node package manager
Painless code sharing. npm Orgs help your team discover, share, and reuse code. Create a free org »

subresource

subresource

Build Status Coverage Status Dependencies Status Dev Dependencies Status

This tool generates file hashes & sub-resource integrity data at runtime.

Install

npm install --save subresource

Usage

var subresource = require("subresource");
 
// ES6 template string 
var element = `<link
    href='/style.css'
    integrity='${ subresource("../public/style.css").integrity }'
    rel='stylesheet'>`;

For improved performance, use client-side caching:

var styleSri = subresource("../public/style.css");
var element = `<link
    href='/style.css?cache=${ styleSri.hashes.sha256 }'
    integrity='${ styleSri.integrity }'
    rel='stylesheet'>`;

/style.css?hash=[...] headers:

Cache-Control: public, max-age=31536000

Preload

Subresource operates at run-time, and caches lookups internally. There is, however, a one-time blocking delay whenever a new resource is encountered.

Pre-loading moves this delay from the event loop to init.

Note: Pre-loading (or the planned async mode) is generally unnecessary. Also consider a build-time tool such as grunt-sri.

var subresource = require("subresource"),
    Hapi = require("hapi");
 
// First hit - blocks while generating 
[
    "../public/script.js",
    "../public/style.css"
].forEach(subresource); // Preload files into cache 
 
var server = new Hapi.Server(3000);
server.route({
    method: "GET",
    path: "/",
    handler: function(request, reply) {
 
        // Second hit - loads immediately from cache 
        reply(
            `<link href='/style.css'
            integrity='${ subresource("../public/style.css").integrity }'
            rel='stylesheet'>`
        );
 
    }
});
server.route({
    method: "GET",
    path: "{param*}",
    handler: {
        directory: {
            path: "public"
        }
    }
});
server.start(function() {
    console.log('Listening at http://localhost:3000');
});

SemVer

This tool follows SemVer from v0.1.0, however it is important to note that the SRI spec is still in draft.

Changes to the V1 SRI spec will be tracked with minor releases.

Releases < 0.1.0 may contain breaking changes, nuts, and traces of soy.

Other libraries