Hi Kieran and James,
this goes back a while but is biting our team at the moment, and I haven't been able to find much other documentation on this issue. I hope you can shed some light on our situation.
Our extension depends on a library which contains some compiled webassembly code used for cryptographic functions. An update to our extension has been rejected under the code readability policy due to obfuscated code. The reviewers have pointed to the compiled wasm code as the source of the issue. We know that several other extensions are using exactly the same library, and we also know that some very popular extensions contain compiled wasm (eg uBlock Origin), so clearly it is acceptable to include wasm in the published extension.
James, your comment suggests that the decision regarding whether or not WASM is considered a violation is quite subjective. What can we do, as consumers of a dependency containing wasm, to make it clear to the reviewers that nothing malicious is taking place?