Kholid060
commented
9 months ago I don't think it will violate the "Remote code" rule that the manifest v3 has, because the CDN URL that you see in the xlsx package in the package.json is the tarball URL of the xlsx package, meaning that it's the same thing like installing a package from the NPM registry (https://docs.npmjs.com/cli/v10/commands/npm-install). And when you build the project, the xlsx package will be bundled into a JS file.
Manifest v3 only prohibited remote hosting of code that fetches the script once the extension is bundled.
Describe the bug I noticed that Manifest V3 prohibits remote hosting of code, including any library hosted on a CDN, but the xlsx dependency of this project is hosted on a CDN, and I wonder if this will have an impact. https://developer.chrome.com/docs/extensions/develop/migrate/improve-security?hl=zh-cn#remove-remote-code