Technical Review Guidelines

During technical review, your code is examined to detect the presence of viruses, malware, and any indication of plagiarism. The process also ensures that the package meets Composer packaging and format requirements and Magento coding standards.

Validate: Verify package for required files

The submitted package must be a Magento module, theme, language pack, or metapackage, that meets Composer packaging and format requirements. All Magento modules, themes, and language packs must contain a composer.json and registration.php file.

Required Files

All composer.json
Module etc/module.xml
Theme theme.xml
Language Pack language.xml
Metapackage composer.json

Developers of Magento 2.x extensions can use the validation tool to test the package before it is submitted to Magento Marketplace. To download the tool, see the Marketplace Tools GitHub repository.

See also:

Coding Standards: Check code quality/syntax

The Marketplace coding standard review uses a custom set of coding sniffs. If the submitted code fails to pass the review, a technical report is generated that describes each issue found, and its location in the codebase.

See also: Coding Standards

Package Validation: verify that submitted code is a valid Magento extension

This check verifies that submitted code:

  • Is packaged as a valid Magento module, theme, language package, or meta-package
  • Enforces best practices for Magento code distribution
  • Helps to avoid common pitfalls

Any code submitted for technical review at Magento Developers Portal is examined to ensure that:

  1. Code submitted as a zip archive.
  2. Submitted package does not exceed 30 MB.
  3. Submitted package contains a composer.json file.
  4. The composer.json file specifies:
    • name
    • type
    • version
  5. The composer.json does not declare:
    • extra.magento-root-dir
  6. The package has valid Composer package type:
    • for extensions, valid types are: magento2-module, magento2-language, metapackage
    • for themes, valid types is only magento2-theme
    • for shared libraries, valid types are: magento2-module, magento2-theme, magento2-language
  7. The package does not restict a set of compatible PHP versions declared by supported Magento versions.
  8. The package does not declare any of the following packages as a dependency:
    • magento/magento-composer-installer
    • magento/magento2-base
    • magento/product-community-edition
    • magento/magento2-ee-base
    • magento/product-enterprise-edition
  9. The package does not use * as a version restriction for Magento packages (packages with magento vendor). Version restriction should be specified according to recommendations.
  10. Require inline aliases are not used in the composer.json file.

Additional requirements for package declarations are applied depending on the package type.

Magento modules (packages with type magento2-module) must have a valid registrar.php file. Configured autoloading in compopser.json: autoload.files must include at least a registrar.php file and autoload.psr-4 is expected to declare at least one namespace.

Magento themes (package type magento2-theme) and language packages (type magento2-language) must have a valid registrar.php file, which must be included in the autoload.files section of composer.json. autoload.psr-4 must not be used for these types of packages.

Packages of type metapackage must declare at least one dependency in the require section.

Intellectual Property: Check for plagiarism

All code and marketing content that is submitted to Magento Marketplace is checked for plagiarism to ensure that it has not been copied from existing Marketplace extensions or from the Magento codebase.

If the extension contains source code from the Community Edition of Magento 1.x or 2.x, the extension must be licensed under Open Source License v. 3.0 and properly credit Adobe, Inc.

See also: OSL 3.0: A Better License for Open Source Software

Installation (M2 only): Verify that product installs correctly

Extensions for Magento 2.x are installed with Varnish Cache enabled for each supported version of PHP, and switched from development to production mode. If you have shared packages and dependencies required for your extension, also test installs and usage with those packages.

See also: Magento System Requirements

Page Caching (M2 only): Verify that Varnish works correctly

In addition to the Production Mode test, cacheable pages are accessed to ensure that they are served directory from Varnish Cache. You will be notified if your extension fails the test.

See also: Configure and Use Varnish

Quality Assurance (M2 only): Pass manual QA

This check verifies that the extension installs without error, is configurable (as applicable), and operates as expected. To pass Manual QA, the extension must meet the following requirements:

  • Installs with Composer
  • Compiles without errors using the following command: deploy:mode:set production
  • Works with each version of Magento that is shown as supported in the extension product profile
  • Works with each version of PHP that is supported by the Magento version that is shown as supported in the extension product profile
  • Has all functionality that is described in the extension documentation
  • Does not crash with unhandled errors
  • Does not hang when invalid data is submitted

For Page Builder extensions

  • New and extended content types can be dragged to the stage, edited, duplicated, moved, hidden, saved, and deleted from the stage without errors.
  • New and extended content types are rendered on the storefront without errors.
  • Extensions that use Page Builder should also ensure that all Page Builder content creation functions work correctly. This includes, but is not limited to, all the functions previously described for new and extended content types rendered in the Admin stage and the storefront.