Similar boat. I release an extension with about 1 million installs across Chrome/Firefox/Edge for work.

Firefox (despite being the smallest usage) is utterly insane with regards to process. They demand a reproducible build, but then can't do things like install the right version of yarn (no - npm install -g yarn is not correct, our readme says it in bold like 5 times and provides the exact correct command to install the right version), or follow basic setup steps like "Use this version of node (complete with exact steps to install it and a script to automate that for them)".

God fucking help you if you try to do something completely crazy as a private company like - checks notes - use a private NPM module. Despite providing them with access on a pre-configured account, or offering to give a review account access according to Mozilla "It's too hard to use external accounts during review".

Honestly - having to interact with the browser review team is a BIG reason I no longer recommend Firefox. They're incompetent at best, and I'm fairly convinced they're just milking the google search deal income for as a much as it's worth - I don't think they really want to provide an alternative and secure browser anymore.

> We cannot reproduce your source

This is the biggest issue we had, and we had to add a decent bit of complexity to our builds to support reproducible builds in the exact way they want. But the silly part is that our extension involves building a wasm file from Rust, and after some back and forth it turned out that they don't require it to be reproducible (despite being core of our extension and containing 99% of our logic), which honestly feels like it defeats the point - who cares if JS reproduces if you can hide any arbitrary possibly-malicious code in wasm.

For a while we were seriously considering putting our prebuilt wasm in the source package or on npm, just to make the "reproducible build" on AMO side simpler, despite this making it even further from how it's actually built.

Every time I hear about the review processes for browser extensions I'm shocked that the it involves humans having to read your README and manually plumb together the build process. Sometimes I hear that reviewers are even reusing VMs when doing reviews, or even not using VMs at all. I'd have expected the review form to have a textbox where you paste your git link and a well-documented automated pipeline that stands up a specified VM with a specified amount of RAM and disk, clones the git, descends into it, and executes `docker build -t ./docker/review/Dockerfile`. I'm surprised that the reviewers themselves haven't outright demanded such tooling from their larger organization, just as a matter of job satisfaction - I can't imagine all the abuse they get from angry app owners.

Also had these issues when working on my previous job's extension. The Firefox review process was a real nightmare to work with. Same heavy delays and misunderstandings your mentioned. Eventually the company just stopped updating the Firefox extension as often since usage was low and the review process was such a pain. Unfortunate for me, as the only engineer (maybe employee) at that company that used Firefox.

The problem with these types of things is that the people who are qualified to do good reviews are also the sort of people who can typically get a far more interesting job building stuff, rather than just reviewing code. It's work that does require a certain level of skill, but at the same time is also quite boring.

And that more interesting job will probably pay better as well.

> that's because you didn't follow instructions and are in the wrong directory.

You just need to have a shell script in the root directory that assumes the person running it has 0 clue about your extension.

Also some of this reminds me of Apple. They clear something up, then bring it up again the next time review is needed.

That's not just mozilla. Google's review team all are in India and they cannot write clear English. It's a mess.

I had these issues too a few years ago. Now the review time is shorter than Chrome’s and hasn’t been flagged in a few years. However my extension has about 10k users, if that makes any difference.

this seems like the kind of place where user-based reviews would be more efficient, better, and more open

having the makers of a browser do this is bound to create both efficiency and political problems for extensions. im remembering dissenter now

That's interesting to hear. Do you also offer your extension on the chrome store? How did the review process differ? I ask because I've only published on the chrome store in the past.

[flagged]

The reproducible build requirement seems to be a major blocker for many addons, including one I use for Twitch: https://github.com/FrankerFaceZ/FrankerFaceZ/issues/1495#iss...