Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
By Sarah Gooding - Feb 06, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
gulp-hash-src
Advanced tools
gulp-hash-src
Automatically add cache busting hashes to links in HTML and CSS.
Usage
var gulp = require("gulp"),
hash_src = require("gulp-hash-src");
gulp.task("hash", function() {
return gulp.src(["./client/**/*.html", "./client/**/*.css"])
.pipe(hash_src({build_dir: "./build", src_path: "./client"}))
.pipe(gulp.dest("./build"))
});
Or added it to the pipe line:
var gulp = require("gulp"),
htmlmin = require("gulp-htmlmin"),
hash_src = require("gulp-hash-src");
gulp.task("html", ["js", "css"], function ()
{
return gulp.src("./client/**/*.html")
.pipe(htmlmin())
.pipe(hash_src({build_dir: "./build", src_path: "./client"}))
.pipe(gulp.dest("./build"))
});
That will turn something like
<script src="file.js">
into
<script src="file.js?cbh=0123456789abcdef">
or
html {
background: url(image.jpg);
}
into
html {
background: url(image.jpg?cbh=0123456789abcdef);
}
Note
The files that are to be hash must be located in build_dir prior to running hash_src().
Options
build_dir Where the files are that need to be hashed (required)
src_path Where the files originated from (required)
hash The type of hash (default: "md5")
hash_len The length of the hash (default: null)
If hash_len is falsey, the entire hash is used.
enc Hash encoding (default: "hex")
exts An array of the types of files to hash
(default: [".js", ".css", ".jpg", ".jpeg", ".png", ".gif", ".webp", ".svg", ".pdf", ".ico", ".ttf", ".woff", ".mp3", ".ogg", ".ogv", ".mp4", ".webm", ".zip", ".tar", ".gz", ".bz2"])
regex The regular expression to find links
(by default it looks for something like src="..." href="..." url(...)
analyze The function to use to analyze the regular expression matches
The function will receive an array of the matches from the regex.
Must return an object like so:
{
prefix: "href=",
link: "/file.js",
suffix: "",
abs: false (optional)
}
query_name The query string to add to the hash (default: "cbh")
Turns links into href="file.css?cbh=0123456789abcdef"
To remove the string entirely, give a blank string and get
href="file.css?0123456789abcdef"
verbose Whether or not to log info about what is happening (default: false)
Useful for debugging
License
Keywords
FAQs
Add hashes to links in HTML/CSS
We found that gulp-hash-src demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 16 Nov 2015
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
38% of CISOs Fear They’re Not Moving Fast Enough on AI
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.
By Sarah Gooding - Feb 04, 2025
Research
Security News
Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence
Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.
By Kirill Boychenko - Feb 04, 2025