Skip to content

Extension Life cycle

Abandoned Extension Process

Are you looking for information on the process handling abandoned extensions for CiviCRM? See Abandoned Extensions.

This document describes the process of publishing extensions within the CiviCRM ecosystem and reporting abandoned extensions.


The CiviCRM ecosystem is built on the belief that non-profit organizations can serve themselves best by collaborating in development of their data-management applications. As staff, volunteers, and consultants for non-profit organizations, we can share our new enhancements and extensions — and build a richer whole for the entire ecosystem.

Of course, this collaboration means that we're all engaged in some give-and-take. We alternate between two roles:

  • Consumers: Sometimes we're the receivers. We want to quickly browse the available extensions, pick the ones which look best, and install them. We expect the extensions to work — both now and going forward (with future upgrades).
  • Developers: Sometimes we're the providers. We enjoy building great functionality, and want to invite people to use our products, but need to juggle the publishing tasks (like testing and maintenance releases) with the goals and resources provided by our bosses and clients.

With the extension life-cycle described here, we seek to build an ecosystem that balances the needs of both consumers and developers.


Project Maturity

Should we expect this to work for most users? Should we expect it to work in 6 months?

Work in Progress
A work-in-progress project offers zero support, stability, or maintenance. It may be useful for discussion, finding collaborators, or proving a concept.
A stable project offers some degree of support, stability, or maintenance. It's probably in use at multiple organizations. However, the levels are not guaranteed; some gaps and road bumps should be expected.
Reviewed Extension
A Reviewed Extension has undertaken significant efforts to ensure that it works and continues working in the future. It has a strong quality-signal. It has been reviewed by the members of the community and is available for automatic distribution, meaning that it can be installed directly from the CiviCRM administrative interface.
The project is no longer being maintained. It may work today; but it's liable to break tomorrow (unless someone steps up to manage it).


Who manages a project? Who decides whether the project is experimental? Or maintained? Or unmaintained?

This project is managed by individuals or organizations in the ecosystem. All design, support, and maintenance are at the discretion of the maintainers of the extension.
Core Extensions
The project is included in the main CiviCRM code base (civicrm-core). The extension is managed by the Core Team as well as Mergers for CiviCRM core. The code of the extension is usually included in the main Git repository, under the ext directory. One exception for historical reasons is the iATS extension, which is maintained as a Contributed extension, and bundled with core releases during the packaging stage.
Seeking Maintainer
This project does not have a person or organization responsible for it. If you think the project is useful, feel free to take responsibility for it. See Abandoned Extensions.

This document focuses on Contributed extensions, since Core Extensions follow the processes of core itself and are perceived as mostly a more clean way to manage the Core codebase.

Support Model

How do you submit questions and requests about issues?

Submit questions and requests to an open bug-tracker.
Issues may be reported to open bug-tracker. If the author agrees it is critical or data-loss, they may address it. Otherwise, you need to negotiate a contract.
The author will not engage in any support discussions unless you have pre-paid for support.

Quality Signals

How do we know if an extension is any good?

An author makes a claim about the stability of their work. (This is a low-tech, low-touch process.)
Informal Discussion
One or more experts give gut reactions. (This is a low-tech, high-touch process.)
Formal Review
One or more experts assesses the quality, maintainability, best-practices, etc. using formal criteria. (This is a low-tech, high-touch process.)
Social Metrics
Data-points (such as #installations or average 5-star rating) is collected from many people. (This is a high-tech, low-touch process.)
Technical Metrics
Technical details (such as test-coverage, test-results, style-checks, or cyclomatic complexity) are checked by a bot. (This is a high-tech, low-touch process.)


The extension directory on publishes information about available extensions, including maturity and stewardship. This is significant because it affects authors (who publish the extension) and users (who download the extension) and determines access to communal resources on The particulars are determined by the maturity and stewardship of the project -- with a few basic rules of thumb:

  • The authors must register their extension on by creating an extension node.
  • Stable extensions have simple, open processes -- such as Self-Assessment or Informal Discussion.
  • Reviewed Extensions require some kind of Formal Review.

Based on these rules, we can fill out a full table of the workflow:

Maturity Primary Quality Signal How does an author get their extension designated as X? How does a user download an extension with X designation?
Work in Progress Self-Assessment In, the author creates an "extension" node and flags it as "Work in Progress". Locate the extension on the website. The extension might have official releases, or it might be necessary to use Git (follow the instructions from the Git repository).
Stable Self-Assessment In, the author creates an "extension" node and flags it as "Stable". Locate the extension on the website. The extension should have official releases that administrators can download and then manually copy to the 'ext' directory of their CiviCRM installation.
Reviewed Extension Formal Review On, the author requests a formal peer review (at ) . Once the review is completed, an administrator of the Extension Directory marks the node in as "available for automatic distribution". In app, go to "Add New" and choose the extension.
Deprecated Self-Assessment In, the author marks the "extension" node as deprecated and announces to a high-visibility medium. Locate the extension on the website. View a block which says, "Install Instructions", which includes drush/wp-cli commands.

Formal Review Process

Extensions must pass a Formal Review to become designated as a Reviewed Extension and made available for automated distribution through CiviCRM's in-app Extension management screen.

Who can review?

Any community member can review an extension. The final validation is made by the Extension Directory administrators, which may rely on the community review or their own review. Having community reviews helps accelerate the review time.

Becoming an extensions reviewer

To become an extensions reviewer, please take the following steps:

  1. Set up accounts on these sites (if you need help, reach out through the community resources)
    2. - log in using your account
  2. Visit the CiviCRM Extensions Directory project and click the Request Access link. You'll be notified when the necessary administrative steps have been completed.

Selecting an Extension for Review

  1. Choose one of these unassigned extension review requests.

    Consider the following criteria while choosing:

    • Readiness: The issue should contain a link to an extension node on If no such link is provided, please request one in a comment on the issue, and move on to another issue.
    • Age of request: All else being equal, older review requests should be reviewed first.
    • Affinity/interest: Reviewers may wish to select an extension which relates to functionality in which they have an interest or with which they're especially familiar. On the other hand, there's no requirement to have any special knowledge of the extension's functionality if one is prepared to invest a little extra effort in the review.
    • Neutrality: Reviewers should not have been involved in the development of the extension. Employment or contracting relationships can introduce conflicts of interest. Reviews should be conducted by a neutral third party.
  2. To claim a review, assign the relevant "Extension Review Request" issue to yourself so that others know you're beginning the review. When you are ready to begin the review, update the issue status to In Progress.


You can also browse all extension review requests, including assigned ones.

Conducting a Review

Reviewers should follow these steps to conduct an extension review for automated distribution:

  1. You will be reviewing the extension on at least one supported CMS. (You don't need to test that it works on every CMS.) To that end, ensure you have such a site available, on which you can be free to experiment with untested extensions like the one you're reviewing.


    Use Buildkit to create the CMS environment on-demand.


    By definition, the extension you're reviewing is unreviewed. You probably do not want to install it on a live site.

  2. Download and install the most recent release of the extension.


    If you clone the git repository of the extension, be sure to check out the tag for the most recent release. (Don't assume that the master branch is ready for review.)

  3. Observe that the extensions meets relevant criteria listed below.

    1. All criteria marked as Required must be met.
    2. At least some of the criteria marked as "Suggested" must be met.
  4. Try to make the extension misbehave in any potential edge cases that occur to you. Note any significant failures.

  5. Create a document to show the details of your review. It can be a google doc or .odt file or something similar.

    • Copy/paste the criteria table into your review document.

    • Add an additional column to the table for your comments.

    • Summarize all your tests and findings, positive or negative.

    • Attach or link to your review document in the "Extension Review Request" issue that you assigned to yourself.

    • Here is an example review documentbut don't copy-paste from this example document (use the criteria table below for the most up-to-date criteria).

  6. Use all of the information gained in the review to decide whether to approve the extension.

Criteria for passing a review

The review steps are divided into three categories to allow different people with different skills sets to work on them.

Non technical

Category Criterion Required?
Admin Code is licensed under AGPLv3+, GPLv2+, LGPLv2+, MIT/X11, or BSD-2c Required
Distribution The project has a stable version (1.0+; not alpha or beta) Required
Distribution A demo site is provided Suggested
Support Documentation is published Suggested


Category Criterion Required?
Admin The extension is registered in the Extension Directory and has a unique name/key Required
Admin Code is published on or Required
QA Project is periodically re-validated with newer versions of CiviCRM and compatibility updates are published No
QA The project functions in all CMS's Required
Distribution The project is packaged as a CiviCRM Extension Required
Support Issues are tracked in an open, public issue management system Required


Category Criterion Required?
Coding Code complies with civicrm-core style guidelines Required
Coding Automated tests execute within 3 minutes (or less) Suggested
Coding All dependencies are at similar stage (Ex: A stable project should not depend on an experimental project) Required
Coding All user-visible strings are wrapped in ts() in such a way that translation works properly Required
Coding The project does not override PHP or TPL files from civicrm-core. Required
Coding The project does not modify the SQL schema of a standard civicrm-core table Required
Coding The project respects the privacy and security of CiviCRM. For example, it does not share data without consent, pingback, auto-upgrade by itself, patch code unexpectedly, override a core feature. Exceptions may be allowed if it is the main feature of the extension and it explicitly says so in its project description. Required
QA The project declares, on the in-app extension management screen, the nature of any changes it makes to existing data or functionality. Required
QA An automated test suite is included Suggested
QA All patches are subjected to peer review Suggested
QA All patches are subjected to automated tests Suggested

Acting on review results

If the extension needs work

If a review indicates that the extension needs further improvement before it can be approved, the reviewer should take these steps:

  1. Edit the extension's node on to set the field "Reviewed and ready for automated distribution?" to "Needs work: This Extension Release has been reviewed and needs work from the developer before the review can continue".
  2. Add a comment to the issue to notify the issue reporter that the extension needs work; specifically mention the issues that prevent approval as well as other items which the developer may want to improve at their discretion.

Continue monitoring the issue for updates from the developer, and respond in a timely way to answer questions or to conduct a follow-up review after changes have been made.

If the extension is approved

If a review indicates that the extension should be approved, the reviewer should take these steps:

  1. Edit the extension's node on to set the field "Reviewed and ready for automated distribution?" to "Yes: This Extension Release has been reviewed and is ready for automated distribution."
  2. Add a comment to the issue to notify the issue reporter that the extension has been approved for automated distribution. Also mention any items which the developer may want to improve, even though they did not prevent the extension from being approved.
  3. Close the issue.
  4. Optionally: Mention the extension approval on Twitter or in the extensions channel at
  5. Congratulate yourself on your contribution to CiviCRM. Thank you!


Based on a project's maturity and stewardship, it may be eligible to use resources from

Action Type Benefit/Resource/Privilege
Communication A public channel for discussions on
Communication Blog posts on
Communication Announcements using CiviMail on
Admin The project may be hosted on for Git hosting and issue tracking
Distribution Discovery on the in-app screen (ie. automated distribution)
Distribution Project may be bundled into the standard CiviCRM tarballs (Core Extensions).
Distribution The project is listed in (Contributed Extensions)
Distribution Test and demo sites on may include the extension.
Marketing The project may be included in official marketing literature about CiviCRM
QA The build-bot runs extension tests for PRs (own repo)
QA The build-bot runs extension tests for PRs (civicrm-core repo)

Obsolete Extensions

Sometimes an extension's functionality becomes part of CiviCRM Core, or is otherwise redundant, and the extension should no longer be used.

At that point it can be added to the Extension Compatibility List with one or more of the following flags:

  • "obsolete" - extension will not be installable, and will be labeled "Obsolete" in the in-app Manage Extensions page. Any dependencies to an obsolete extension will be ignored.
  • "disable" - extension will be automatically disabled by the CiviCRM upgrader.
  • "uninstall" - extension will be automatically uninstalled by the CiviCRM upgrader.
  • "force-uninstall" - extension code will be prevented from loading at all (necessary if the extension's presence would cause a fatal error such as a redeclared class).

For example, APIv4 was moved from an extension into core in 5.19. The extension was marked "obsolete": 5.19 and "force-uninstall": true to prevent php fatal errors due to the same classes now being in core. Any extensions declaring org.civicrm.api4 as a dependency in their info.xml would continue to work without it, as the dependency would be ignored as of 5.19.

Abandoned Extensions

A CiviCRM Extension may be abandoned when the project author is no longer releasing updates and/or is not responding to support requests within 14 days or has expressly stated that they are no longer actively maintaining the project.

The CiviCRM community has two options for managing an abandoned extension.

Transfer Ownership to a New Maintainer

When an extension author has stopped being responsive:

  • and there are important bugs in the extension
  • and someone else has offered to take over maintenance.


  1. Open an issue on the issue tracker of the project. See example request
  2. Wait 14 days for a response.
  3. If no response, or if a response clearly indicates the author has no intention to maintain the project going forward,
    1. Create an issue in the Extensions Review Request issues queue indicating that you are interested in stepping up as the new maintainer of the extension.
    2. In the request, please tell us a bit about your plans and motivations to maintain the extension, and link to the issue where you tried to contact the original developer.
  4. The extensions team will handle the migration of the extension:
    1. Migrate the extension's Git repository to CiviCRM's Gitlab, if it was previously hosted elsewhere
    2. Change the node author for the extension from
    3. Add the new author as a co-maintainer on
    4. Change the Git URL for the extension, if it was moved to Gitlab
    5. Add the new maintainer on the project on CiviCRM's Gitlab.

Request Removal of the Extension

  • When an extension is superseded by another extension, or
  • When an extension has critical bugs and is not being updated by the maintainer.


  1. Open an issue on the issue tracker of the project. See example request
  2. Wait 14 days for a response.
  3. If no response (or if the author confirms it is abandoned), create a ticket in the Extensions Review Request issues queue asking for the extension to be either a) de-listed for in-app installation, or b) unpublished from