[Question] Can I use your soft to analyse extensions not published in Google webstore? 

It seems that tarnish downloads plugins from the webstore directly, but can it be used for an unpublished extension from a filesystem without any hard code tweaking? It can be helpful for developers and allows to include this checker in a CI/CD security pipeline. 