I've created and published a Chrome extension. It had to go through a review process that can take days.

In addition, Chrome extensions can't use JavaScript that is loaded from an external source (the review team enforce this).

This means that the code that enables Honey to hijack cookies and inject its own affiliate links must be in the Chrome extension's code i.e. the same code that the Chrome Web Store team have access to during the review process.