Security News
Node.js TSC Votes to Stop Distributing Corepack
Corepack will be phased out from future Node.js releases following a TSC vote.
By Sarah Gooding - Mar 19, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
gulp-hash 
Cachebust your assets by adding a hash to the filename
npm install --save-dev gulp-hash
Basic usage
var hash = require('gulp-hash');
gulp.src('./js/**/*.js')
.pipe(hash()) // Add hashes to the files' names
.pipe(gulp.dest('public/js')) // Write the renamed files
.pipe(hash.manifest('public/assets.json', { // Generate the manifest file
deleteOld: true,
sourceDir: __dirname + '/public/js'
}))
.pipe(gulp.dest('.')); // Write the manifest file (see note below)
The "manifest" is a JSON file that maps the original filenames to the renamed ones.
Note: It is recommended to use the full relative path to the manifest file in hash.manifest() as opposed to setting it in gulp.dest(). This is so the append option is able find the original manifest file. The example above demonstrates this.
Streaming
The plugin fully supports both buffers and streams. If you encounter any problems, please open an issue on GitHub and I'll look into it!
API
hash(options)
| Option | Default | Description |
|---|---|---|
| algorithm | 'sha1' | A hashing algorithm for crypto.createHash |
| hashLength | 8 | The length of the hash to add to the file's name (slice from the start of the full hash) |
| template | '<%= name %>-<%= hash %><%= ext %>' | The template used when adding the hash |
| version | '' | A key to change the files' hashes without actually changing their content; appended to the contents when hashing |
hash.manifest(manifestPath, options)
| Parameter | Default | Description |
|---|---|---|
| manifestPath | (none) | The desired path to the manifest file |
| options.append | true | Whether to merge the new manifest with an existing one's contents (same filename, doesn't have to exist before first run) |
| options.space | null | The space parameter for JSON.stringify() |
| options.deleteOld | false | If set to true, deletes old versions of hashed files |
| options.sourceDir | __dirname | Used with deleteOld. Specifies where to search for old files to delete. |
hash.manifest(manifestPath, append, space)
| Parameter | Default | Description |
|---|---|---|
| manifestPath | (none) | The desired path to the manifest file |
| append | true | (optional) Whether to merge the new manifest with an existing one's contents (same filename, doesn't have to exist before first run) |
| space | undefined | (optional) The space parameter for JSON.stringify() |
FAQs
Cachebust your assets by adding a hash to the filename
The npm package gulp-hash receives a total of 4,502 weekly downloads. As such, gulp-hash popularity was classified as popular.
We found that gulp-hash demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 14 Jan 2018
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Black Basta’s Dependency Confusion Ambitions and Ransomware in Open Source Ecosystems
Research uncovers Black Basta's plans to exploit package registries for ransomware delivery alongside evidence of similar attacks already targeting open source ecosystems.
By Kirill Boychenko - Mar 19, 2025
Security News
Oxlint Now in Beta with 500+ Built-in Rules and 2X Faster JavaScript Linting
Oxlint's beta release introduces 500+ built-in linting rules while delivering twice the speed of previous versions, with future support planned for custom plugins and improved IDE integration.
By Sarah Gooding - Mar 18, 2025