https://github.com/elmassimo/vite-plugin-manifest-sri
Subresource Integrity for Vite.js manifest files
https://github.com/elmassimo/vite-plugin-manifest-sri
Last synced: about 1 year ago
JSON representation
Subresource Integrity for Vite.js manifest files
- Host: GitHub
- URL: https://github.com/elmassimo/vite-plugin-manifest-sri
- Owner: ElMassimo
- License: mit
- Created: 2022-01-18T19:23:03.000Z (over 4 years ago)
- Default Branch: main
- Last Pushed: 2023-11-30T15:51:38.000Z (over 2 years ago)
- Last Synced: 2025-04-15T21:17:13.282Z (about 1 year ago)
- Language: JavaScript
- Size: 103 KB
- Stars: 20
- Watchers: 2
- Forks: 2
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE.txt
Awesome Lists containing this project
README
vite-plugin-manifest-sri
Subresource Integrity for Vite.js Manifests
[Vite]: https://vitejs.dev/
[Vite Ruby]: https://github.com/ElMassimo/vite_ruby
[SRI]: https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
[manifest]: https://vitejs.dev/guide/backend-integration.html#backend-integration
[rollup-plugin-sri]: https://github.com/JonasKruckenberg/rollup-plugin-sri
[vite-plugin-sri]: https://github.com/small-tech/vite-plugin-sri
[manifest]: https://vitejs.dev/guide/backend-integration.html
[rendering]: https://vite-ruby.netlify.app/overview.html#in-production
## Why? 🤔
[Vite] does [not provide support](https://github.com/vitejs/vite/issues/2377) for [subresource integrity][sri].
Both [vite-plugin-sri] and [rollup-plugin-sri] are good
options to automatically add an [`integrity`][sri] hash to script and link tags. However, these rely on transforming an HTML file, which is typically not the case when using a backend integration such as [Vite Ruby].
This plugin extends [`manifest.json`][manifest] to include an [`integrity`][sri] field which can be used when [rendering] tags.
## Installation 💿
Install the package as a development dependency:
```bash
npm i -D vite-plugin-manifest-sri # pnpm i -D vite-plugin-manifest-sri
```
## Usage 🚀
Add it to your plugins in `vite.config.ts`:
```ts
import { defineConfig } from 'vite'
import manifestSRI from 'vite-plugin-manifest-sri'
export default defineConfig({
plugins: [
manifestSRI(),
],
})
```
Note that the [`build.manifest`](https://vitejs.dev/config/#build-manifest) option
must be enabled in order to generate a `manifest.json` file ([Vite Ruby] enables it by default).
### With [Vite Ruby] 💎
Experimental support is [available](https://github.com/ElMassimo/vite_ruby/issues/176#issuecomment-1015920689), you can try it now by explicitly adding `4.0.0.alpha1` to your `Gemfile`:
```ruby
gem 'vite_rails', '~> 4.0.0.alpha1'
```
## Configuration ⚙️
The following options can be provided:
- algorithms
Hashing algorithms to use when calculate the integrity hash for each asset.
__Default:__ `['sha384']`
``` js
manifestSRI({ algorithms: ['sha384', 'sha512'] }),
```
## Acknowledgements
The following plugins might be useful for Vite apps based around an `index.html` file:
- [`rollup-plugin-sri`](https://github.com/JonasKruckenberg/rollup-plugin-sri)
- [`vite-plugin-sri`](https://github.com/small-tech/vite-plugin-sri)
## License
This library is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).