{"id":18018928,"url":"https://github.com/macedigital/gulp-sri-hash","last_synced_at":"2025-03-26T20:31:06.519Z","repository":{"id":10900075,"uuid":"67414927","full_name":"macedigital/gulp-sri-hash","owner":"macedigital","description":"Gulp plugin for adding Sub-Resource-Integrity (SRI) hashes in-place to asset links found in HTML files.","archived":false,"fork":false,"pushed_at":"2022-12-30T17:33:23.000Z","size":821,"stargazers_count":17,"open_issues_count":12,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-10-27T07:32:25.795Z","etag":null,"topics":["gulp-plugin","sri","subresource-integrity"],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/macedigital.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-09-05T11:23:58.000Z","updated_at":"2024-01-30T10:11:50.000Z","dependencies_parsed_at":"2023-01-13T16:13:06.632Z","dependency_job_id":null,"html_url":"https://github.com/macedigital/gulp-sri-hash","commit_stats":null,"previous_names":[],"tags_count":14,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/macedigital%2Fgulp-sri-hash","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/macedigital%2Fgulp-sri-hash/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/macedigital%2Fgulp-sri-hash/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/macedigital%2Fgulp-sri-hash/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/macedigital","download_url":"https://codeload.github.com/macedigital/gulp-sri-hash/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":222167176,"owners_count":16942175,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["gulp-plugin","sri","subresource-integrity"],"created_at":"2024-10-30T05:07:04.996Z","updated_at":"2024-10-30T05:07:05.755Z","avatar_url":"https://github.com/macedigital.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# gulp-sri-hash\n\n[![Greenkeeper badge](https://badges.greenkeeper.io/macedigital/gulp-sri-hash.svg)](https://greenkeeper.io/)\n\n[![NPM Version][npm-image]][npm-url]\n[![Dependency Status][deps-image]][deps-url]\n[![Build Status][ci-image]][ci-url]\n[![Build Status][appveyor-image]][appveyor-url]\n[![Code Coverage status][codecov-image]][codecov-url]\n\nAdds [Subresource Integrity (SRI)](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) hashes to HTML files.\n\nIt does so, by parsing the contents of passed in HTML files with [cheerio](https://github.com/cheeriojs/cheerio), looking for `\u003clink rel=stylesheet href=URL\u003e` and `\u003cscript src=URL\u003e` DOM-nodes, computing checksums for found referenced files, and adding `integrity=\u003cHASH\u003e` attributes in-place to respective DOM-nodes.\n\nInspiration for this plugin came from working with static site generators.\n\nFor an alternative approach, have a look at the [gulp-sri](https://github.com/mathisonian/gulp-sri) plugin.\n\n## Installation\n\nInstall package with NPM and add it to your development dependencies:\n\n```text\nnpm install gulp-sri-hash --save-dev\n```\n\n## Usage\n\n```js\nconst sriHash = require('gulp-sri-hash');\n\ngulp.task('sri', () =\u003e {\n  return gulp.src('./**/*.html')\n    // do not modify contents of any referenced css- and js-files after this task...\n    .pipe(sriHash())\n    // ... manipulating html files further, is perfectly fine\n    .pipe(gulp.dest('./dist/'));\n});\n```\n\nThis will look for css and js file references contained in all html-files, calculate SRI-hashes for those files, and add `integrity=\u003cHASH\u003e` attributes for those references.\n\nReferenced css- and js-files must be accessible from the local filesystem. In order to calculate correct hashes, style and script files should not be modified any further by build steps running later.\n\n**Line Endings:**\n\nContent hashing is sensitive to differences in line-endings. On Windows, the default is `CRLF`, whereas (all?) other Operating Systems default to `LF`.\nYou're good, as long the files use the same end-of-line sequence locally as well as on the server that delivers those asset files.\nOn the other hand, a change of line-endings after content hashing will cause a [file checksum mismatch](https://github.com/macedigital/gulp-sri-hash/issues/6).\n\n## API\n\n### algo (optional)\n\n* Type: `String`\n* Default: `sha384`\n* Since: *v1.0.0*\n\nSelect hashing algorithm. Supported algorithms: `sha256`, `sha384`, and `sha512`.\n\n### prefix (optional)\n\n* Type: `String`\n* Default: `''`\n* Since: *v1.1.0*\n\nStrips string from beginning of referenced URI in HTML files. Useful if references do not match directory structure or already contain CDN hostname.\n\n### selector (optional)\n\n* Type: `String`\n* Default: `link[href][rel=stylesheet]:not([integrity]), script[src]:not([integrity])`\n* Since: *v1.1.0*\n\nOnly look for nodes matching this custom (jQuery-style) selector.\n\n### relative (optional)\n\n* Type: `Boolean`\n* Default: `false`\n* Since: *v1.2.0*\n\nControls whether referenced files should be resolved relative to a base folder, or relative to the location of the HTML file.\n\nInspired by \u003chttps://github.com/macedigital/gulp-sri-hash/pull/1\u003e.\n\n### cacheParser (optional)\n\n* Type: `Boolean`\n* Default: `false`\n* Since: *v2.2.0*\n\nControls whether to permit cached cheerio instances, e.g. when using [gulp-cheerio][gulp-cheerio-url] in a previous build step. Be careful when enabling this feature as it can have unintended side-effects.\n\n## Example\n\nFollowing snippet shows all options in action:\n\n```js\n  // ...\n  .pipe(sriHash({\n    algo: 'sha512',         // use strong hashing\n    prefix: '/assets',      // no trailing slash\n    selector: 'link[href]', // limit selector\n    relative: true          // assets reside relative to html file\n  }))\n  // ...\n```\n\n## Changelog\n\n*Since v2.0.0:*\n\nRequire a peer-dependency of gulp 4.x and drop support for nodejs 4.x which reached its [End-of-Life on April 30th 2018](https://medium.com/@nodejs/april-2018-release-updates-from-the-node-js-project-71687e1f7742).\n\n*Since v1.4.0:*\n\nQuerystring-like components in file paths are ignored when resolving local files. As an example, the given string `/folder/style.css?v=somehash` will resolve to local file `/folder/style.css`.\n\n*Since v1.3.0:*\n\nA `crossorigin=anonymous` attribute will be added to all updated DOM nodes, unless the attribute has been already been set to value `use-credentials`. In the latter case the `crossorigin` attribute is left unchanged.\n\n## LICENSE\n\nMIT License\n\n[npm-image]:https://img.shields.io/npm/v/gulp-sri-hash.svg?style=flat\n[npm-url]:https://www.npmjs.com/package/gulp-sri-hash\n[deps-image]:https://img.shields.io/david/macedigital/gulp-sri-hash.svg\n[deps-url]:https://david-dm.org/macedigital/gulp-sri-hash\n[ci-image]: https://img.shields.io/travis/macedigital/gulp-sri-hash/master.svg\n[ci-url]: https://travis-ci.org/macedigital/gulp-sri-hash\n[codecov-image]:https://img.shields.io/codecov/c/github/macedigital/gulp-sri-hash.svg?style=flat\n[codecov-url]:https://codecov.io/github/macedigital/gulp-sri-hash\n[appveyor-image]:https://ci.appveyor.com/api/projects/status/in9jtvifuxc0ct9w?svg=true\n[appveyor-url]:https://ci.appveyor.com/project/macedigital/gulp-sri-hash\n[gulp-cheerio-url]: https://www.npmjs.com/package/gulp-cheerio\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmacedigital%2Fgulp-sri-hash","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmacedigital%2Fgulp-sri-hash","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmacedigital%2Fgulp-sri-hash/lists"}