https://github.com/ezhuk/astro-hash

Astro Integration to automatically generate Subresource Integrity (SRI) and Content Security Policy (CSP) hashes.
https://github.com/ezhuk/astro-hash

astro astro-integration security

Last synced: 5 days ago
JSON representation

Astro Integration to automatically generate Subresource Integrity (SRI) and Content Security Policy (CSP) hashes.

• Host: GitHub
• URL: https://github.com/ezhuk/astro-hash
• Owner: ezhuk
• License: mit
• Created: 2025-05-09T04:03:00.000Z (about 1 year ago)
• Default Branch: main
• Last Pushed: 2026-06-06T21:04:03.000Z (10 days ago)
• Last Synced: 2026-06-06T23:07:31.338Z (10 days ago)
• Topics: astro, astro-integration, security
• Language: TypeScript
• Homepage:
• Size: 975 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
## Astro Hash 🚀 #️⃣

[![test](https://github.com/ezhuk/astro-hash/actions/workflows/test.yml/badge.svg)](https://github.com/ezhuk/astro-hash/actions/workflows/test.yml)

[![codecov](https://codecov.io/github/ezhuk/astro-hash/graph/badge.svg?token=IOWJ17XM82)](https://codecov.io/github/ezhuk/astro-hash)

[![prod](https://github.com/ezhuk/astro-hash/actions/workflows/prod.yml/badge.svg)](https://github.com/ezhuk/astro-hash/actions/workflows/prod.yml)

An [Astro Integration](https://docs.astro.build/en/guides/integrations-guide/) that automatically generates and injects [Subresource Integrity (SRI)](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) and [Content Security Policy (CSP)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP) hashes for CSS and JavaScript assets at build time, helping mitigate supply-chain and cross-site scripting risks.

##  Getting Started

Make sure to configure your `.npmrc` to enable installing scoped packages. See [Installing a package from GitHub Packages](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-npm-registry#installing-a-package) for instructions and more details.

```bash

npm install --save-dev @ezhuk/astro-hash

```

In your `astro.config.*` file, import and register the integration:

```javascript

import { defineConfig } from 'astro/config';

import { security } from '@ezhuk/astro-hash';

export default defineConfig({

  // ...

  integrations: [

    security()

  ]

});

```

Build your site, and Astro Hash will automatically annotate ``, ``, and `<script>` tags in the generated HTML files in the output directory with `SRI` and `CSP` hashes.

```bash

npm run build

```

When the build finishes, take note of the injected attributes and add the generated hashes to your `Content-Security-Policy` HTTP headers so browsers can enforce them.

## Documentation

See the [full documentation](https://docs.ezhuk.dev/astro-hash) for more details.

## License

The integration is licensed under the [MIT License](https://github.com/ezhuk/astro-hash?tab=MIT-1-ov-file).