{"id":31970667,"url":"https://github.com/winjs-dev/winjs-plugin-security","last_synced_at":"2025-10-14T19:18:10.030Z","repository":{"id":305609705,"uuid":"1020725007","full_name":"winjs-dev/winjs-plugin-security","owner":"winjs-dev","description":"WinJS plugin to provide support for security.","archived":false,"fork":false,"pushed_at":"2025-10-02T10:27:55.000Z","size":521,"stargazers_count":2,"open_issues_count":3,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-10-02T12:29:41.853Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/winjs-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-07-16T09:50:29.000Z","updated_at":"2025-08-10T10:17:01.000Z","dependencies_parsed_at":"2025-10-06T06:19:05.692Z","dependency_job_id":null,"html_url":"https://github.com/winjs-dev/winjs-plugin-security","commit_stats":null,"previous_names":["winjs-dev/winjs-plugin-security"],"tags_count":2,"template":false,"template_full_name":"winjs-dev/winjs-plugin-template","purl":"pkg:github/winjs-dev/winjs-plugin-security","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/winjs-dev%2Fwinjs-plugin-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/winjs-dev%2Fwinjs-plugin-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/winjs-dev%2Fwinjs-plugin-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/winjs-dev%2Fwinjs-plugin-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/winjs-dev","download_url":"https://codeload.github.com/winjs-dev/winjs-plugin-security/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/winjs-dev%2Fwinjs-plugin-security/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279020655,"owners_count":26086895,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-14T02:00:06.444Z","response_time":60,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-10-14T19:18:07.538Z","updated_at":"2025-10-14T19:18:10.024Z","avatar_url":"https://github.com/winjs-dev.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\r\n\u003cdiv align=\"right\"\u003e\r\n  \u003cdetails\u003e\r\n    \u003csummary \u003e🌐 Language\u003c/summary\u003e\r\n    \u003cdiv\u003e\r\n      \u003cdiv align=\"center\"\u003e\r\n        \u003ca href=\"https://openaitx.github.io/view.html?user=winjs-dev\u0026project=winjs-plugin-security\u0026lang=en\"\u003eEnglish\u003c/a\u003e\r\n        | \u003ca href=\"https://openaitx.github.io/view.html?user=winjs-dev\u0026project=winjs-plugin-security\u0026lang=zh-CN\"\u003e简体中文\u003c/a\u003e\r\n        | \u003ca href=\"https://openaitx.github.io/view.html?user=winjs-dev\u0026project=winjs-plugin-security\u0026lang=zh-TW\"\u003e繁體中文\u003c/a\u003e\r\n        | \u003ca href=\"https://openaitx.github.io/view.html?user=winjs-dev\u0026project=winjs-plugin-security\u0026lang=ja\"\u003e日本語\u003c/a\u003e\r\n        | \u003ca href=\"https://openaitx.github.io/view.html?user=winjs-dev\u0026project=winjs-plugin-security\u0026lang=ko\"\u003e한국어\u003c/a\u003e\r\n        | \u003ca href=\"https://openaitx.github.io/view.html?user=winjs-dev\u0026project=winjs-plugin-security\u0026lang=hi\"\u003eहिन्दी\u003c/a\u003e\r\n        | \u003ca href=\"https://openaitx.github.io/view.html?user=winjs-dev\u0026project=winjs-plugin-security\u0026lang=th\"\u003eไทย\u003c/a\u003e\r\n        | \u003ca href=\"https://openaitx.github.io/view.html?user=winjs-dev\u0026project=winjs-plugin-security\u0026lang=fr\"\u003eFrançais\u003c/a\u003e\r\n        | \u003ca href=\"https://openaitx.github.io/view.html?user=winjs-dev\u0026project=winjs-plugin-security\u0026lang=de\"\u003eDeutsch\u003c/a\u003e\r\n        | \u003ca href=\"https://openaitx.github.io/view.html?user=winjs-dev\u0026project=winjs-plugin-security\u0026lang=es\"\u003eEspañol\u003c/a\u003e\r\n        | \u003ca href=\"https://openaitx.github.io/view.html?user=winjs-dev\u0026project=winjs-plugin-security\u0026lang=it\"\u003eItaliano\u003c/a\u003e\r\n        | \u003ca href=\"https://openaitx.github.io/view.html?user=winjs-dev\u0026project=winjs-plugin-security\u0026lang=ru\"\u003eРусский\u003c/a\u003e\r\n        | \u003ca href=\"https://openaitx.github.io/view.html?user=winjs-dev\u0026project=winjs-plugin-security\u0026lang=pt\"\u003ePortuguês\u003c/a\u003e\r\n        | \u003ca href=\"https://openaitx.github.io/view.html?user=winjs-dev\u0026project=winjs-plugin-security\u0026lang=nl\"\u003eNederlands\u003c/a\u003e\r\n        | \u003ca href=\"https://openaitx.github.io/view.html?user=winjs-dev\u0026project=winjs-plugin-security\u0026lang=pl\"\u003ePolski\u003c/a\u003e\r\n        | \u003ca href=\"https://openaitx.github.io/view.html?user=winjs-dev\u0026project=winjs-plugin-security\u0026lang=ar\"\u003eالعربية\u003c/a\u003e\r\n        | \u003ca href=\"https://openaitx.github.io/view.html?user=winjs-dev\u0026project=winjs-plugin-security\u0026lang=fa\"\u003eفارسی\u003c/a\u003e\r\n        | \u003ca href=\"https://openaitx.github.io/view.html?user=winjs-dev\u0026project=winjs-plugin-security\u0026lang=tr\"\u003eTürkçe\u003c/a\u003e\r\n        | \u003ca href=\"https://openaitx.github.io/view.html?user=winjs-dev\u0026project=winjs-plugin-security\u0026lang=vi\"\u003eTiếng Việt\u003c/a\u003e\r\n        | \u003ca href=\"https://openaitx.github.io/view.html?user=winjs-dev\u0026project=winjs-plugin-security\u0026lang=id\"\u003eBahasa Indonesia\u003c/a\u003e\r\n      \u003c/div\u003e\r\n    \u003c/div\u003e\r\n  \u003c/details\u003e\r\n\u003c/div\u003e\n\n# winjs-plugin-security\n\n一个为 WinJS 项目提供安全增强功能的插件，主要用于生成 SRI（Subresource Integrity）属性。\n\n\u003cp\u003e\n  \u003ca href=\"https://npmjs.com/package/@winner-fed/plugin-security\"\u003e\n   \u003cimg src=\"https://img.shields.io/npm/v/@winner-fed/plugin-security?style=flat-square\u0026colorA=564341\u0026colorB=EDED91\" alt=\"npm version\" /\u003e\n  \u003c/a\u003e\n  \u003cimg src=\"https://img.shields.io/badge/License-MIT-blue.svg?style=flat-square\u0026colorA=564341\u0026colorB=EDED91\" alt=\"license\" /\u003e\n  \u003ca href=\"https://npmcharts.com/compare/@winner-fed/plugin-security?minimal=true\"\u003e\u003cimg src=\"https://img.shields.io/npm/dm/@winner-fed/plugin-security.svg?style=flat-square\u0026colorA=564341\u0026colorB=EDED91\" alt=\"downloads\" /\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n## 功能特性\n\n- 自动为 HTML 文件中的 `\u003cscript\u003e` 和 `\u003clink\u003e` 标签生成 SRI 属性\n- 支持 SHA-256、SHA-384、SHA-512 哈希算法（可配置）\n- 自动添加 `crossorigin=\"anonymous\"` 属性以确保 SRI 正常工作\n- 仅在生产环境下生效，开发环境自动跳过\n\n## 安装\n\n```bash\npnpm add @winner-fed/plugin-security\n```\n\n## 使用方法\n\n在你的 `.winrc.ts` 配置文件中添加插件配置：\n\n```typescript\nimport { defineConfig } from '@winner-fed/winjs';\n\nexport default defineConfig({\n  plugins: ['@winner-fed/plugin-security'],\n  security: {\n    sri: true // 启用 SRI 功能\n  },\n});\n```\n\n## 配置选项\n\n### `sri`\n\n- **类型**: `boolean | { algorithm: 'sha256' | 'sha384' | 'sha512' }`\n- **默认值**: 需要手动设置\n- **描述**: 是否启用 SRI（子资源完整性）功能，以及可选的哈希算法配置\n\n当设置为 `true` 或 `{}` 时，插件会：\n\n1. 扫描构建后的 HTML 文件\n2. 为所有带有 `src` 属性的 `\u003cscript\u003e` 标签添加 `integrity` 属性\n3. 为所有带有 `href` 属性的 `\u003clink\u003e` 标签添加 `integrity` 属性\n4. 自动添加 `crossorigin=\"anonymous\"` 属性（如果不存在）\n\n你也可以通过对象方式指定哈希算法：\n\n```typescript\nsecurity: {\n  sri: {\n    algorithm: 'sha512' // 可选 'sha256' | 'sha384' | 'sha512'，默认 'sha512'\n  }\n}\n```\n\n## 示例\n\n### 输入 HTML\n\n```html\n\u003c!DOCTYPE html\u003e\n\u003chtml\u003e\n\u003chead\u003e\n  \u003clink rel=\"stylesheet\" href=\"/assets/app.css\"\u003e\n\u003c/head\u003e\n\u003cbody\u003e\n  \u003cscript src=\"/assets/app.js\"\u003e\u003c/script\u003e\n\u003c/body\u003e\n\u003c/html\u003e\n```\n\n### 输出 HTML（启用 SRI 后）\n\n```html\n\u003c!DOCTYPE html\u003e\n\u003chtml\u003e\n\u003chead\u003e\n  \u003clink rel=\"stylesheet\" href=\"/assets/app.css\" integrity=\"sha512-ABC123...\" crossorigin=\"anonymous\"\u003e\n\u003c/head\u003e\n\u003cbody\u003e\n  \u003cscript src=\"/assets/app.js\" integrity=\"sha512-XYZ789...\" crossorigin=\"anonymous\"\u003e\u003c/script\u003e\n\u003c/body\u003e\n\u003c/html\u003e\n```\n\n## 安全说明\n\nSRI（子资源完整性）是一种安全特性，允许浏览器验证获取的资源（例如从 CDN 获取的资源）没有被恶意修改。当浏览器加载资源时，会计算资源的哈希值并与 `integrity` 属性中指定的哈希值进行比较。如果哈希值不匹配，浏览器将拒绝加载该资源。\n\n对于 `\u003cscript\u003e` 标签来说，结果为拒绝执行其中的代码；对于 CSS links 来说，结果为不加载其中的样式。\n\n关于 SRI 的更多内容，可以查看 [Subresource Integrity - MDN](https://developer.mozilla.org/zh-CN/docs/Web/Security/Subresource_Integrity)。\n\n## 注意事项\n\n1. 此插件仅在生产构建时生效，开发环境会自动跳过\n2. 需要确保资源文件在构建输出目录中可访问\n3. `integrity` 属性必须与 `crossorigin` 属性配合使用才能正常工作\n\n## 许可证\n\nMIT\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwinjs-dev%2Fwinjs-plugin-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwinjs-dev%2Fwinjs-plugin-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwinjs-dev%2Fwinjs-plugin-security/lists"}