| layout | title | permalink | published | topic | tags | contributors | last_updated_by | date | |||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
sidebar |
Third Party Library Usage |
/documentation/publish/third-party-library-usage/ |
true |
Publish |
|
|
ChrisRoss5 |
2019-05-16 02:19:15 -0700 |
{% capture page_hero_banner_content %}
To complete the review process at addons.mozilla.org (AMO), reviewers must be able to verify the code in your extension. You may include third-party libraries in your extension. In that case, when you upload your extension to AMO, you will need to provide links to the library source code.
If your add-on uses minified, obfuscated or otherwise machine-generated first-party code, please see our requirements for that.
If you don't provide information about third-party libraries and the reviewer cannot evaluate your extension, it may be rejected.
{% endcapture %} {% include modules/page-hero.html content=page_hero_banner_content %}
{% capture content_with_toc %}
You must provide a link to the source code for any third-party libraries included in your extension, minified or not.
{% endcapture %} {% include modules/column-w-toc.html id="when-must-links-for-third-party-libraries-be-provided" content=content_with_toc %}
{% capture content %}
You must provide links to the original copies of the files included in your extension and links to the readable source code for those files. For repositories or version controlled files, please specify the link using release tag that you’ve used. Note that non-release versions of third-party libraries are not accepted.
You should download third-party libraries from their official site, not from a CDN or other location. This point is important. Reviewers confirm that your code contains the original library using checksums. Unofficial sources often make small changes to a library’s files, such as whitespace changes, so the checksums don't match.
Example: If you’re using the minified version of mousetrap release 1.4.2 (because you haven’t had the chance to update to the latest version) the following links are incorrect.
https://craig.is/killing/mice—using the main website, which only shows the latest version.https://github.com/ccampbell/mousetrap/blob/master/mousetrap.min.js—using the master branch, which may change anytime.https://craig.global.ssl.fastly.net/js/mousetrap/mousetrap.min.js?71631—using the link to a CDN, which could differ from the source.
The correct link is
https://github.com/ccampbell/mousetrap/blob/1.4.2/mousetrap.min.js
which links to the exact file, using the tag for the version.
Tip: If the library is on GitHub, you can usually find this version under the “releases” link, then click on the small tag icon next to the version number and navigate to the file in the repository.
{% endcapture %} {% include modules/one-column.html id="how-to-determine-the-third-party-library-link" content=content aside="" %}
{% capture content %}
You can add the links to the “Notes to Reviewers” section of your extension’s details on AMO.
If you miss any of the necessary information for used third-party libraries, the reviewer will have to get in touch to request the missing items. This could delay the completion of your extension’s review or, in the worst-case, result in your extension being taken down because we can't confirm it complies with the add-on policies.
{% endcapture %} {% include modules/one-column.html id="communicating-third-party-library-links-to-the-reviewer" content=content aside="" %}
{%- include page-meta-data.html -%}
{%- include up-next.html -%}