How to determine the third-party library link
You must provide links to the original copies of the files included in your extension and links to the readable source code for those files. For repositories or version controlled files, please specify the link using release tag that you’ve used. Note that non-release versions of third-party libraries are not accepted.
You should download third-party libraries from their official site, not from a CDN or other location. This point is important. Reviewers confirm that your code contains the original library using checksums, so the version in the extension must be identical to the official distribution. Unofficial sources often make small changes to a library’s files, such as whitespace changes, so the checksums don't match.
Example: If you’re using the minified version of mousetrap release 1.4.2 (because you haven’t had the chance to update to the latest version) the following links are incorrect.
https://craig.is/killing/mice—using the main website, which only shows the latest version.https://github.com/ccampbell/mousetrap/blob/master/mousetrap.min.js—using the master branch, which may change anytime.https://craig.global.ssl.fastly.net/js/mousetrap/mousetrap.min.js?71631—using the link to a CDN, which could differ from the source.
The correct link is
https://github.com/ccampbell/mousetrap/blob/1.4.2/mousetrap.min.js
which links to the exact file, using the tag for the version.
Tip: If the library is on GitHub, you can usually find this version under the “releases” link, then click on the small tag icon next to the version number and navigate to the file in the repository.