Practical guides for studying real-world frontends

Three reliable ways to tell what JavaScript framework any website is using — from DevTools heuristics to browser extensions to sourcemap-level proof.

Every production sourcemap a site serves is a folder of its original source code. Here's how to find them, download them, and put them back into a readable project tree.

A sourcemap's `sources` and `sourcesContent` fields contain everything needed to rebuild the original project tree. Here's the logic, the gotchas, and a ready-made way to skip the work.

WordPress plugin slugs are loaded from predictable `/wp-content/plugins/<slug>/` paths — which makes enumeration trivial if you know where to look. Here's the full method.

The active theme lives under /wp-content/themes/<slug>/. Here's how to find the slug, map it to a theme name, and confirm via style.css.

Next.js leaves fingerprints everywhere: `#__next`, `__NEXT_DATA__`, `_next/static/` URLs, `x-nextjs-*` headers. Here's a 60-second sweep and how to get the exact version.

Regex-based detectors usually give you 'React' — not 'React 18.2.0'. If sourcemaps are available, the exact semver is one step away.

Tailwind's class naming is unmistakable once you know the patterns. Here's how to spot it in seconds — and confirm the version.

WordPress, Drupal, Shopify, Magento, Webflow, Ghost — every CMS leaves fingerprints. Here's a practical checklist.

Most detectors only show libraries they have a rule for. To catch the long tail, you need to read the site's sourcemap.

Every embedded package.json inside a sourcemap is a named, versioned, fully resolved dependency. Here's how to pull them all out.