Greasy Fork

Split script loading into “fetch code” and “inject code,” and added loaded/pending tracking. This stopped the loader from injecting the same script twice and let it cache code first before deciding when to run it.

Made injected scripts respect their own @run-at.
Because the attack suite, expects a different startup timing than the loader itself. Injecting everything immediately was too blunt.

Hardened the GM_addStyle polyfill so injected scripts could call GM_addStyle() before document.head existed, which caused crashes.

Delayed panel/menu setup until the DOM body exists because once startup got earlier, the UI code was trying to append to document.body too soon and throwing appendChild null errors.

Reworked URL matching so userscript-style patterns like https://www.torn.com/page.php?sid=attack* are treated as wildcards, not raw regex.
The original loader used new RegExp(entry.match), which broke match strings that were written like normal userscript @match values.

Added a fallback that checks a cached script’s own @match / @include headers.
Now if the manifest entry is wrong or too strict, the loader can still match using the script’s actual metadata.

Added prefetching for enabled scripts and early use of a cached manifest.
This reduces the chance that the loader misses a page because it was still waiting on the worker response.

Restored the older Torn-style gear icon and cleaned the SVG path. The raw copied SVG had malformed path data that caused parse errors before.

- Script loader is now in the user dropdown

Fix dynamic version

Disabled scripts by default