Skip to content

A Rollup plugin that adds Subresource Integrity (SRI) attributes to HTML files to ensure the integrity of scripts and stylesheets using hashing algorithms like SHA-256, SHA-384, and SHA-512.

License

Notifications You must be signed in to change notification settings

DarCas/rollup-sub-resource-integrity

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

SubResourceIntegrity

NPM Last Update NPM Version NPM Downloads NPM License

SubResourceIntegrity is a Rollup plugin that adds Subresource Integrity (SRI) attributes to your HTML files. SRI helps ensure the integrity of your external resources (e.g., scripts and stylesheets) by allowing browsers to verify that the fetched files are delivered without unexpected manipulation.

Features

  • Automatically calculates integrity hashes for resources *.htm and *.html.
  • Supports multiple hashing algorithms (sha256, sha384, sha512).
  • Integrates seamlessly into the Rollup build process.

Installation

To use this plugin, install it via npm:

npm i -D @darcas/rollup-sub-resource-integrity

Or, if you're using yarn:

yarn add @darcas/rollup-sub-resource-integrity --dev

Usage

In your vite.config.mts just add:

import SubResourceIntegrity from '@darcas/rollup-sub-resource-integrity';
import { defineConfig } from 'vite';

export default defineConfig({
    //..
    plugins: [
        //..
        SubResourceIntegrity('sha384'),
        //..
    ],
    //..
});

How It Works

  1. During the writeBundle phase, the plugin reads the HTML files in the output directory.
  2. It scans for resource tags (<script> and <link> elements) with src or href attributes.
  3. For each resource:
    • The file content is read and hashed using the specified algorithm.
    • An integrity attribute is added to the corresponding HTML element.
  4. The updated HTML file is saved back to the output directory.

Configuration

The plugin accepts an optional parameter to specify the hashing algorithm. The default is sha384.

Supported Algorithms

  • sha256
  • sha384 (default)
  • sha512

Example

Using a custom algorithm:

SubResourceIntegrity('sha512');

Contributing

If you'd like to contribute to the project, feel free to fork it and create a pull request. Please ensure that your changes are well-tested and properly documented.

License

This project is licensed under the MIT License. See the LICENSE file for details.


Made with ❤️ by Dario Casertano (DarCas).

About

A Rollup plugin that adds Subresource Integrity (SRI) attributes to HTML files to ensure the integrity of scripts and stylesheets using hashing algorithms like SHA-256, SHA-384, and SHA-512.

Resources

License

Stars

Watchers

Forks

Packages

No packages published