred in May 2010, marking the extension's availability for Chrome users outside of Firefox's ecosystem. Tampermonkey appeared on the around 2010-2011, facilitating easier distribution and installation, which aligned with the store's expansion and Chrome's increasing from around 7% in 2010 to over 30% by 2012. This timing capitalized on limitations in , which was primarily optimized for and struggled with cross-browser compatibility, driving initial adoption among developers and power users seeking portable script solutions. Tampermonkey was initially developed as under the GNU General Public License (GPL) version 3. In January 2013, after version 2.9, Biniok changed it to /closed source, though the repository continued to host the source code up to that version to encourage community contributions and transparency. This period solidified its position as a key tool in the userscript ecosystem, particularly as Chrome's dominance grew and users migrated from , where Greasemonkey's performance issues became more apparent with evolving web standards.

Key Updates and Manifest V3 Transition

Tampermonkey's development has included several milestone releases that expanded its capabilities. In 2015, version 3.0 was released, adding support for mobile browsers on Android, allowing users to manage and run userscripts on mobile devices. Around 2016, version 4.0 enhanced script syncing features, enabling users to synchronize their userscripts across multiple browsers and devices via cloud storage options like or . Beginning in 2021, Tampermonkey faced challenges from Google's transition to V3 for Chrome extensions, which replaced persistent background pages with service workers, necessitating a major rewrite of the extension's core architecture to maintain functionality. This shift impacted managers like Tampermonkey, as service workers introduced limitations on execution time and state persistence. To address compatibility during Google's phased rollout, developers released temporary workarounds and beta versions in 2022, which tested MV3 features while preserving for existing users. Full compliance with Manifest V3 was achieved in version 5.0 in November 2023, ensuring continued support for injection and management without disrupting core functionality. This update required users to enable developer mode in Chrome for script execution and introduced options to modify headers for legacy script compatibility. Performance impacts included faster extension loading times due to service worker efficiency, though restrictions on persistent storage led to adjustments in how scripts handle long-running tasks and . Development continued actively into 2025, with version 5.4.0 released in September 2025, adding features like Blob/File download support and improvements to GM_xmlhttpRequest, while fixing issues related to storage and .

Technical Aspects

UserScript Standards and API

Tampermonkey adheres to the established metadata block format originally defined by , which encapsulates essential script information within a comment block at the beginning of each file. This block follows the structure // ==UserScript== followed by key-value pairs using // @key value directives, and concludes with // ==/UserScript==. Common directives include @name for the script's title, @namespace for unique identification, @version for update tracking, @description for a brief overview, @include or @match for specifying execution URLs via , @require for loading external libraries, and @run-at for controlling injection timing such as document-start or document-end. The core provided by Tampermonkey includes functions for persistent storage, style injection, and , prefixed with GM_. For storage, GM_setValue(key, value) and GM_getValue(key, defaultValue) allow scripts to save and retrieve data across sessions, supporting primitives like strings, numbers, booleans, and objects serialized as . Style injection is handled by GM_addStyle(css), which appends custom CSS rules to the page without altering the original stylesheet. is facilitated by GM_log(message), which outputs messages to the browser console for . Extended APIs enable advanced interactions, such as GM_xmlhttpRequest(details), which performs cross-origin HTTP requests and bypasses browser CORS restrictions by leveraging extension privileges; it accepts an options object with properties like method, url, data, and callbacks for events including onload, onerror, and onprogress. This function supports HTTP and protocols, and allows anonymous requests or credential inclusion. The permission model relies on @grant directives within the metadata block to explicitly whitelist API access, ensuring scripts only receive necessary privileges and enhancing security by defaulting to a sandboxed environment. For instance, @grant GM_setValue enables storage functions, while @grant none disables the sandbox entirely, running the script in the page context for direct DOM access. Access to the page's DOM for manipulation is provided via the unsafeWindow object, which requires @grant unsafeWindow to bridge the sandbox isolation and expose the host window's properties and methods. Multiple @grant lines can be used to request specific functions, and Tampermonkey infers grants if none are specified, though explicit declaration is recommended for compatibility. Tampermonkey supports API versioning through compatibility modes aligned with 's evolution, accommodating both the legacy GM 1.0 behavior—where API access was implicitly granted based on usage—and the stricter GM 2.0 mode introduced in 2.0, which mandates explicit @grant directives for all privileged functions to prevent unintended access. This dual support is configurable via Tampermonkey's settings, such as compat_foreach for iteration methods or compatopts_for_requires for external script handling, allowing older scripts to function without modification while encouraging modern explicit permissions.

Browser Compatibility and Extensions

Tampermonkey primarily supports major desktop browsers through their respective extension stores, including and Microsoft Edge via the , Mozilla via the Firefox Add-ons site, and Apple via the Safari Extensions Gallery, with Safari compatibility introduced in 2020. For browsers like , Tampermonkey offers standalone versions available directly from the Opera Add-ons store, enabling users to install and manage userscripts without relying on cross-browser ports. Similarly, portable builds support deployment in environments where standard extension stores are unavailable. Tampermonkey extensions utilize browser-specific manifest formats, such as CRX files for Chrome and Edge installations via drag-and-drop into the extensions page, and XPI files for , which can be installed by dragging into the add-ons manager. Cross-compatibility is achieved through Tampermonkey's portable builds, which adapt these formats to function across supported Chromium- and Gecko-based browsers without native store dependency. On mobile platforms, Tampermonkey provides compatibility for Android through browsers like Kiwi Browser or that support Chrome extensions, allowing full management similar to desktop versions. On , Tampermonkey provides full support through a dedicated extension available via the (released November 2024), compatible with 15.0 and later. Recent updates have enhanced compatibility with privacy-focused browsers like Brave, a derivative, where users must enable "Allow UserScripts" in extension settings to ensure seamless operation alongside Brave's built-in ad-blocker for synergistic content modification. These adaptations align with broader Manifest V3 transitions to maintain cross-browser stability.

Usage

Installation and Setup

Tampermonkey is installed as a browser extension through the respective official extension stores for supported browsers, including , , , , and . To begin, users search for "Tampermonkey" in the browser's extension store or navigate directly via links provided on the official website. For Chrome, users click "Add to Chrome" on the page, review the permissions, and confirm the installation by selecting "Add extension." Similar processes apply to via the Add-ons store, where users click "Add to Firefox" and confirm; for Edge, "Get" from the Microsoft Edge Add-ons store; for , "Add to Opera" from the Opera addons page; and for , download and install from the for macOS or the for via official links. During installation, the browser prompts users to grant necessary permissions, which are essential for the extension to inject userscripts into web pages. Upon successful installation, Tampermonkey's icon appears in the browser toolbar, and users access the by clicking it to begin configuration. Post-install setup includes selecting a default editor, such as the built-in CodeMirror-based editor or configuring an external editor via file access permissions. Users can enable notifications for script updates and new versions through the settings panel, which requires the "notifications" permission to alert about changes like automatic updates. Sync options allow backing up scripts and settings across devices using services like , , , or browser-native sync, configured in the under the "Sync" tab to ensure seamless transfer without manual exports. The extension requests several permissions during setup to function properly, each serving a specific purpose in managing userscripts. These include "tabs" for accessing tab information to determine script execution; "storage" and "unlimitedStorage" for saving script data and configurations; "webRequest" and "webNavigation" to monitor and modify web requests for script injection; "cookies" for handling site-specific data; "downloads" for managing script-related files; "contextMenus" to add right-click options; "clipboardWrite" for script interactions with the clipboard; "idle" for detecting user inactivity; and "<all_urls>" to operate on any website. For local file access, users must manually enable "Allow access to file URLs" in the browser's extension management page. These permissions are transparently listed during installation, allowing users to review and approve before proceeding. Common setup issues can arise, such as permission denials, which users resolve by navigating to the browser's extensions page (e.g., chrome://extensions/) and ensuring Tampermonkey has the required toggles enabled, including "Allow in Incognito" if needed. Conflicts with other extensions, like user agent spoofers or ad blockers, may prevent script injection; involves temporarily disabling suspects via the extensions manager and re-enabling one by one to identify the culprit. If installation fails or scripts do not load post-setup, quick fixes include uninstalling and reinstalling the extension from the official site or app store (ensuring the latest version) after exporting existing scripts via the dashboard to clear corrupted files, clearing the browser cache, or creating a new browser profile to isolate profile-specific errors. When installing scripts from external sites, select "Always allow this site" if prompted by the browser to grant necessary permissions. Additionally, force refreshing the page (Ctrl + F5) or restarting the browser can resolve loading issues.

Script Creation and Deployment

Users create Tampermonkey scripts by accessing the extension's dashboard and selecting the option to add a new script, which opens an integrated editor for writing code. Every script begins with a metadata block enclosed in special comments, defining essential properties such as the script's name, version, target websites via @match or @include directives, and any required permissions through @grant. Following the metadata, users write standard JavaScript code to manipulate the Document Object Model (DOM), often wrapped in an immediately invoked function expression (IIFE) for encapsulation and to enforce strict mode. For instance, to add a button to a webpage, a script might use the GM_addElement API to insert an interactive element dynamically.

javascript

// ==UserScript== // @name Add Button Example // @namespace [example.com](/page/Example.com) // @version 1.0 // @description Adds a simple button to the page // @author You // @match https://example.com/* // @grant GM_addElement // ==/UserScript== (function() { 'use strict'; GM_addElement('button', { id: 'myButton', textContent: 'Click Me', onclick: function() { alert('Button clicked!'); } }); })();

// ==UserScript== // @name Add Button Example // @namespace [example.com](/page/Example.com) // @version 1.0 // @description Adds a simple button to the page // @author You // @match https://example.com/* // @grant GM_addElement // ==/UserScript== (function() { 'use strict'; GM_addElement('button', { id: 'myButton', textContent: 'Click Me', onclick: function() { alert('Button clicked!'); } }); })();

This example targets https://example.com/* and appends a to the document body that triggers an alert on click. To test a script, users save it in the editor, which automatically enables it, then reload the target webpage to observe changes. involves enabling debug logging in Tampermonkey settings and inspecting the browser console (via Ctrl+Shift+J) for errors or using console.log statements within the script code. If issues arise, such as syntax errors or mismatched @match patterns, the console output helps identify and resolve them before further iteration. For deployment, scripts can be saved locally within Tampermonkey for personal use, or exported as files for sharing. To distribute publicly, users upload scripts to repositories like Greasy Fork or OpenUserJS, where others can install them directly via Tampermonkey. Including an @updateURL in the metadata points to the hosted script file, enabling automatic updates for installers when new versions are published. Best practices emphasize and efficiency: minimize @grant directives to only necessary APIs, such as none for basic DOM manipulation, to reduce permissions and potential risks. Precise patterns should target specific sites rather than broad wildcards like http://* to avoid overhead. Additionally, scripts should include and @version for proper identification and versioning. Representative examples illustrate practical applications. An infinite scrolling script detects when a user reaches the page bottom and fetches additional content, appending it seamlessly without pagination links.

javascript

// ==UserScript== // @name Infinite Scroll // @namespace http://tampermonkey.net/ // @version 1.0 // @description Enable infinite scrolling on paginated sites // @author sharmanhall // @match *://*/* // @grant none // ==/UserScript== (function() { 'use strict'; const observer = new IntersectionObserver((entries) => { entries.forEach(entry => { if (entry.isIntersecting) { const nextLink = [document](/page/Document).querySelector('a[rel="next"], .pagination-next'); if (nextLink) { fetch(nextLink.href) .then(res => res.text()) .then([html](/page/HTML) => { const parser = new DOMParser(); const doc = parser.parseFromString([html](/page/HTML), 'text/[html](/page/HTML)'); const newContent = doc.querySelector('main, .content, .articles'); if (newContent) { [document](/page/Document).body.appendChild(newContent); } }); } } }); }); const footer = [document](/page/Document).querySelector('footer'); if (footer) observer.observe(footer); })();

// ==UserScript== // @name Infinite Scroll // @namespace http://tampermonkey.net/ // @version 1.0 // @description Enable infinite scrolling on paginated sites // @author sharmanhall // @match *://*/* // @grant none // ==/UserScript== (function() { 'use strict'; const observer = new IntersectionObserver((entries) => { entries.forEach(entry => { if (entry.isIntersecting) { const nextLink = [document](/page/Document).querySelector('a[rel="next"], .pagination-next'); if (nextLink) { fetch(nextLink.href) .then(res => res.text()) .then([html](/page/HTML) => { const parser = new DOMParser(); const doc = parser.parseFromString([html](/page/HTML), 'text/[html](/page/HTML)'); const newContent = doc.querySelector('main, .content, .articles'); if (newContent) { [document](/page/Document).body.appendChild(newContent); } }); } } }); }); const footer = [document](/page/Document).querySelector('footer'); if (footer) observer.observe(footer); })();

Similarly, a dark mode toggle script applies CSS filters to invert colors on demand, often via a keyboard shortcut, and persists the state using localStorage.

javascript

// ==UserScript== // @name Dark Mode Toggle (Shortcut Only) // @namespace http://tampermonkey.net/ // @version 1.1 // @description Adds a dark mode toggle to any site via Alt+N // @author Drewby123 // @match *://*/* // @grant none // ==/UserScript== (function () { 'use strict'; const darkModeStyle = [document](/page/Document).createElement('style'); darkModeStyle.id = 'dark-mode-style'; darkModeStyle.textContent = `html {filter: invert(1) hue-rotate(180deg); background: #111 !important;} img, video {filter: invert(1) hue-rotate(180deg) !important;}`; let darkModeEnabled = localStorage.getItem('darkModeEnabled') === 'true'; if (darkModeEnabled) [document](/page/Document).head.appendChild(darkModeStyle); const toggleDarkMode = () => { darkModeEnabled = !darkModeEnabled; darkModeEnabled ? [document](/page/Document).head.appendChild(darkModeStyle) : [document](/page/Document).getElementById('dark-mode-style')?.remove(); localStorage.setItem('darkModeEnabled', darkModeEnabled); }; [document](/page/Document).addEventListener('keydown', (event) => { if (event.altKey && event.key === 'n') toggleDarkMode(); }); })();

// ==UserScript== // @name Dark Mode Toggle (Shortcut Only) // @namespace http://tampermonkey.net/ // @version 1.1 // @description Adds a dark mode toggle to any site via Alt+N // @author Drewby123 // @match *://*/* // @grant none // ==/UserScript== (function () { 'use strict'; const darkModeStyle = [document](/page/Document).createElement('style'); darkModeStyle.id = 'dark-mode-style'; darkModeStyle.textContent = `html {filter: invert(1) hue-rotate(180deg); background: #111 !important;} img, video {filter: invert(1) hue-rotate(180deg) !important;}`; let darkModeEnabled = localStorage.getItem('darkModeEnabled') === 'true'; if (darkModeEnabled) [document](/page/Document).head.appendChild(darkModeStyle); const toggleDarkMode = () => { darkModeEnabled = !darkModeEnabled; darkModeEnabled ? [document](/page/Document).head.appendChild(darkModeStyle) : [document](/page/Document).getElementById('dark-mode-style')?.remove(); localStorage.setItem('darkModeEnabled', darkModeEnabled); }; [document](/page/Document).addEventListener('keydown', (event) => { if (event.altKey && event.key === 'n') toggleDarkMode(); }); })();

Another practical application is automating login to web applications by creating scripts that automatically fill and submit login forms, serving as a non-code modification alternative to altering the web app's source code directly. However, the login page may briefly appear before the script executes.

javascript

// ==UserScript== // @name Auto Login Example // @namespace http://tampermonkey.net/ // @version 1.0 // @description Automatically fill and submit login form // @author Example // @match https://example.com/login* // @grant none // ==/UserScript== (function() { 'use strict'; // WARNING: Hardcoding credentials is insecure; use only for demonstration var username = 'yourusername'; var password = 'yourpassword'; window.addEventListener('load', function() { var userField = document.querySelector('input[name="username"], input[id="username"]'); var passField = document.querySelector('input[name="password"], input[id="password"]'); var submitBtn = document.querySelector('input[type="submit"], button[type="submit"]'); if (userField) userField.value = username; if (passField) passField.value = password; if (submitBtn) { // Trigger change events if needed for validation ['change', 'input'].forEach(eventType => { [userField, passField].forEach(field => { if (field) { var event = new Event(eventType, { bubbles: true }); field.dispatchEvent(event); } }); }); submitBtn.click(); } }); })();

// ==UserScript== // @name Auto Login Example // @namespace http://tampermonkey.net/ // @version 1.0 // @description Automatically fill and submit login form // @author Example // @match https://example.com/login* // @grant none // ==/UserScript== (function() { 'use strict'; // WARNING: Hardcoding credentials is insecure; use only for demonstration var username = 'yourusername'; var password = 'yourpassword'; window.addEventListener('load', function() { var userField = document.querySelector('input[name="username"], input[id="username"]'); var passField = document.querySelector('input[name="password"], input[id="password"]'); var submitBtn = document.querySelector('input[type="submit"], button[type="submit"]'); if (userField) userField.value = username; if (passField) passField.value = password; if (submitBtn) { // Trigger change events if needed for validation ['change', 'input'].forEach(eventType => { [userField, passField].forEach(field => { if (field) { var event = new Event(eventType, { bubbles: true }); field.dispatchEvent(event); } }); }); submitBtn.click(); } }); })();

Community and Ecosystem

Tampermonkey boasts a substantial user base, with over 10 million installations on the as of November 2025. The extension maintains strong adoption on other browsers, including , where it has garnered thousands of ratings, and , where it similarly enjoys widespread use among users seeking web customization. Its growth has been propelled by seamless integration with prominent script repositories such as Greasy Fork, a key hub for userscripts that are fully compatible with Tampermonkey and contribute to its ecosystem by providing easy access to community-developed enhancements. This connectivity allows users to discover and install scripts directly, fostering broader adoption among those looking to tailor their browsing experience. Among the most influential userscripts are those enhancing media playback and site-specific functionality. For instance, the "Audio and Video Enhancement Script" by ankvps has exceeded 1.2 million total installations, enabling features like adjustable playback speeds and video downloads across platforms including and . Similarly, -focused tools like SponsorBlock implementations skip sponsored segments, significantly improving viewing efficiency for millions of users through its extension counterpart, while userscript variants amplify this via Tampermonkey. UI modifications, such as "Unedit and Undelete for Reddit" by DenverCoder1 with over 10,000 installations, restore visibility to edited or deleted content, aiding community discussions. Amazon price trackers, exemplified by "Amazon Historical Prices" powered by Keepa, provide historical pricing charts to inform purchases, though with more modest adoption at hundreds of installs, they underscore practical utility. The Tampermonkey community primarily comprises developers, power users, and enthusiasts who contribute and utilize scripts for and enhancements, often engaging through repositories like Greasy Fork. Users commonly install multiple scripts—ranging from a handful for basic customization to dozens for advanced workflows—with prevalent trends favoring tools that boost , such as ad blockers and content filters, over exhaustive listings.

Alternatives and Comparisons

Tampermonkey's primary alternatives include Greasemonkey, which is tailored for Firefox users and provides extensive customization options through its open-source architecture, though it offers limited cross-platform capabilities compared to Tampermonkey. Greasemonkey excels in seamless integration with Firefox's ecosystem, allowing for advanced script management and support for legacy userscripts that may not function as smoothly in other managers. Another key alternative is Violentmonkey, an open-source userscript manager that emphasizes lightweight performance and speed, while maintaining high API compatibility with both Tampermonkey and Greasemonkey standards. Violentmonkey is particularly suited for users seeking a modern, resource-efficient option without the overhead of Tampermonkey's feature-rich interface. For Safari users, serves as a dedicated alternative, enabling the execution of and CSS modifications within Apple's ecosystem through its open-source Safari extension. In contrast, tools like focus narrowly on CSS styling rather than full userscript functionality, making it a niche option for visual customizations without execution.
AspectTampermonkeyGreasemonkeyViolentmonkey (Safari)
Primary Browser SupportChrome, Edge, , , Chrome, , EdgeAll major browsers
Open SourceNoYes (MIT)Yes (MIT)YesYes
UI Polish & FeaturesHigh (advanced editor, sync options)Moderate (customizable but basic)Moderate (lightweight dashboard)Basic (simple script runner)High (style-focused editor)
Mobile SupportYes ( iOS)NoLimitedYes (iOS )Yes (via browser extensions)
Script FunctionalityFull JS + CSSFull JS + Full JS + CSSJS + CSSCSS only
Tampermonkey's strengths lie in its polished and broad browser compatibility, including mobile support via , which outpaces 's Firefox-centric approach and provides more versatility than niche tools like that are limited to CSS modifications. This cross-platform emphasis makes Tampermonkey ideal for users switching browsers frequently, whereas offers superior depth for Firefox-specific tweaks. Migrating userscripts between managers like Tampermonkey, , and Violentmonkey is straightforward due to their adherence to common standards, allowing scripts to be exported as ZIP files from one manager's dashboard and imported into another with minimal adjustments for API differences. Most scripts require no code changes owing to high compatibility, though users may need to verify metadata headers during transfer. In the market, Tampermonkey holds the dominant position as the most downloaded , with over 10 million users on the alone, largely attributable to Chrome's market dominance and Tampermonkey's availability across multiple browsers. This contrasts with Greasemonkey's strong but narrower foothold in , where it has garnered millions of installations since its .

Controversies

Security and Privacy Issues

Tampermonkey's reliance on third-party userscripts introduces significant risks, as these scripts can contain malicious code designed to inject or exfiltrate sensitive . A 2014 of over 86,000 scripts from major repositories found 126 malicious ones, with 70 capable of stealing user credentials and 25 embedding third-party that could facilitate further attacks. Specifically, the API supported by Tampermonkey, such as GM_xmlhttpRequest, allows scripts to bypass the browser's , enabling cross-domain requests that could lead to , including from web pages. The extension's broad permissions exacerbate these vulnerabilities, granting access to all tabs and URLs to facilitate script injection, which raises concerns for unauthorized tracking, session hijacking, or interception of user inputs across sites. Tampermonkey requires permissions including <all_urls> for content injection, webRequest for modifying network traffic, storage for persisting data, and tabs for accessing tab information, potentially allowing scripts to monitor or alter browsing activity without explicit per-site consent. Historical incidents highlight these dangers; for instance, in early 2025, two userscripts on Greasy Fork, a popular repository compatible with , were compromised via an inactive author's account, inserting malicious code that affected users relying on the platform. Broader studies have identified vulnerabilities in similar script ecosystems, such as DOM-based XSS in 2% of analyzed scripts (1,736 cases), which, when combined with generic @include directives affecting 60% of scripts, could enable global data theft across domains. To mitigate these risks, Tampermonkey incorporates features like script source verification through a community-maintained of known malicious scripts, user prompts during installation to review and approve scripts, and explicit @grant directives that require developer declaration for powerful APIs like GM_xmlhttpRequest. Sandboxing options via the @sandbox metadata key limit script execution contexts—such as isolating to a "" or "DOM" environment—to prevent direct access to the page's global scope, reducing the potential for . Additionally, Subresource (SRI) checks with hash verification for @require and @resource dependencies help ensure external libraries remain untampered. Privacy implications arise from scripts' ability to access local storage, cookies via GM_cookie, or network data without granular user consent, potentially leading to unintended data sharing if permissions are overly broad. Users must manually review @connect domains and @grant usage to avoid exposing personal data, as the extension's design prioritizes flexibility over default restrictions.

Policy Conflicts with Browsers

Tampermonkey has faced significant policy conflicts with browser vendors, particularly , stemming from changes in extension architectures and enforcement of rules aimed at enhancing security and limiting potentially disruptive behaviors. In 2019, developer Jan Biniok highlighted in a Chromium Extensions discussion group that the proposed Manifest V3 (MV3) framework would effectively break Tampermonkey by prohibiting remotely hosted code, a core feature allowing users to load external userscripts. This led to ongoing scrutiny, as MV3's rollout began in 2021 and phased out Manifest V2 support by June 2025, requiring Tampermonkey to adapt through a that demands users enable developer mode in Chrome for full functionality. Google's policies under MV3 have particularly targeted extensions enabling aggressive ad filtering, impacting Tampermonkey since it facilitates userscripts for . Since 2023, MV3's declarativeNetRequest limits the number and dynamism of filtering rules, reducing the effectiveness of ad-blocker scripts run via Tampermonkey and prompting developer updates to maintain partial compatibility. By , Chrome's enforcement of MV3 in stable releases forced many ad-related userscripts to operate in restricted modes or require outside the . These changes, part of a broader crackdown on ad blockers to protect publisher revenue, have positioned Tampermonkey under continued review for facilitating circumvention of site policies. In January 2019, Opera banned from installation via the , citing its use in distributing through compromised . The ban was temporary, and following community backlash and developer assurances of enhanced security measures, Opera reinstated the extension later that year. On , Mozilla's add-on policies, updated to emphasize transparency post-2020, require userscript managers like Tampermonkey to disclose permissions clearly and mandate explicit user consent for script installation and execution. These guidelines, part of broader efforts to protect user privacy, stipulate that the UserScripts API—used by Tampermonkey—must only activate via user-initiated actions, such as button clicks, and include opt-in mechanisms for data handling. Non-compliance risks review delays or removal from the Add-ons store, though Tampermonkey has maintained approval by aligning with these transparency mandates. In response, Jan Biniok has advocated for the legitimacy of managers through public forums and direct engagement with browser teams, arguing that MV3's restrictions undermine user customization without adequate alternatives. While no formal petitions from Biniok are documented, his interventions contributed to discussions influencing MV3's , including allowances for limited dynamic injection in approved cases. These conflicts have broader implications, encouraging users to resort to sideloaded extensions or alternative browsers like to evade restrictive policies.

References

  1. https://www.computerhope.com/jargon/t/tampermonkey.htm
  2. https://www.tampermonkey.net/faq.php?locale=en
  3. https://www.tampermonkey.net/changelog.php
  4. https://chromewebstore.google.com/detail/tampermonkey-beta/gcalenpjmijncebpfijmoaglllgpjagf?hl=en
  5. https://www.tampermonkey.net/
  6. https://addons.mozilla.org/en-US/firefox/addon/tampermonkey/
  7. https://chromewebstore.google.com/detail/tampermonkey/dhdgffkkebhmkfjojejmpbldmpobfkfo
  8. https://greasyfork.org/en
  9. https://www.tampermonkey.net/documentation.php?locale=en
  10. https://www.tampermonkey.net/scripts.php?locale=en
  11. https://developer.chrome.com/docs/extensions/mv2/match_patterns/
  12. https://www.tampermonkey.net/changelog.php?locale=en&more=true&show=mfdh
  13. https://www.tampermonkey.net/documentation.php?locale=en#api:GM_log
  14. https://www.tampermonkey.net/documentation.php?locale=en#meta:version
  15. https://www.pallavivarandani.com/blog/tampermonkey_-enhancing-web-customization-with-userscripts/
  16. https://github.com/Tampermonkey/tampermonkey
  17. https://openuserjs.org/about/Tampermonkey-for-Chromium
  18. https://addons.mozilla.org/en-US/firefox/addon/tampermonkey/versions/
  19. https://alternativeto.net/news/2023/12/tampermonkey-5-0-requires-developer-mode-for-running-userscripts-in-chrome/
  20. https://wiki.greasespot.net/Metadata_Block
  21. https://wiki.greasespot.net/Version_history
  22. https://addons.mozilla.org/en-CA/firefox/addon/tampermonkey/
  23. https://apps.apple.com/us/app/tampermonkey/id6738342400
  24. https://github.com/OpenUserJs/OpenUserJS.org/wiki/Tampermonkey-for-Safari
  25. https://addons.opera.com/en/extensions/details/tampermonkey-beta/
  26. https://alternativeto.net/software/tampermonkey/
  27. https://chrunos.com/tampermonkey-scripts-for-mobile/
  28. https://github.com/Tampermonkey/tampermonkey/issues/2207
  29. https://www.tampermonkey.net/index.php?browser=safari&locale=en
  30. https://www.tampermonkey.net/faq.php?locale=en#Q402
  31. https://www.tampermonkey.net/faq.php?locale=en#Q304
  32. https://www.tampermonkey.net/faq.php?locale=en#Q105
  33. https://www.tampermonkey.net/faq.php?locale=en#Q204
  34. https://www.tampermonkey.net/faq.php?locale=en#Q209
  35. https://www.tampermonkey.net/faq.php?locale=en#Q203
  36. https://www.tampermonkey.net/faq.php?locale=en#Q207
  37. https://www.tampermonkey.net/faq.php?locale=en#Q208
  38. https://github.com/Tampermonkey/tampermonkey/issues/251
  39. https://github.com/Tampermonkey/tampermonkey/issues/1638
  40. https://greasyfork.org/en/scripts/523521-infinite-scroll/code
  41. https://greasyfork.org/en/scripts/522591-dark-mode-toggle-shortcut-only/code
  42. https://stackoverflow.com/questions/34360739/automate-form-submission-on-an-angularjs-website-using-tampermonkey
  43. https://microsoftedge.microsoft.com/addons/detail/tampermonkey/iikmkjmpaadaobahmlepeloendndfphd
  44. https://greasyfork.org/en/scripts/407466-unedit-and-undelete-for-reddit
  45. https://github.com/awesome-scripts/awesome-userscripts
  46. https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/
  47. https://violentmonkey.github.io/
  48. https://github.com/violentmonkey/violentmonkey
  49. https://stackoverflow.com/questions/47317983/how-to-transfer-all-greasemonkey-userscripts-to-tampermonkey-on-firefox-57
  50. https://www.securitee.org/files/monkey_asiaccs2014.pdf
  51. https://www.waze.com/discuss/t/urgent-two-scripts-were-compromised-on-feb-1-please-read-if-you-use-scripts/365499
  52. https://9to5google.com/2019/01/29/chrome-manifest-v3-tampermonkey/
  53. https://www.malwarebytes.com/blog/news/2023/11/chrome-pushes-forward-with-plans-to-limit-ad-blockers-in-the-future
  54. https://extensionworkshop.com/documentation/publish/add-on-policies/
  55. https://www.bleepingcomputer.com/news/google/tampermonkey-may-be-the-next-victim-of-googles-chrome-manifest-v3-changes/
Add your contribution
Related Hubs
User Avatar
No comments yet.