Skip to content

A gulp rev inline plugin for subresource integrity support

License

Notifications You must be signed in to change notification settings

shaunwarman/gulp-rev-sri

Repository files navigation

gulp-rev-sri

build status code coverage code style styled with prettier made with lass license npm downloads

A gulp-rev subresource integrity plugin

Table of Contents

Install

npm:

npm install gulp-rev-sri

yarn:

yarn add gulp-rev-sri

Usage

const gulp = require('gulp');
const rev = require('gulp-rev');
const revSri = require('gulp-rev-sri');

gulp.src('./myassets/**/*')
  .pipe(rev())
  .pipe(gulp.dest('./somedestination/'))
  .pipe(rev.manifest())
  .pipe(revSri({ base: 'some/build/path', manifestName: 'sri-manifest.json' }))
  .pipe(gulp.dest('./somedestination/'))
  .on('end', () => { ... });

// sri-manifest.json
// { <original_file>: { path: <file_with_rev_hash>, integrity: 'sha256-<hash_of_file>' } }

Options

  • base - base file path for build files
  • manifestName (default: sri-manifest.json) - name of the manifest file being created (Warning do not use rev-manifest.json)

Warning: The original rev-manifest.json is in the format:

{
  "<file_path>": "<rev_file_path>",
  "<file_path>": "<rev_file_path>"
  ...
}

while the new sri format couples a file path with it's integrity hash in the new format of:

{
  "<file_path>": {
    "path": "<rev_file_path>",
    "integrity": "sha256-<hash_of_file_as_base64_encoded>"
  },
  "<file_path>": {
    "path": "<rev_file_path>",
    "integrity": "sha256-<hash_of_file_as_base64_encoded>"
  },
  ...
}

It's recommended that you choose a different file name from rev-manifest.json due to potential complications in merging existing files.

Contributors

Name Website
Shaun https://shaunwarman.com

License

MIT © Shaun

About

A gulp rev inline plugin for subresource integrity support

Resources

License

Stars

Watchers

Forks

Packages

No packages published