Reputation: 133
How to Handle a Dependency Using a WASM Executable Considered as Obfuscated Code in a Chrome Extension Review?
I am developing a Chrome extension that uses WebAssembly (WASM) files as part of the Shiki syntax highlighting library. These files are essential for providing accurate and performant syntax highlighting capabilities within the extension. This library is actually used by a dependency. However, during the review process, Google has flagged the WASM files as obfuscated code, which is causing my extension to be rejected. At this point I don't know what to do as rewriting the would be quite challenging (dependency of dependency).
Overview
This Chrome extension uses WebAssembly (WASM) files as part of the Shiki syntax highlighting library. These files are essential for providing accurate and performant syntax highlighting capabilities within the extension.
What is Shiki?
Shiki is a syntax highlighting library that provides TextMate grammar-powered syntax highlighting. It's used to create VS Code-like syntax highlighting and is known for its accuracy and performance.
Why WASM?
The wasm2.js file present in our extension is a compiled WebAssembly module that:
- Handles complex text parsing operations
- Processes TextMate grammars for syntax highlighting
- Enables high-performance code highlighting without compromising accuracy
What we have tried
We have implemented the following measures to ensure security and transparency:
- Source Maps Enabled: We maintain source maps in our build for complete transparency and debuggability of the WASM code.
- Direct Integration: The WASM file is bundled directly with our extension rather than being loaded from external sources.
- Open Source Components: Shiki is an open-source library maintained by the VS Code team.
- Add Documentation: along with the extension code to explain the presence of this wasm file
The WASM module can be verified by:
- Checking Shiki's source code at: https://github.com/shikijs/shiki
- Inspecting the source maps included with our build
- Monitoring the extension's network activity (no external WASM loading occurs)
Technical Details
- The WASM module is compiled from Shiki's core highlighting engine
- It's used exclusively for syntax highlighting operations
- No sensitive data is processed by the WASM module
- The module has no network access capabilities
- All operations are performed locally within the extension
References
Question
Given the above context, how can I address Google's concerns about the WASM files being considered obfuscated code? Are there any best practices or additional steps I can take to ensure my extension passes the review process? I am not so familiar with WASM, and I don't have any lead to really solve this issue
Any help or guidance would be greatly appreciated!
Upvotes: 0
Views: 10
Answers (0)
Related Questions
- (C/C++ DevTools Support (DWARF)) Loaded debug symbols, but didn't find any source files
- Debugging WebAssembly in Chrome
- How to import a js file in a Chrome extension service worker?
- How do I auto-reload a Chrome extension I'm developing?
- How can I get the URL of the current tab from a Google Chrome extension?
- For Chrome extension publishing purposes, does using a Bootstrap CDN count as remote code?
- Wasm module compile error in Chrome Extension
- How to load a wasm module locally?
- How to develop Chrome extension for Gmail?