Apart from the regular Audit that is expected from an approved Auditor, here is an additional list of items that an Auditor can check. We have found that many builders have ignored some or all of these checks and the allowListing process gets unduly delayed while these issues are rectified.
Package.json file
| Json property |
Check |
name |
- Should be the Snap Package name |
- Should match with snap.json.manifest:
source.location.npm.pakageName property
- Should match the package name uploaded to NPM registry, that will be used by the Snaps platform. |
|
version | - Should be the Version that is requested to be allowListed.
- Should match the value in snap.json.manifest:
version property
- Should possibly be the version of the code that was Audited and approved |
|
repository.url | - Should match the repo url of the code that was audited.
- Should match the value in snap.json.manifest:
repository.url property |
Snap.manifest.json file
| Json property |
Check |
proposedName |
- Should be the Snap name desired to be displayed in the Snaps Directory |
- Should not contain the word “Snap” in it |
|
source.location.npm.iconPath | - Should exist (as its not created in the Template project, and some builders miss it)
- The actual file should satisfy the Icon requirements (Requirements) |
|
initialPermissions | - Should ensure that all permissions requested are actually used in the Snap.
Additionally, if the Snap requires cronJob permission, verify with the builder on the UX differences of accessing encrypted vs unencrypted state |
| description | If the description contains words such as “MetaMask”, “Snap” or “Consensys”, that they are cased properly (as listed here). |
Other
| The builder has proper FAQ documents that will be the source for Users to understand about the Snap |
| The builder has proper Knowledge Base docs (could be the same as the FAQ) |
| The Snap’s companion dapp has an easy onboarding experience for Installing the Snap and connecting to the Wallet |
| Eg: The Install Snap/ Connect Wallet button should not be hidden deeper in the hyperlink hierarchy |
| The Companion dapp should not have references or requirements for using MetaMask Flask. It should be updated to the stable version. |
| The same Snap Repo that was Audited in Github should be the repo that is also pushed to NPM. |