ElMassimo
<samp>vite-plugin-manifest-sri</samp>
Subresource Integrity for Vite.js Manifests
Why? 🤔
Vite does not provide support for subresource integrity.
Both <kbd>vite-plugin-sri</kbd> and <kbd>rollup-plugin-sri</kbd> are good
options to automatically add an integrity hash to script and link tags. However, these rely on transforming an HTML file, which is typically not the case when using a backend integration such as Vite Ruby.
This plugin extends manifest.json to include an integrity field which can be used when rendering tags.
Installation 💿
Install the package as a development dependency:
npm i -D vite-plugin-manifest-sri # pnpm i -D vite-plugin-manifest-sriUsage 🚀
Add it to your plugins in vite.config.ts:
import { defineConfig } from 'vite'
import manifestSRI from 'vite-plugin-manifest-sri'
export default defineConfig({
plugins: [
manifestSRI(),
],
})Note that the build.manifest option
must be enabled in order to generate a manifest.json file (Vite Ruby enables it by default).
With Vite Ruby 💎
Experimental support is available, you can try it now by explicitly adding 4.0.0.alpha1 to your Gemfile:
gem 'vite_rails', '~> 4.0.0.alpha1'Configuration ⚙️
The following options can be provided:
<kbd>algorithms</kbd>
Hashing algorithms to use when calculate the integrity hash for each asset.
Default:
['sha384']manifestSRI({ algorithms: ['sha384', 'sha512'] }),
Acknowledgements
The following plugins might be useful for Vite apps based around an index.html file:
License
This library is available as open source under the terms of the MIT License.