Blue Argon rejection fix

Fix Blue Argon Chrome extension rejection errors

Use a local Manifest V3 ZIP scan to find remote hosted code patterns that can trigger Blue Argon Chrome Web Store rejection emails.

Run local ZIP scan

Guide

What to check

What Blue Argon usually means

Blue Argon is commonly associated with remotely hosted code in a Chrome extension review. Treat it as a signal to inspect every submitted HTML, JavaScript, worker, and generated bundle for executable code loaded outside the ZIP.

Where to look first

Check popup pages, options pages, service workers, content scripts, dynamic imports, importScripts calls, script src attributes, WebAssembly fetch paths, and dependency output generated by your bundler.

How to verify the fix

Bundle executable code into the submitted extension package, rebuild the production ZIP, run the scanner again, and prepare reviewer notes explaining that remote executable code has been removed.

Checklist

Action checklist

  • Scan the exact ZIP that was rejected, if available.
  • Fix every High remote hosted code finding first.
  • Search bundled vendor files for remote JavaScript and WebAssembly loaders.
  • Keep remote calls as data/API calls only, not code loaders.
  • Rebuild the production ZIP after changes.
  • Scan the rebuilt ZIP before resubmission.
  • Add concise reviewer notes describing what changed.

Examples

Common cases this page helps with

CDN dependency in popup

A popup loads a library from a CDN. Replace it with a local bundled copy and reference the local file inside the ZIP.

Remote module generated by build output

A development build may leave a remote import in generated files. Scan the production ZIP rather than only searching source files.

Reviewer note draft

We removed runtime loading of executable JavaScript from external origins, bundled the required code into the extension package, and verified the release ZIP with a local static scan.

FAQ

Frequently asked questions

Is Blue Argon always caused by remote hosted code?

It is commonly associated with remote hosted code, but only Chrome Web Store review can determine the exact reason. Use the scanner to find package-level remote executable code signals first.

Can I still call remote APIs after fixing Blue Argon?

Remote API calls can be valid when they return data. Do not fetch and execute remote JavaScript or WebAssembly as extension logic.

Should I appeal or resubmit?

First fix high-risk findings, rebuild the final ZIP, and prepare clear reviewer notes. Then decide whether the store flow requires resubmission or a response to the rejection.

Related guides

Continue review

Fix remote hosted code in Manifest V3 Run the local ZIP scanner Manifest V3 pre-submission checklist Run local ZIP scan