@darcas/rollup-sub-resource-integrity v1.1.0
SubResourceIntegrity
SubResourceIntegrity is a Rollup plugin that adds Subresource Integrity (SRI) attributes to your HTML files. SRI helps ensure the integrity of your external resources (e.g., scripts and stylesheets) by allowing browsers to verify that the fetched files are delivered without unexpected manipulation.
Features
- Automatically calculates integrity hashes for resources
*.htm. and*.html. - Supports multiple hashing algorithms (
sha256,sha384,sha512). - Integrates seamlessly into the Rollup build process.
Installation
To use this plugin, install it via npm:
npm i -D @darcas/rollup-sub-resource-integrityOr, if you're using yarn:
yarn add @darcas/rollup-sub-resource-integrity --devUsage
In your vite.config.mts just add:
import SubResourceIntegrity from '@darcas/rollup-sub-resource-integrity';
import { defineConfig } from 'vite';
export default defineConfig({
//..
plugins: [
//..
SubResourceIntegrity('sha384'),
//..
],
//..
});How It Works
- During the
writeBundlephase, the plugin reads the HTML files in the output directory. - It scans for resource tags (
<script>and<link>elements) withsrcorhrefattributes. - For each resource:
- The file content is read and hashed using the specified algorithm.
- An
integrityattribute is added to the corresponding HTML element.
- The updated HTML file is saved back to the output directory.
Configuration
The plugin accepts an optional parameter to specify the hashing algorithm. The default is sha384.
Supported Algorithms
sha256sha384(default)sha512
Example
Using a custom algorithm:
SubResourceIntegrity('sha512');Contributing
If you'd like to contribute to the project, feel free to fork it and create a pull request. Please ensure that your changes are well-tested and properly documented.
License
This project is licensed under the MIT License. See the LICENSE file for details.
Made with ❤️ by Dario Casertano (DarCas).