Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I make a lot of extensions, and I still don't know how the screening happens in the various stores. It's not working well, whatever it is. Part of the solution ought to require a submission in source format for easier screening, either by people or AI. (It can be obfuscated in-store if that's really what the developer wants.)


Note: I am the author of this article.

Mozilla and Opera require source code to be uploaded along with the extension, there is some human component involved in the review there. My understanding is that the human review got considerably less over time however. According to an email I received lately, Mozilla is reintroducing pre-publication review for popular extensions however.

I always thought it to be odd that Google doesn’t ask for extension source code, even when an extension is flagged for review. No idea what kind of review they can perform this way.


What’s the point of asking for source if you do t use that to build it for the store yourself? People could just submit modified source right?


Back when I reviewed add-ons for Mozilla Add-ons, I did in fact verify that the source code produced the same build result as the extension submitted. Was tricky occasionally but usually worked well.


May I ask Any resources that have helped? What stack do you use


I'm not aware of any good tools for web extension auditing.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: