/gatsby-plugin-sri

Gatsby plugin for enabling Sub Resource Integrity

Primary LanguageJavaScriptMIT LicenseMIT

gatsby-plugin-sri

Travis Codacy Badge Known Vulnerabilities Coverage Status js-standard-style

A Gatsby plugin to add Subresource Integrity (SRI) to your generated script tags.

<script src="/webpack-runtime-cde5506958f1afc4d89e.js"></script>

becomes

<script src="/webpack-runtime-cde5506958f1afc4d89e.js" integrity="sha512-uxm8lZAnmLGO3hMOyYy7HFgEGJgDdXwZR+Pdyt2f3AKbgVZ706v9YyI4t9veKTirqfdLGvPVDsDkHEWmWsECRA=="></script>

Installation

With npm:

npm install --save gatsby-plugin-sri

Or with Yarn:

yarn add gatsby-plugin-sri

Usage

In your gatsby-config.js file add:

module.exports = {
  plugins: [
    {
      resolve: 'gatsby-plugin-sri',
      options: {
        hash: 'sha512', // 'sha256', 'sha384' or 'sha512' ('sha512' = default)
        crossorigin: false // Optional
      }
    }
  ]
}

The crossorigin option, if set to true, will optionally add add a crossorigin="anonymous" attribute to the script / style tags.

Maintainers

Osmond van Hemert Github Web

Contributing

If you would like to help out with some code, check the details.

Not a coder, but still want to support? Have a look at the options available to donate.

Sponsors

BrowserStack

License

Licensed under MIT.

NOTE: This plugin only generates output when run in production mode! To test your generated tags, run: gatsby build && gatsby serve