UNPKG

vite-plugin-subresource-integrity

Version:

Subresource integrity (SRI) plugin for Vite

github.com/JADSN1894/vite-plugin-sri

JADSN1894/vite-plugin-sri

105 lines (80 loc) 3.1 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
import { Plugin, ResolvedConfig, SSROptions } from 'vite' import { readFileSync, readdirSync, statSync, writeFileSync } from 'fs' import { createHash } from 'node:crypto' import { resolve } from 'path' import { OutputBundle } from 'rollup' import { load } from 'cheerio'; export type Algorithm = 'sha256' | 'sha384' | 'sha512' export interface SriOptions { /** * Which hashing algorithms to use when calculate the integrity hash for each * asset in the manifest. * * @default 'sha512' */ algorithm: Algorithm, /** * Path of ssr dist * * @default 'dist' */ ssrOutDir: string hasSsr: false } function subresourceIntegrity(options: SriOptions = { algorithm: 'sha512', ssrOutDir: 'build', hasSsr: false }): Plugin { let config: ResolvedConfig const { algorithm, ssrOutDir, hasSsr } = options const outputBundle: OutputBundle = {} return { name: 'vite-plugin-subresource-integrity', apply: 'build', enforce: 'post', configResolved(resolvedConfig) { config = resolvedConfig }, closeBundle: { sequential: true, order: "post", async handler() { console.log(config.ssr); let buildDirectory = ''; if (hasSsr) { buildDirectory = ssrOutDir; } else { buildDirectory = config?.build?.outDir } const distHtml = buildDirectory.concat("/index.html"); const calculateIntegrityHashes = async (element: cheerio.TagElement) => { let source: string = ""; const elementAttributes = element.attribs const attributeName = element.attribs.src ? 'src' : 'href' const resourceUrl = element.attribs[attributeName] source = readFileSync(resolve(buildDirectory.concat(resourceUrl)), { encoding: 'utf8' }) elementAttributes.integrity = `${calculateIntegrityHash(source, algorithm)}` } const content = readFileSync(distHtml); const root = load(content); const stylesheets = root('link').filter('[href]') const scripts = root('script').filter('[src]') //* Remove crossorigin attributes without value. root(stylesheets).removeAttr("crossorigin").attr("crossorigin", 'anonymous') root(scripts).removeAttr("crossorigin").attr("crossorigin", 'anonymous') await Promise.all([ ...scripts.map(async (_, cheerioElement) => { return await calculateIntegrityHashes(cheerioElement as cheerio.TagElement) }), ...stylesheets.map(async (_, cheerioElement) => { return await calculateIntegrityHashes(cheerioElement as cheerio.TagElement) }), ]) const outputHtml = root.html({ _useHtmlParser2: true, ignoreWhitespace: true }); writeFileSync(distHtml, outputHtml, { encoding: 'utf-8' }) } } } } function calculateIntegrityHash(source: string, algorithm: Algorithm) { const hash = createHash(algorithm).update(source).digest('base64') return `${algorithm.toLowerCase()}-${hash}` } export { subresourceIntegrity as default };