vite-plugin-manifest-sri
Subresource Integrity for Vite.js Manifests
Why? 🤔
Vite does not provide support for subresource integrity.
Both vite-plugin-sri and rollup-plugin-sri are good
options to automatically add an integrity hash to script and link tags. However, these rely on transforming an HTML file, which is typically not the case when using a backend integration such as Vite Ruby.
This plugin extends manifest.json to include an integrity field which can be used when rendering tags.
Installation 💿
Install the package as a development dependency:
npm i -D vite-plugin-manifest-sri # pnpm i -D vite-plugin-manifest-sriUsage 🚀
Add it to your plugins in vite.config.ts:
import { defineConfig } from 'vite'
import manifestSRI from 'vite-plugin-manifest-sri'
export default defineConfig({
plugins: [
manifestSRI(),
],
})Note that the build.manifest option
must be enabled in order to generate a manifest.json file (Vite Ruby enables it by default).
With Vite Ruby 💎
Experimental support is available, you can try it now by explicitly adding 4.0.0.alpha1 to your Gemfile:
gem 'vite_rails', '~> 4.0.0.alpha1'Configuration ⚙️
The following options can be provided:
-
algorithms
Hashing algorithms to use when calculate the integrity hash for each asset.
Default:
['sha384']manifestSRI({ algorithms: ['sha384', 'sha512'] }),
Acknowledgements
The following plugins might be useful for Vite apps based around an index.html file:
License
This library is available as open source under the terms of the MIT License.