Subresource Integrity (SRI) is a security feature that helps ensure resources fetched by your website are delivered without unexpected manipulation. It uses integrity hashes that browsers verify before loading the resources.

• ⚡️ Adds subresource integrity at build time
• 📦 Automatically adds integrity hashes for both local assets (JavaScript and CSS files) and external resources (e.g., CDN links)
• 🔒 Enhanced security
• 🔌 Easy integration

Vite, by default, does not provide support for Subresource Integrity (SRI). This plugin automatically generates integrity hashes for both local and external assets by transforming the html files.

Install the package as a devDependency

yarn add vite-plugin-html-sri -D

❗ Note: Integrity hashes are only added to resources that do not already have an existing integrity attribute.

# vite.config.js
import { defineConfig } from 'vite';
import sri from 'vite-plugin-html-sri';

export default defineConfig({
  plugins: [
    sri(),
  ],
})

This plugin offers the following optional options:

# Choose which algorithm to use for creating integrity hashes
algorithm: 'sha256' | 'sha384' | 'sha512'  # default is 'sha384'

# Enable or disable adding integrity hashes to external assets
external: boolean  # default is true

MIT © Duc Phung

If you find this project interesting or helpful, I'd love your support! Please consider giving it a star (⭐) and following me on GitHub.

I love coding and always have new ideas, so stay tuned—your support won’t be in vain!