A free, local-first alternative to WhatRuns
Simple, free-first Chrome extension — lighter than Wappalyzer with a cleaner UI, but with the same detection blind spots and a backend-call-per-lookup architecture.
By Mapree ·
Founded 2017 · Pricing: Free Chrome extension; optional paid tier for 'technology change alerts' aimed at competitive-intel and marketing teams.
Overview
WhatRuns entered the browser-extension detector market in 2017 as a consumer-friendlier alternative to Wappalyzer. Its popup UI is visibly cleaner, its grouping feels more marketer-accessible, and it added a 'technology change alerts' feature that Wappalyzer didn't offer. It attracted a user base quickly — at one point it was one of the most-installed technology detection extensions in the Chrome Web Store — but the detection surface behind the nicer shell is narrower and, critically, backend-driven. When you click the WhatRuns popup on a page, the extension sends the page URL to WhatRuns servers and receives the technology list back from an API call. That architecture has privacy implications you should think about if you work on internal applications, customer staging environments, or any URL that contains tokens, IDs or other context you would not paste into a third-party search box. The free price tag is real, but it is not free in the sense that Sourcemap Explorer is free: WhatRuns sees what you look at, and the speed of the popup depends on a round-trip to a server you do not control. None of that is hidden from users — it is in the privacy policy — but it is rarely top-of-mind when you install a 'free Chrome extension that tells you what a site uses'.
The second thing to understand about WhatRuns is the underlying detection model. Because the work happens on the backend, the extension never reads the page assets in any sophisticated way. There is no JavaScript runtime introspection, no source-map parsing, no bundle inspection. The server applies a fingerprint set (header patterns, script-src regexes, cookie names, simple URL rules) against what the extension reports back, and returns a categorized list of likely technologies. That works well for the obvious surface — server, CMS, analytics tag — and breaks down for anything bundled. WhatRuns will tell you a site uses 'React'; it will not tell you it is React 18.2.0. It will tell you a site uses 'WordPress'; it will not enumerate the plugins by folder slug. The result is a tool that is pleasant to use and consistently returns the most basic answer, but rarely the most useful one for a developer who is trying to understand the page in front of them.
History
WhatRuns was founded in 2017 by Robin Singh as a lean, consumer-polished competitor to Wappalyzer. Its pitch was 'Wappalyzer for marketers' — less technical depth, a prettier popup, an easier 'alert me when this site adds X' product. It ran on a smaller fingerprint set than Wappalyzer and made up for that partly through curation (the fingerprints it did have were usually high-quality) and partly through the change-alerts layer that neither Wappalyzer nor BuiltWith offered at the same price point. The tool is still maintained and still popular as a lightweight daily-use extension.
Its evolution has been quieter than Wappalyzer's or BuiltWith's. There were no headline-making pivots, no acquisitions, no shifts to closed-source — the product looks broadly similar today to what it shipped in late 2017. The most visible change has been the steady professionalization of the alerts product (more granular notification rules, slightly more detection categories tied to alerts, an export-to-CSV path for marketing teams) without much investment in the depth of per-site detection. That product strategy makes sense for the audience WhatRuns serves — non-technical buyers who care more about a clean dashboard than per-version precision — but it means the gap between WhatRuns and developer-grade tools like Sourcemap Explorer has widened over time rather than narrowed. By 2026 the differentiator that 'WhatRuns has a nicer popup than Wappalyzer' has been mostly closed by Wappalyzer itself, and the underlying detection still cannot read sourcemaps.
Who uses it and for what
Most WhatRuns users open the popup occasionally when they hit a site they're curious about and want a quick read. They are not trying to ship code, they are not auditing a vendor's stack for procurement, they are not investigating a regression — they are scrolling and got curious. For that user the popup is fine: a categorized list of marketing-recognisable technologies (CMS, analytics, ad tech, font loader, video player), rendered in a few hundred milliseconds, with no learning curve. WhatRuns does that one job well.
The secondary audience is marketing and competitive-intelligence users who subscribe to the 'track technology changes' product and get email notifications when a competitor adds, drops or swaps a tool. That workflow is genuinely useful for sales reps watching prospect adoption, agency teams watching client setups, and product marketers watching category dynamics. WhatRuns is the only browser-extension product in the category that ships this as a first-class feature at a low price point. Developers, by contrast, are barely visible in the customer base. The product was not built for them, and a developer who installs WhatRuns hoping to see versions, plugins, internal libraries, or sourcemap-derived signals walks away disappointed within a few site visits.
Pricing in detail
What WhatRuns does well
Clean, fast popup UI
WhatRuns's popup is the visual benchmark for the category. The grouping is intuitive, the hierarchy is scannable, and the visual weight is more marketer-friendly than Wappalyzer's more-developerish layout. New users find what they came for in one glance, which is a real product virtue and a fair share of the reason WhatRuns built its install base. Sourcemap Explorer is denser by design — it has more to show — but if all you want is a categorical overview, WhatRuns wins on first impression.
Curated fingerprint quality
Smaller database than Wappalyzer, but the rules that exist tend to be accurate. Fewer false positives on marketing-oriented technologies (CRM pixels, ad-tech, cookie banners) than you sometimes see on community-curated databases. The trade-off is real: WhatRuns will miss niche tech that Wappalyzer catches, and Wappalyzer will sometimes overcall things that WhatRuns ignores. For a marketer doing weekly competitor scans, the WhatRuns trade-off skews favorable.
Change alerts
The 'track this domain for technology changes' paid product genuinely fills a gap neither Wappalyzer nor BuiltWith's Basic tier serves directly. You add a list of competitor or prospect domains, set the categories you care about (analytics, A/B testing, payments, frontend framework), and get an email when something changes. The detection cadence is daily, the notification format is clean enough to forward to a non-technical stakeholder, and the price point is small-business-friendly. No other tool in the category occupies this exact slot.
Free forever for the extension
Unlimited per-page lookups at no cost. The paywall only kicks in if you want the alerts product. There is no metered popup, no 'upgrade to see more results', no 'sign up to continue' wall. For occasional curiosity that is the right pricing model, and it is the same model Sourcemap Explorer uses for the per-page detection part of its product.
Where WhatRuns falls short
These are the gaps a developer-first, sourcemap-aware workflow cares about.
Backend-driven per lookup
Each invocation of the popup sends the URL of the page you're on to WhatRuns servers, which then perform the detection and return results. For a public news article that is unremarkable. For a customer's authenticated dashboard, an internal admin tool, a partner portal under staging.<customer>.com, or a URL that contains tokens, IDs or session context, it is a privacy and operational consideration that should not be invisible. Sourcemap Explorer does the entire detection in your browser against the assets the page loaded — no URL ever leaves the device for the purpose of detection.
Smaller fingerprint database
Coverage is noticeably narrower than Wappalyzer's. Niche JavaScript libraries, less-common CMSes, newer frameworks (Astro, Qwik, SolidStart, the experimental edges of the React and Vue ecosystems) often aren't in the database — you'll see more 'not detected' on specialty sites. WhatRuns has been intentional about quality over breadth, but the result is a tool that is silent on the most interesting pages a developer might be studying.
No sourcemap reading
Same blind spot as Wappalyzer and BuiltWith: anything bundled inside a webpack/Vite/Rollup output is invisible. No exact versions from `package.json`, no ad-hoc package discovery, no internal `@company/<lib>` design-system surfacing, no React 18 vs React 19 disambiguation, no detection of libraries that only run client-side. The entire 'modern bundled web' lives outside WhatRuns's perception.
No WordPress plugin enumeration
Plugin detection relies on the few rules that exist for popular plugins. Unknown or less-common plugins loaded under `/wp-content/plugins/<slug>/` don't get enumerated, even though the slug is right there in every script tag the page emits. WhatRuns will tell you a site is on WordPress; it won't list Elementor + Yoast + WooCommerce + Astra by slug the way Sourcemap Explorer does.
Closed-source, company-controlled data
You depend on WhatRuns to add new fingerprints on their schedule; you cannot self-extend, audit or override. If WhatRuns has a stale rule that misclassifies something on a site you care about, your only recourse is to email support and wait. Sourcemap Explorer ships with custom-rules import/export so you can override any built-in behaviour on your own.
Where Sourcemap Explorer wins
Not across the board — we don't run bulk API queries and we don't publish market-share dashboards. These are the things we do that WhatRunsdoesn't.
100% local analysis
Sourcemap Explorer does not send the URLs you visit to any backend. Every detection runs in-browser against the page's own assets. WhatRuns makes a backend call for every popup invocation.
Broader detection surface
Vendored Wappalyzer-derived fingerprint database (thousands of techs) plus sourcemap-derived signals finds libraries WhatRuns simply doesn't have a rule for, and extracts versions WhatRuns cannot.
Per-version exact detail
Where WhatRuns shows 'React', Sourcemap Explorer shows 'React 18.2.0' when the map includes `node_modules/react/package.json`.
Works on private / authenticated sites
No backend means you can run Sourcemap Explorer on your staging, your internal admin, your logged-in dashboard without exposing those URLs to a SaaS vendor.
WhatRuns vs Sourcemap Explorer
Side-by-side on the dimensions a developer studying a single page actually cares about.
| Feature | WhatRuns | Sourcemap Explorer |
|---|---|---|
| Free per-page extension | Yes | Yes |
| Runs entirely in-browser (URL never leaves device) | No | Yes |
| Reads JavaScript sourcemaps | No | Yes |
| Exact bundled-library versions (e.g. React 18.2.0) | No | Yes |
| WordPress plugin enumeration by folder slug | Partial | Yes |
| WordPress theme detection | Partial | Yes |
| Detects ad-hoc npm packages by sourcemap path | No | Yes |
| Third-party tracker isolation (so GA/GTM internals don't pollute results) | No | Yes |
| Custom-rule import / export | No | Yes |
| Works on authenticated / internal sites without leaking URLs | No | Yes |
| Per-tab persistence and recall across sessions | Partial | Yes |
| Domain-level technology-change alerts | yes (paid tier) | No |
| Lead-list / technographic export by tech filter | No | No |
| Open-source extension code | No | Yes |
| Cross-browser support (Chrome + Firefox) | Yes | Yes |
Free per-page extension
WhatRuns
Yes
Sourcemap Explorer
Yes
Runs entirely in-browser (URL never leaves device)
WhatRuns
No
Sourcemap Explorer
Yes
Reads JavaScript sourcemaps
WhatRuns
No
Sourcemap Explorer
Yes
Exact bundled-library versions (e.g. React 18.2.0)
WhatRuns
No
Sourcemap Explorer
Yes
WordPress plugin enumeration by folder slug
WhatRuns
Partial
Sourcemap Explorer
Yes
WordPress theme detection
WhatRuns
Partial
Sourcemap Explorer
Yes
Detects ad-hoc npm packages by sourcemap path
WhatRuns
No
Sourcemap Explorer
Yes
Third-party tracker isolation (so GA/GTM internals don't pollute results)
WhatRuns
No
Sourcemap Explorer
Yes
Custom-rule import / export
WhatRuns
No
Sourcemap Explorer
Yes
Works on authenticated / internal sites without leaking URLs
WhatRuns
No
Sourcemap Explorer
Yes
Per-tab persistence and recall across sessions
WhatRuns
Partial
Sourcemap Explorer
Yes
Domain-level technology-change alerts
WhatRuns
yes (paid tier)
Sourcemap Explorer
No
Lead-list / technographic export by tech filter
WhatRuns
No
Sourcemap Explorer
No
Open-source extension code
WhatRuns
No
Sourcemap Explorer
Yes
Cross-browser support (Chrome + Firefox)
WhatRuns
Yes
Sourcemap Explorer
Yes
A concrete workflow example
You're a freelance consultant brought in to audit the marketing site of a mid-size SaaS company. The brief is to map their stack — frontend, analytics, marketing automation, payment — and recommend a few cleanup items before they launch a redesign. You start with WhatRuns because it is what you have installed, and the popup gives you a fast first read: Next.js, Vercel, Google Tag Manager, Segment, Intercom, HubSpot. That is genuinely useful, and it took ten seconds. But the brief asked you to recommend cleanup, and 'Next.js' on its own does not tell you whether the codebase is on the App Router or the Pages Router, whether they are still on Next 13 or already on 14 or 15, or whether the marketing pages and the dashboard share a build. WhatRuns cannot answer any of those questions, because it cannot see inside the bundle.
You switch to Sourcemap Explorer, refresh the page, and the popup now shows you Next.js 14.2.4 (with the App Router signature), React 18.2.0, Tailwind CSS 3.4.1, Framer Motion 11, the exact `@hookform/resolvers` and `zod` versions, plus the Vercel Analytics client library and a custom `@<customer>/ui` design-system package whose existence you would not have suspected from the marketing copy. Five minutes in, you have enough material to write a real audit. The two tools were not in competition for the first answer; they were in different leagues for the second.
Which one should you use?
Migration notes
If your WhatRuns usage is purely the free extension for occasional casual curiosity, Sourcemap Explorer is a strict upgrade: broader database, local-only, sourcemap depth. If you rely on the paid technology-change-alerts product, that's a feature we don't offer — Sourcemap Explorer does not crawl and cannot notify you about changes on domains you don't visit. The most common pattern is to keep WhatRuns installed for the alerts and use Sourcemap Explorer as the per-page deep-dive tool. The two coexist cleanly. If you want to see the depth difference in practice, the [find-the-exact-version-of-an-npm-package-on-a-site](/how-to/find-the-exact-version-of-an-npm-package-on-a-site) and [see-every-javascript-library-a-site-uses](/how-to/see-every-javascript-library-a-site-uses) guides walk through cases where the WhatRuns answer stops and the Sourcemap Explorer answer begins, and the [Next.js detection page](/detect/nextjs) shows what version-level detection adds on top of a categorical 'uses Next.js' verdict.
FAQ
Is WhatRuns a tracker?
Not maliciously, but it is backend-driven: every popup invocation sends the URL you're on to WhatRuns servers. On public pages that's unremarkable; on internal apps it's a data-handling consideration. Sourcemap Explorer does not behave this way — detection runs against the page assets in your own browser, and the only outbound requests are anonymous HEAD checks against registry.npmjs.org to validate that a package name we found in a sourcemap actually exists on the registry.
Does Sourcemap Explorer offer change tracking?
No. We persist per-site detection results locally, so you'll notice when you revisit a site and something changed, but we don't crawl and we don't email diffs. If change monitoring is core to your workflow, that's WhatRuns's paid tier — keep it installed alongside us.
Why is WhatRuns's database smaller than Wappalyzer's?
It's a younger project with a smaller maintainer team. The rules are curated rather than community-contributed, which gives it the cleaner-but-narrower profile. Sourcemap Explorer vendors the larger Wappalyzer-derived enthec/webappanalyzer database (thousands of fingerprints across 111 categories) and adds sourcemap-derived signals on top, which is structurally a different scale of input.
Will WhatRuns ever read sourcemaps?
Nothing in the public roadmap or the company's product communications suggests that. The architecture (popup → server → response) and the audience (marketers, not developers) make the investment unlikely. Sourcemap reading is core to what Sourcemap Explorer does because it was built for the developer use case from day one.
Can I run both extensions side by side?
Yes, with no interference. They register against different namespaces and read the page independently. A common setup is WhatRuns pinned for the marketer-style overview plus Sourcemap Explorer for the per-page deep dive. Pinning both in Chrome takes ten seconds.
Other alternatives to compare
Keep reading
Detection deep dives
Try Sourcemap Explorer on the next site you study.
Install the extension, browse normally. When a site exposes sourcemaps, the toolbar icon turns green — click it and you'll see the full project tree plus the detected stack, with exact versions.