From Weekend Hack to 3000 Daily Users

I wrote the first version in two evenings to fix my own pain. Five years later it logs 3000+ IIT Kharagpur students into their campus ERP every day. Here's the short version of the journey.

What I got right, mostly by accident

Zero backend. Credentials encrypt on the device with AES-GCM and never leave it. I cannot leak what I don't store. This made security reviewable *and* made the extension free to run forever.

Open source. Users audit the crypto. Contributors ship fixes before I notice the bug. "Trust" becomes a read of the repo, not a vibe.

What I got lucky on

The ERP's login flow happened to be stable for four years. If it had churned every semester, this extension would be dead.

What I rebuilt

The original was a single JS file. v2 is TypeScript, Webpack, tested — because when 3000 people depend on your code, fear of shipping a regression stops being theoretical.

Takeaways for tiny OSS tools

• Solve your own problem first; distribution is whoever's sitting next to you.
• Never store a secret you don't have to.
• Rewrite the 2 AM hack before 2 AM finds you.