Auto verification of 3rd party libraries during submission of new version of addon

I’m not familiar with the internal working of the submission process, so I’m not sure what I’m asking is out of line.

Is it possible to add an auto verification step during the submission process to check the integrity of the popular 3rd party libraries (e.g. jquery) bundled with an addon?

I had twice had my addon disabled after a reviewer manually caught a simple problem after it was published, i.e. the bundled jquery’s file size different than the public version from CDN. It was due to Git converting LF to CRLF when I checked out the jquery files on a Windows machine.

It would be nice to fail the submission right the way if the 3rd party files are not matching the canonical versions rather than letting the addon approved automatically and be published.

The auto validation will inform you when it recognizes a library version. I don’t think it will let you know if it doesn’t recognize it, because as the description says, it’s not recognizing it. IIRC this recognition is based on content hashes. There may be some versions of libraries that it explicitly recognizes and warns you that you shouldn’t use them, not sure. So if you’re using a popular library, watch for the linter or the AMO validation saying that it found a recognized library.

Yes. Now that you mentioned it. The auto validation did recognize the JQuery version because it did give warning about using 3rd party libraries, and approved the submission. But later a reviewer disabled the extension because of the extra CR characters causing different file size, which is fair. The usual textual diff tools would show no difference as it silently handles CRLF and LF. I’m not sure whether the auto validation is using diff or some other tools.

It would be nice to have consistent verification methodology between the auto and manual validations. It’s better to fail the validation early during the submission process rather than disabling it after it has been published.