SubResourceIntegrity
is a Rollup plugin that adds Subresource Integrity (SRI) attributes to your HTML files. SRI helps ensure the integrity of your external resources (e.g., scripts and stylesheets) by allowing browsers to verify that the fetched files are delivered without unexpected manipulation.
- Automatically calculates integrity hashes for resources
*.htm
and*.html
. - Supports multiple hashing algorithms (
sha256
,sha384
,sha512
). - Integrates seamlessly into the Rollup build process.
To use this plugin, install it via npm:
npm i -D @darcas/rollup-sub-resource-integrity
Or, if you're using yarn:
yarn add @darcas/rollup-sub-resource-integrity --dev
In your vite.config.mts
just add:
import SubResourceIntegrity from '@darcas/rollup-sub-resource-integrity';
import { defineConfig } from 'vite';
export default defineConfig({
//..
plugins: [
//..
SubResourceIntegrity('sha384'),
//..
],
//..
});
- During the
writeBundle
phase, the plugin reads the HTML files in the output directory. - It scans for resource tags (
<script>
and<link>
elements) withsrc
orhref
attributes. - For each resource:
- The file content is read and hashed using the specified algorithm.
- An
integrity
attribute is added to the corresponding HTML element.
- The updated HTML file is saved back to the output directory.
The plugin accepts an optional parameter to specify the hashing algorithm. The default is sha384
.
sha256
sha384
(default)sha512
Using a custom algorithm:
SubResourceIntegrity('sha512');
If you'd like to contribute to the project, feel free to fork it and create a pull request. Please ensure that your changes are well-tested and properly documented.
This project is licensed under the MIT License. See the LICENSE file for details.
Made with ❤️ by Dario Casertano (DarCas).