vite-plugin-manifest-sri
v0.2.0TypeScript
Subresource Integrity hashes for the Vite.js manifest.
0/weekUpdated 2 years agoMITUnpacked: 14.6 KB
Published by Máximo Mussini
npm install vite-plugin-manifest-sri
vite-plugin-manifest-sri
Subresource Integrity for Vite.js Manifests
[Vite]: https://vitejs.dev/
[Vite Ruby]: https://github.com/ElMassimo/vite_ruby
[SRI]: https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
[manifest]: https://vitejs.dev/guide/backend-integration.html#backend-integration
[rollup-plugin-sri]: https://github.com/JonasKruckenberg/rollup-plugin-sri
[vite-plugin-sri]: https://github.com/small-tech/vite-plugin-sri
[manifest]: https://vitejs.dev/guide/backend-integration.html
[rendering]: https://vite-ruby.netlify.app/overview.html#in-production
Why? 🤔
[Vite] does not provide support for [subresource integrity][sri].
Both [vite-plugin-sri] and [rollup-plugin-sri] are good
options to automatically add an [integrity][sri] hash to script and link tags. However, these rely on transforming an HTML file, which is typically not the case when using a backend integration such as [Vite Ruby].
This plugin extends [manifest.json][manifest] to include an [integrity][sri] field which can be used when [rendering] tags.
Installation 💿
Install the package as a development dependency:
``bash`
npm i -D vite-plugin-manifest-sri # pnpm i -D vite-plugin-manifest-sri
Usage 🚀
Add it to your plugins in vite.config.ts:
`ts
import { defineConfig } from 'vite'
import manifestSRI from 'vite-plugin-manifest-sri'
export default defineConfig({
plugins: [
manifestSRI(),
],
})
`
Note that the build.manifest option
must be enabled in order to generate a manifest.json file ([Vite Ruby] enables it by default).
$3
Experimental support is available, you can try it now by explicitly adding 4.0.0.alpha1 to your Gemfile:
`ruby`
gem 'vite_rails', '~> 4.0.0.alpha1'
Configuration ⚙️
The following options can be provided:
- algorithms
Hashing algorithms to use when calculate the integrity hash for each asset.
__Default:__ ['sha384']
` js`
manifestSRI({ algorithms: ['sha384', 'sha512'] }),
Acknowledgements
The following plugins might be useful for Vite apps based around an index.html file:
- rollup-plugin-sri
- vite-plugin-sri`
License
This library is available as open source under the terms of the MIT License.