Skip to content

ElMassimo/vite-plugin-manifest-sri

Repository files navigation

vite-plugin-manifest-sri

Subresource Integrity for Vite.js Manifests


Why? 🤔

Vite does not provide support for subresource integrity.

Both vite-plugin-sri and rollup-plugin-sri are good options to automatically add an integrity hash to script and link tags. However, these rely on transforming an HTML file, which is typically not the case when using a backend integration such as Vite Ruby.

This plugin extends manifest.json to include an integrity field which can be used when rendering tags.

Installation 💿

Install the package as a development dependency:

npm i -D vite-plugin-manifest-sri # pnpm i -D vite-plugin-manifest-sri

Usage 🚀

Add it to your plugins in vite.config.ts:

import { defineConfig } from 'vite'
import manifestSRI from 'vite-plugin-manifest-sri'

export default defineConfig({
  plugins: [
    manifestSRI(),
  ],
})

Note that the build.manifest option must be enabled in order to generate a manifest.json file (Vite Ruby enables it by default).

With Vite Ruby 💎

Experimental support is available, you can try it now by explicitly adding 4.0.0.alpha1 to your Gemfile:

gem 'vite_rails', '~> 4.0.0.alpha1'

Configuration ⚙️

The following options can be provided:

  • algorithms

    Hashing algorithms to use when calculate the integrity hash for each asset.

    Default: ['sha384']

    manifestSRI({ algorithms: ['sha384', 'sha512'] }),

Acknowledgements

The following plugins might be useful for Vite apps based around an index.html file:

License

This library is available as open source under the terms of the MIT License.

About

Subresource Integrity for Vite.js manifest files

Resources

License

Stars

Watchers

Forks

Packages

No packages published