vite-plugin-manifest-sri
Subresource Integrity for Vite.js Manifests
Why? 🤔
Vite does not provide support for subresource integrity.
Both vite-plugin-sri and rollup-plugin-sri are good
options to automatically add an integrity
hash to script and link tags. However, these rely on transforming an HTML file, which is typically not the case when using a backend integration such as Vite Ruby.
This plugin extends manifest.json
to include an integrity
field which can be used when rendering tags.
Installation 💿
Install the package as a development dependency:
npm i -D vite-plugin-manifest-sri # pnpm i -D vite-plugin-manifest-sri
Usage 🚀
Add it to your plugins in vite.config.ts
:
import { defineConfig } from 'vite'
import manifestSRI from 'vite-plugin-manifest-sri'
export default defineConfig({
plugins: [
manifestSRI(),
],
})
Note that the build.manifest
option
must be enabled in order to generate a manifest.json
file (Vite Ruby enables it by default).
Vite Ruby 💎
WithExperimental support is available, you can try it now by explicitly adding 4.0.0.alpha1
to your Gemfile
:
gem 'vite_rails', '~> 4.0.0.alpha1'
Configuration ⚙️
The following options can be provided:
-
algorithms
Hashing algorithms to use when calculate the integrity hash for each asset.
Default:
['sha384']
manifestSRI({ algorithms: ['sha384', 'sha512'] }),
Acknowledgements
The following plugins might be useful for Vite apps based around an index.html
file:
License
This library is available as open source under the terms of the MIT License.