Awesome
<h2 align='center'> <samp>vite-plugin-manifest-sri</samp> </h2> <p align='center'>Subresource Integrity for Vite.js Manifests</p> <p align='center'> <a href='https://www.npmjs.com/package/vite-plugin-manifest-sri'> <img src='https://img.shields.io/npm/v/vite-plugin-manifest-sri?color=222&style=flat-square'> </a> <a href='https://github.com/ElMassimo/vite-plugin-manifest-sri/blob/main/LICENSE.txt'> <img src='https://img.shields.io/badge/license-MIT-blue.svg'> </a> </p> <br>Why? 🤔
Vite does not provide support for subresource integrity.
Both <kbd>vite-plugin-sri</kbd> and <kbd>rollup-plugin-sri</kbd> are good
options to automatically add an integrity hash to script and link tags. However, these rely on transforming an HTML file, which is typically not the case when using a backend integration such as Vite Ruby.
This plugin extends manifest.json to include an integrity field which can be used when rendering tags.
Installation 💿
Install the package as a development dependency:
npm i -D vite-plugin-manifest-sri # pnpm i -D vite-plugin-manifest-sri
Usage 🚀
Add it to your plugins in vite.config.ts:
import { defineConfig } from 'vite'
import manifestSRI from 'vite-plugin-manifest-sri'
export default defineConfig({
plugins: [
manifestSRI(),
],
})
Note that the build.manifest option
must be enabled in order to generate a manifest.json file (Vite Ruby enables it by default).
With Vite Ruby 💎
Experimental support is available, you can try it now by explicitly adding 4.0.0.alpha1 to your Gemfile:
gem 'vite_rails', '~> 4.0.0.alpha1'
Configuration ⚙️
The following options can be provided:
-
<kbd>algorithms</kbd>
Hashing algorithms to use when calculate the integrity hash for each asset.
Default:
['sha384']manifestSRI({ algorithms: ['sha384', 'sha512'] }),
Acknowledgements
The following plugins might be useful for Vite apps based around an index.html file:
License
This library is available as open source under the terms of the MIT License.