The Development Practices section of the Add-ons Policies lists the requirements for the use of third-party libraries in add-ons.
In order for reviewers to verify that these requirements are met, you must provide links to the library source code as part of the AMO submission process. If you don't provide information about third-party libraries and the reviewer cannot evaluate your extension, it may be rejected.
If your extension uses minified, obfuscated or otherwise machine-generated first-party code, please see our requirements for that.
When must links for third-party libraries be provided?When submitting a version to AMO, links to third-party libraries must be provided. You can add the links to the "Notes for Reviewers" section of your extension's details.
How to determine the third-party library linkYou must provide links to the original copies of the files included in your extension and links to the readable source code for those files. For repositories or version controlled files, please specify the link using release tag that youâve used. Note that non-release versions of third-party libraries are not accepted.
You should download third-party libraries from their official site, not from a CDN or other location. This point is important. Reviewers confirm that your code contains the original library using checksums, so the version in the extension must be identical to the official distribution. Unofficial sources often make small changes to a libraryâs files, such as whitespace changes, so the checksums don't match.
Example: If youâre using the minified version of mousetrap release 1.4.2 (because you havenât had the chance to update to the latest version) the following links are incorrect.
https://craig.is/killing/miceâusing the main website, which only shows the latest version.https://github.com/ccampbell/mousetrap/blob/master/mousetrap.min.jsâusing the master branch, which may change anytime.https://craig.global.ssl.fastly.net/js/mousetrap/mousetrap.min.js?71631âusing the link to a CDN, which could differ from the source.The correct link is
https://github.com/ccampbell/mousetrap/blob/1.4.2/mousetrap.min.js
which links to the exact file, using the tag for the version.
Tip: If the library is on GitHub, you can usually find this version under the âreleasesâ link, then click on the small tag icon next to the version number and navigate to the file in the repository.
Use of package managersExtensions developers can use package managers and package repositories like npm to retrieve third party libraries.
With a default npm configuration, third party library dependencies are declared in the project's package.json file: this qualifies as a third party library link as previously described.
Reviewers must be able to retrieve and review all packages used by your extension. Therefore, the use of private packages or non-public registries is permissible but not recommended. If you use non-public dependencies, you must include the relevant node_modules sub-directories in your source code submission.
You can add the links to the âNotes for Reviewersâ section of your extensionâs details on AMO.
This section can be found under âManage Status & Versionsâ for each version.
If you miss any of the necessary information for used third-party libraries, the reviewer will have to get in touch to request the missing items. This could delay the completion of your extensionâs review or, in the worst-case, result in your extension being taken down because we can't confirm it complies with the add-on policies.
Up NextPublish
What does review rejection mean to users?Publish
Signing and distribution overviewPublish
Package your extensionRetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.3