grunt-sri
This tool generates a JSON manifest of file hashes & sub-resource integrity data.
Install
npm install --save-dev grunt-sri
Usage
Add the following to your Gruntfile.js
:
module { "use strict"; grunt; grunt; grunt;};
Run the command grunt
. The manifest file will be created.
Options
- String dest: Target JSON file.
Default"./payload.json"
- Boolean merge: Merge results with existing JSON file.
Defaultfalse
(overwrite) - Array algorithms: List of desired hash algorithms.
Default["sha256", "sha512"]
- String targetProp: Target JS object property name.
Defaultnull
- Boolean pretty: Stringify the JSON output in a pretty format.
Defaultfalse
Manifest
Metadata is stored in JSON format.
- The default manifest dest is
./payload.json
. - File paths are relative to the CWD of Grunt.
This should be the project root. - File identifiers are prefixed with the "@" symbol.
If no ID is specified, the path will be used.
Example:
Implementation
Data from the manifest can be loaded into markup.
Use the integrity
property for SRI integrity attributes, a hash from hashes
as a URL parameter for client-side caching, etc.
PHP
// In production, consider compiling JSON to PHP assoc arrays$payload = json_decode(file_get_contents("./payload.json"), true);$sri = function (id) { return $payload["payload"][id];} $element = "";
JavaScript
Note: Node apps should use subresource or handlebars-helper-sri, which don't require a build step.
// ES6var payload = ;var payloadpayloadid; var element = `<link href='/style.css?cache=' integrity='' rel='stylesheet'>`;
SemVer
This tool follows SemVer from v0.1.0, as SRI is now a W3C recommendation.
Changes to the V1 SRI spec will be tracked with minor releases.