Chrome Web Store rejection checker

Free local Chrome Web Store rejection checker

Scan a Chrome extension ZIP locally before submission and catch common Manifest V3 rejection risks without uploading source code.

Run local ZIP scan

Guide

What to check

What the checker scans

The scanner reads manifest.json, manifest file references, extension pages, JavaScript files, CSP, permissions, icon declarations, and privacy-review signals. It is built for the final production ZIP, not only the source folder.

When to use it

Use it before uploading a new release, after switching to Manifest V3, after changing bundler output, or after receiving a vague Chrome Web Store rejection email that does not point to one exact file.

What it does not promise

This is not an official Chrome Web Store validator. It does not guarantee approval, detect malware, inspect Developer Dashboard fields, or verify runtime behavior that only happens after user interaction.

Checklist

Action checklist

  • Build the same ZIP that you plan to submit to Chrome Web Store.
  • Confirm manifest.json is at the ZIP root, not inside a nested project folder.
  • Run the local scanner and fix High findings before reviewing Medium and Low notes.
  • Rebuild the production ZIP after each fix and scan the rebuilt package again.
  • Review Chrome Web Store listing copy, privacy disclosures, screenshots, and reviewer notes separately.

Examples

Common cases this page helps with

Remote script in an extension page

A popup.html file loads a script from a CDN. The scanner flags the remote script because executable code should be bundled into the extension package.

Nested manifest packaging mistake

The ZIP contains my-extension/manifest.json instead of manifest.json at the root. The scanner reports this as a High packaging risk.

Broad host permissions

A manifest requests <all_urls>. The scanner asks you to verify whether narrower host patterns or optional permissions can support the same single purpose.

FAQ

Frequently asked questions

Is this an official Chrome Web Store validator?

No. It is a local static preflight checker for common package-level rejection risks. Chrome Web Store review can include additional policy, metadata, privacy, and behavior checks.

Should I scan source code or the release ZIP?

Scan the release ZIP. Chrome Web Store reviews the submitted package, so bundler output and packaging mistakes matter.

Does the scanner upload extension files?

No. The ZIP is read in the browser. Do not add analytics that sends file paths, snippets, manifest content, or source code.

Related guides

Continue review

Manifest V3 pre-submission checklist Fix remote hosted code in Manifest V3 Fix Blue Argon rejection Fix eval and dynamic code rejection Run local ZIP scan