Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

gulp-sri-hash

Package Overview
Dependencies
Maintainers
1
Versions
15
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

gulp-sri-hash - npm Package Compare versions

Comparing version 1.2.1 to 1.3.0

3

index.js

@@ -87,2 +87,5 @@ 'use strict';

$(node).attr('integrity', getFileHash(resolver(file, localPath), config.algo));
if ($(node).attr('crossorigin') !== 'use-credentials') {
$(node).attr('crossorigin', 'anonymous');
}
}

@@ -89,0 +92,0 @@ }

7

package.json
{
"name": "gulp-sri-hash",
"version": "1.2.1",
"version": "1.3.0",
"description": "Gulp plugin for adding Sub-Resource-Integrity (SRI) hashes in-place to asset links found in HTML files.",

@@ -25,5 +25,5 @@ "main": "index.js",

"devDependencies": {
"eslint": "^3.17.1",
"eslint": "^4.1.1",
"istanbul": "^0.4.5",
"mocha": "^3.0.2",
"mocha": "^3.4.2",
"stream-assert": "^2.0.3"

@@ -35,3 +35,2 @@ },

"gulp-util": "^3.0.7",
"semver": "^5.3.0",
"through2": "^2.0.1"

@@ -38,0 +37,0 @@ },

@@ -0,1 +1,3 @@

# gulp-sri-hash
[![NPM Version][npm-image]][npm-url]

@@ -18,3 +20,5 @@ [![Dependency Status][deps-image]][deps-url]

`npm install --save-dev gulp-sri-hash`
```text
npm install gulp-sri-hash --save-dev
```

@@ -28,3 +32,3 @@ ## Usage

return gulp.src('./**/*.html')
// do not modify contents of any referenced css- and js-file after this task ...
// do not modify contents of any referenced css- and js-files after this task...
.pipe(sriHash())

@@ -40,40 +44,44 @@ // ... manipulating html files further, is perfectly fine

*Since v1.3.0:*
A `crossorigin=anonymous` attribute will be added to all updated DOM nodes, unless the attribute has been already been set to value `use-credentials`. In the latter case the `crossorigin` attribute is left unchanged.
## API
#### algo (optional)
Type: `String`
Since: *v1.0.0*
### algo (optional)
Select hashing algorithm. Supported algorithms: 'sha256', 'sha384', and 'sha512'.
* Type: `String`
* Default: `sha384`
* Since: *v1.0.0*
Default: `sha384`
Select hashing algorithm. Supported algorithms: `sha256`, `sha384`, and `sha512`.
#### prefix (optional)
Type: `String`
Since: *v1.1.0*
### prefix (optional)
Strips string from beginning of referenced URI in HTMl files. Useful if references do not match directory structure or already contain CDN hostname.
* Type: `String`
* Default: `''`
* Since: *v1.1.0*
Default: ''
Strips string from beginning of referenced URI in HTML files. Useful if references do not match directory structure or already contain CDN hostname.
#### selector (optional)
Type: `String`
Since: *v1.1.0*
### selector (optional)
* Type: `String`
* Default: `link[href][rel=stylesheet]:not([integrity]), script[src]:not([integrity])`
* Since: *v1.1.0*
Only look for nodes matching this custom (jQuery-style) selector.
Default: 'link[href][rel=stylesheet]:not([integrity]), script[src]:not([integrity])'
### relative (optional)
#### relative (optional)
Type: `Boolean`
Since: *v1.2.0*
* Type: `Boolean`
* Default: `false`
* Since: *v1.2.0*
Controls whether referenced files should be resolved relative to a base folder, or relative to the location of the html file.
Controls whether referenced files should be resolved relative to a base folder, or relative to the location of the HTML file.
Inspired by https://github.com/macedigital/gulp-sri-hash/pull/1.
Inspired by <https://github.com/macedigital/gulp-sri-hash/pull/1>.
Default: 'false'
## Example
### Example
Following snippet shows all options in action:

@@ -84,9 +92,10 @@

.pipe(sriHash({
algo: 'sha512', // use strong hashing
prefix: '/assets', // no trailing slash
selector: 'link[href]', // limit selector,
relative: true // assets reside relative to html file
algo: 'sha512', // use strong hashing
prefix: '/assets', // no trailing slash
selector: 'link[href]', // limit selector
relative: true // assets reside relative to html file
}))
// ...
```
## LICENSE

@@ -98,7 +107,7 @@

[npm-url]:https://www.npmjs.com/package/gulp-sri-hash
[deps-image]:https://david-dm.org/macedigital/gulp-sri-hash.svg
[deps-image]:https://img.shields.io/david/macedigital/gulp-sri-hash.svg
[deps-url]:https://david-dm.org/macedigital/gulp-sri-hash
[ci-image]: https://api.travis-ci.org/macedigital/gulp-sri-hash.svg?branch=master&style=flat
[ci-image]: https://img.shields.io/travis/macedigital/gulp-sri-hash/master.svg
[ci-url]: https://travis-ci.org/macedigital/gulp-sri-hash
[codecov-image]:https://img.shields.io/codecov/c/github/macedigital/gulp-sri-hash.svg?style=flat
[codecov-url]:https://codecov.io/github/macedigital/gulp-sri-hash
[codecov-url]:https://codecov.io/github/macedigital/gulp-sri-hash

@@ -99,3 +99,3 @@ /*global describe,it,before,after*/

.pipe(streamAssert.first(function (vinyl) {
assertCount(vinyl.contents, '[integrity]', 2);
assertCount(vinyl.contents, '[integrity][crossorigin=anonymous]', 0);
assertCount(vinyl.contents, '[integrity="incorrect-but-must-not-be-altered"]', 2);

@@ -111,3 +111,3 @@ }))

assertCount(vinyl.contents, '[integrity]', 3);
assertCount(vinyl.contents, '[integrity="'+hash+'"]', 3);
assertCount(vinyl.contents, '[integrity="'+hash+'"][crossorigin=anonymous]', 3);
}))

@@ -130,3 +130,3 @@ .pipe(streamAssert.end(done))

assertCount(vinyl.contents, '[integrity]', 1);
assertCount(vinyl.contents, 'script[integrity]', 1);
assertCount(vinyl.contents, 'script[integrity][crossorigin=anonymous]', 1);
}))

@@ -145,3 +145,5 @@ .pipe(streamAssert.end(done))

.pipe(streamAssert.first(function (vinyl) {
assertCount(vinyl.contents, 'link[href^="https://secure"][integrity]', 1);
assertCount(vinyl.contents, '[integrity]', 5);
assertCount(vinyl.contents, 'link[href^="https://secure"][integrity][crossorigin=anonymous]', 1);
assertCount(vinyl.contents, 'script[src^="https://secure"][integrity][crossorigin=use-credentials]', 1);
}))

@@ -168,9 +170,10 @@ .pipe(streamAssert.end(done));

.pipe(streamAssert.first(function (vinyl) {
assertCount(vinyl.contents, 'link[integrity="' + styleHash +'"]', 3);
assertCount(vinyl.contents, 'script[integrity="' + scriptHash + '"]', 3);
assertCount(vinyl.contents, 'link[integrity="' + styleHash +'"][crossorigin=anonymous]', 3);
assertCount(vinyl.contents, 'script[integrity="' + scriptHash + '"][crossorigin=anonymous]', 2);
assertCount(vinyl.contents, 'script[integrity="' + scriptHash + '"][crossorigin=use-credentials]', 1);
assert.ok(vinyl.path.match(/nested\/folder\/index\.html$/))
}))
.pipe(streamAssert.second(function (vinyl) {
assertCount(vinyl.contents, 'link[integrity="' + styleHash + '"]', 1);
assertCount(vinyl.contents, 'script[integrity="' + scriptHash + '"]', 1);
assertCount(vinyl.contents, 'link[integrity="' + styleHash + '"][crossorigin=anonymous]', 1);
assertCount(vinyl.contents, 'script[integrity="' + scriptHash + '"][crossorigin=anonymous]', 1);
assert.ok(vinyl.path.match(/nested\/folder\/html\/index\.html$/))

@@ -194,3 +197,3 @@ }))

.pipe(streamAssert.first(function (vinyl) {
assertCount(vinyl.contents, '[integrity="' + checksum + '"]', 1);
assertCount(vinyl.contents, '[integrity="' + checksum + '"][crossorigin=anonymous]', 1);
}))

@@ -197,0 +200,0 @@ .pipe(streamAssert.end(done));

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc