Announcement: Availability of Source Code for Extension Packages

Avatar

Avatar
Contributor
Employee
thebenrobb
Employee

Likes

145 likes

Total Posts

318 posts

Correct reply

83 solutions
Top badges earned
Contributor
Seeker
Shape 1
Give Back 3
Give Back
View profile

Avatar
Contributor
Employee
thebenrobb
Employee

Likes

145 likes

Total Posts

318 posts

Correct reply

83 solutions
Top badges earned
Contributor
Seeker
Shape 1
Give Back 3
Give Back
View profile
thebenrobb
Employee

23-06-2021

On the Launch team, we consider openness and transparency to be items of high value. 

One of the requests we’ve heard from many customers is that you don’t really know what you’re getting when you install a new extension from the catalog. This is of less concern for mobile extensions since the source code is available through package managers and part of the compiled apps. But in a browser, it’s much more dynamic and harder to know what you’re getting.  

JavaScript can dynamically inject more JavaScript and do many other things. Many of our users in industries with heightened security and privacy concerns have strict requirements around the code that is allowed on their sites. 

For users in this situation, extensions provided by 3rd parties can be a risk vector that must be accounted for. Some users simply stick with their own custom code rather than expose their companies to that risk. 

Previously, the safest way to validate an extension was to clone your property, install the new extension on the clone, build a library in a development environment, and inspect the unminified source code. We’d like to make this process simpler. 

Introducing Extension Package Source Download 

source.png

Extension developers – for all supported platforms - supply their extension code to Adobe as part of a .zip package that contains all the necessary code to power the extension views (this is HTML, CSS, and JavaScript).  

In the case of web and server extensions, these extension packages also include the runtime JavaScript that will be injected into the browser (or deployed in a container on an edge server) to resolve any data elements and execute any rule components that the extension provides. 

We will soon make this extension source code available to users who are logged into the tags UI. 

Which Extension Packages Will Be Available? 

When extension developers sign the agreement to become partners, they also agree to allow Adobe to distribute their extension source code to users. Previously this was done when a user made a request through customer care and a member of the development team would manually retrieve the extension package and provide it. 

This new capability to simply download it from the UI represents a significant improvement from the user’s perspective, but from the developer’s perspective it also represents a meaningful change in the availability of their source code. 

Out of respect for those developers, we will only be distributing the source code for extension developers who have explicitly opted-in to this new distribution process. Before an extension can be available in the public catalog, the developer must make a request to Adobe. Starting in April of 2021, we updated this request form to include the fact that we will be changing the availability of the extension package source code. 

Only extensions that have been submitted under this new arrangement with developers will have their source code available in the catalog. When this feature releases later this summer, we expect that the source code for a substantial number of the most used extensions will be available for download, and that number will continue to grow over time. 

As a note to extension developers, this is a requirement for public extensions. There will be no change to the availability of source code for development and private extension packages. 

Wrapping Up 

We hope that the availability of extension source code will expand the number of extensions which your companies are able to take advantage of. 

Happy tagging!