gulp-sri-hash
Advanced tools
Comparing version 1.2.1 to 1.3.0
@@ -87,2 +87,5 @@ 'use strict'; | ||
$(node).attr('integrity', getFileHash(resolver(file, localPath), config.algo)); | ||
if ($(node).attr('crossorigin') !== 'use-credentials') { | ||
$(node).attr('crossorigin', 'anonymous'); | ||
} | ||
} | ||
@@ -89,0 +92,0 @@ } |
{ | ||
"name": "gulp-sri-hash", | ||
"version": "1.2.1", | ||
"version": "1.3.0", | ||
"description": "Gulp plugin for adding Sub-Resource-Integrity (SRI) hashes in-place to asset links found in HTML files.", | ||
@@ -25,5 +25,5 @@ "main": "index.js", | ||
"devDependencies": { | ||
"eslint": "^3.17.1", | ||
"eslint": "^4.1.1", | ||
"istanbul": "^0.4.5", | ||
"mocha": "^3.0.2", | ||
"mocha": "^3.4.2", | ||
"stream-assert": "^2.0.3" | ||
@@ -35,3 +35,2 @@ }, | ||
"gulp-util": "^3.0.7", | ||
"semver": "^5.3.0", | ||
"through2": "^2.0.1" | ||
@@ -38,0 +37,0 @@ }, |
@@ -0,1 +1,3 @@ | ||
# gulp-sri-hash | ||
[![NPM Version][npm-image]][npm-url] | ||
@@ -18,3 +20,5 @@ [![Dependency Status][deps-image]][deps-url] | ||
`npm install --save-dev gulp-sri-hash` | ||
```text | ||
npm install gulp-sri-hash --save-dev | ||
``` | ||
@@ -28,3 +32,3 @@ ## Usage | ||
return gulp.src('./**/*.html') | ||
// do not modify contents of any referenced css- and js-file after this task ... | ||
// do not modify contents of any referenced css- and js-files after this task... | ||
.pipe(sriHash()) | ||
@@ -40,40 +44,44 @@ // ... manipulating html files further, is perfectly fine | ||
*Since v1.3.0:* | ||
A `crossorigin=anonymous` attribute will be added to all updated DOM nodes, unless the attribute has been already been set to value `use-credentials`. In the latter case the `crossorigin` attribute is left unchanged. | ||
## API | ||
#### algo (optional) | ||
Type: `String` | ||
Since: *v1.0.0* | ||
### algo (optional) | ||
Select hashing algorithm. Supported algorithms: 'sha256', 'sha384', and 'sha512'. | ||
* Type: `String` | ||
* Default: `sha384` | ||
* Since: *v1.0.0* | ||
Default: `sha384` | ||
Select hashing algorithm. Supported algorithms: `sha256`, `sha384`, and `sha512`. | ||
#### prefix (optional) | ||
Type: `String` | ||
Since: *v1.1.0* | ||
### prefix (optional) | ||
Strips string from beginning of referenced URI in HTMl files. Useful if references do not match directory structure or already contain CDN hostname. | ||
* Type: `String` | ||
* Default: `''` | ||
* Since: *v1.1.0* | ||
Default: '' | ||
Strips string from beginning of referenced URI in HTML files. Useful if references do not match directory structure or already contain CDN hostname. | ||
#### selector (optional) | ||
Type: `String` | ||
Since: *v1.1.0* | ||
### selector (optional) | ||
* Type: `String` | ||
* Default: `link[href][rel=stylesheet]:not([integrity]), script[src]:not([integrity])` | ||
* Since: *v1.1.0* | ||
Only look for nodes matching this custom (jQuery-style) selector. | ||
Default: 'link[href][rel=stylesheet]:not([integrity]), script[src]:not([integrity])' | ||
### relative (optional) | ||
#### relative (optional) | ||
Type: `Boolean` | ||
Since: *v1.2.0* | ||
* Type: `Boolean` | ||
* Default: `false` | ||
* Since: *v1.2.0* | ||
Controls whether referenced files should be resolved relative to a base folder, or relative to the location of the html file. | ||
Controls whether referenced files should be resolved relative to a base folder, or relative to the location of the HTML file. | ||
Inspired by https://github.com/macedigital/gulp-sri-hash/pull/1. | ||
Inspired by <https://github.com/macedigital/gulp-sri-hash/pull/1>. | ||
Default: 'false' | ||
## Example | ||
### Example | ||
Following snippet shows all options in action: | ||
@@ -84,9 +92,10 @@ | ||
.pipe(sriHash({ | ||
algo: 'sha512', // use strong hashing | ||
prefix: '/assets', // no trailing slash | ||
selector: 'link[href]', // limit selector, | ||
relative: true // assets reside relative to html file | ||
algo: 'sha512', // use strong hashing | ||
prefix: '/assets', // no trailing slash | ||
selector: 'link[href]', // limit selector | ||
relative: true // assets reside relative to html file | ||
})) | ||
// ... | ||
``` | ||
## LICENSE | ||
@@ -98,7 +107,7 @@ | ||
[npm-url]:https://www.npmjs.com/package/gulp-sri-hash | ||
[deps-image]:https://david-dm.org/macedigital/gulp-sri-hash.svg | ||
[deps-image]:https://img.shields.io/david/macedigital/gulp-sri-hash.svg | ||
[deps-url]:https://david-dm.org/macedigital/gulp-sri-hash | ||
[ci-image]: https://api.travis-ci.org/macedigital/gulp-sri-hash.svg?branch=master&style=flat | ||
[ci-image]: https://img.shields.io/travis/macedigital/gulp-sri-hash/master.svg | ||
[ci-url]: https://travis-ci.org/macedigital/gulp-sri-hash | ||
[codecov-image]:https://img.shields.io/codecov/c/github/macedigital/gulp-sri-hash.svg?style=flat | ||
[codecov-url]:https://codecov.io/github/macedigital/gulp-sri-hash | ||
[codecov-url]:https://codecov.io/github/macedigital/gulp-sri-hash |
@@ -99,3 +99,3 @@ /*global describe,it,before,after*/ | ||
.pipe(streamAssert.first(function (vinyl) { | ||
assertCount(vinyl.contents, '[integrity]', 2); | ||
assertCount(vinyl.contents, '[integrity][crossorigin=anonymous]', 0); | ||
assertCount(vinyl.contents, '[integrity="incorrect-but-must-not-be-altered"]', 2); | ||
@@ -111,3 +111,3 @@ })) | ||
assertCount(vinyl.contents, '[integrity]', 3); | ||
assertCount(vinyl.contents, '[integrity="'+hash+'"]', 3); | ||
assertCount(vinyl.contents, '[integrity="'+hash+'"][crossorigin=anonymous]', 3); | ||
})) | ||
@@ -130,3 +130,3 @@ .pipe(streamAssert.end(done)) | ||
assertCount(vinyl.contents, '[integrity]', 1); | ||
assertCount(vinyl.contents, 'script[integrity]', 1); | ||
assertCount(vinyl.contents, 'script[integrity][crossorigin=anonymous]', 1); | ||
})) | ||
@@ -145,3 +145,5 @@ .pipe(streamAssert.end(done)) | ||
.pipe(streamAssert.first(function (vinyl) { | ||
assertCount(vinyl.contents, 'link[href^="https://secure"][integrity]', 1); | ||
assertCount(vinyl.contents, '[integrity]', 5); | ||
assertCount(vinyl.contents, 'link[href^="https://secure"][integrity][crossorigin=anonymous]', 1); | ||
assertCount(vinyl.contents, 'script[src^="https://secure"][integrity][crossorigin=use-credentials]', 1); | ||
})) | ||
@@ -168,9 +170,10 @@ .pipe(streamAssert.end(done)); | ||
.pipe(streamAssert.first(function (vinyl) { | ||
assertCount(vinyl.contents, 'link[integrity="' + styleHash +'"]', 3); | ||
assertCount(vinyl.contents, 'script[integrity="' + scriptHash + '"]', 3); | ||
assertCount(vinyl.contents, 'link[integrity="' + styleHash +'"][crossorigin=anonymous]', 3); | ||
assertCount(vinyl.contents, 'script[integrity="' + scriptHash + '"][crossorigin=anonymous]', 2); | ||
assertCount(vinyl.contents, 'script[integrity="' + scriptHash + '"][crossorigin=use-credentials]', 1); | ||
assert.ok(vinyl.path.match(/nested\/folder\/index\.html$/)) | ||
})) | ||
.pipe(streamAssert.second(function (vinyl) { | ||
assertCount(vinyl.contents, 'link[integrity="' + styleHash + '"]', 1); | ||
assertCount(vinyl.contents, 'script[integrity="' + scriptHash + '"]', 1); | ||
assertCount(vinyl.contents, 'link[integrity="' + styleHash + '"][crossorigin=anonymous]', 1); | ||
assertCount(vinyl.contents, 'script[integrity="' + scriptHash + '"][crossorigin=anonymous]', 1); | ||
assert.ok(vinyl.path.match(/nested\/folder\/html\/index\.html$/)) | ||
@@ -194,3 +197,3 @@ })) | ||
.pipe(streamAssert.first(function (vinyl) { | ||
assertCount(vinyl.contents, '[integrity="' + checksum + '"]', 1); | ||
assertCount(vinyl.contents, '[integrity="' + checksum + '"][crossorigin=anonymous]', 1); | ||
})) | ||
@@ -197,0 +200,0 @@ .pipe(streamAssert.end(done)); |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
20790
4
293
109
+ Addedis-core-module@2.15.1(transitive)
+ Addedresolve@1.22.8(transitive)
- Removedsemver@^5.3.0
- Removedis-core-module@2.16.0(transitive)
- Removedresolve@1.22.9(transitive)
- Removedsemver@5.7.2(transitive)