npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

makestatic-sri

v1.1.3

Published

Generate subresource integrity attributes

Downloads

11

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

tmpfstmpfs

Keywords

makestatic-pluginsecuritysubresourceintegritysri

Readme

Sub Resource Integrity

Generate SRI attributes

For each HTML page with scripts and styles that point to absolute URLs on other origins download the corresponding file and calculate SHA checksums. Assign the checksums to the integrity attribute for each element and create a crossorigin attribute.

Install

yarn add makestatic-sri

API

SubResourceIntegrity

Generate subresource integrity attributes.

See Also

SubResourceIntegrity

new SubResourceIntegrity(context, options)

Create an SRI plugin.

Configure this plugin for the transform phase, requires that the parse-html plugin has been enabled for the parse phase and that the http-cache plugin has been configured so the context has been assigned an HTTP agent.

Finds stylesheets and scripts pointing to absolute URLs on other origins and fetches the referenced resource generating checksum(s) for each downloaded file and assigns the result to the integrity attribute.

The crossorigin attribute is set to the value of the crossorigin option.

If an element has already declared the crossorigin or integrity attributes they are not overwritten.

Supported SHA algorithms are sha256, sha384 and sha512.

If no algorithms are specified the sha512 algorithm is used.

If the rules option is given it should contain regular expression patterns. The URL for each resource is compared agains the rule patterns and is only included if it matches one of the rule patterns.

This allows you to apply this plugin to selected resources if required.

  • context Object the processing context.
  • options Object plugin options.
Options
  • rules RegExp|Array list of regular expression patterns.
  • algorithms Array list of SHA algorithms.
  • crossorigin String=anonymous value for the crossorigin attribute.
Throws
  • Error on no HTTP agent.
  • Error on unsupported algorithm.
  • Error on invalid rule pattern.

.sources

SubResourceIntegrity.prototype.sources(file, context, options)

Iterate styles and scripts in the HTML document AST and find URLs that point to absolute resources from other origins.

For each matched resource download the file and generate the integrity and crossorigin attributes for the corresponding element.

  • file File the current file.
  • context Object the processing context.
  • options Object plugin options.

.fetch

SubResourceIntegrity.prototype.fetch(context, info)

Downloads the referenced resource and calculates checksums for each of the algorithms assigned to this plugin.

If the server responds with a status code other than 200 a warning is printed.

Returns a promise that resolves to an object with checksums field.

  • context Object the processing context.
  • info Object object containing the href to download.
Throws
  • Error if the HTTP request errors.

License

MIT

Created by mkdoc on March 12, 2017