https://github.com/abogical/posthtml-sri
PostHTML subresource integrity plugin | Mirror of https://gitlab.com/Abogical/posthtml-sri
https://github.com/abogical/posthtml-sri
npm-package posthtml posthtml-plugin subresource-integrity
Last synced: 6 months ago
JSON representation
PostHTML subresource integrity plugin | Mirror of https://gitlab.com/Abogical/posthtml-sri
- Host: GitHub
- URL: https://github.com/abogical/posthtml-sri
- Owner: Abogical
- License: mit
- Created: 2021-01-09T14:09:55.000Z (about 5 years ago)
- Default Branch: main
- Last Pushed: 2024-10-27T22:16:01.000Z (over 1 year ago)
- Last Synced: 2024-10-28T02:02:41.758Z (over 1 year ago)
- Topics: npm-package, posthtml, posthtml-plugin, subresource-integrity
- Language: TypeScript
- Homepage: https://www.npmjs.com/package/posthtml-sri
- Size: 1.42 MB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: readme.md
- Changelog: changelog.md
- Contributing: contributing.md
- License: license
Awesome Lists containing this project
README
# posthtml-sri
PostHTML plugin that calculates and adds [subresource integrity (SRI)] attributes if they are not set.
Before:
```html
```
After:
```html
```
## Install
```bash
npm i posthtml-sri
```
## Usage
### Example
```js
const fs = require('fs');
const posthtml = require('posthtml');
const posthtmlSri = require('posthtml-sri');
posthtml()
.use(
posthtmlSri({
/* options */
})
)
.process(html /*, options */)
.then(result => fs.writeFileSync('./after.html', result.html));
```
## Options
### `basePath`
Base path to look for local assets. Asset paths in the HTML are prepended with this option to find and hash the local file.
> Make sure that the local assets the HTML uses are processed first (i.e. transpiled, minified, etc.) before using this plugin to hash them correctly.
Before:
```html
```
Add option:
```js
const fs = require('fs');
const posthtml = require('posthtml');
const posthtmlSri = require('posthtml-sri');
posthtml()
.use(posthtmlSri({ basePath: 'assets' }))
.process(html)
.then(result => fs.writeFileSync('./after.html', result.html));
```
After:
```html
```
### `algorithms`
Array of hash algorithms to use. By default, it follows the [ssri] default, currently `['sha512']`.
Before:
```html
```
Add option:
```js
const fs = require('fs');
const posthtml = require('posthtml');
const posthtmlSri = require('posthtml-sri');
posthtml()
.use(posthtmlSri({ algorithms: ['sha512', 'sha384'] }))
.process(html)
.then(result => fs.writeFileSync('./after.html', result.html));
```
After:
```html
```
## `cache`
A regular object mapping paths/URLs to integrity values. If an `src`
is found in the cache, the cached value will be reused. Only exact
matches are considered. By default, it uses a new empty object.
## `fetch`
A function that takes a URL and returns a `Response`. Defaults to
[Node.js' native fetch function].
[subresource integrity (sri)]: https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
[ssri]: https://www.npmjs.com/package/ssri
[Node.js' native fetch function]: https://nodejs.org/en/blog/announcements/v21-release-announce#stable-fetchwebstreams