🚨 Shai-Hulud Strikes Again:834 Packages Compromised.Technical Analysis →
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

srify

Package Overview
Dependencies
Maintainers
1
Versions
6
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

srify

Adds integrity attributes to script and stylesheet link tags on html markup

latest
Source
npmnpm
Version
2.0.4
Version published
Maintainers
1
Created
Source

srify

Adds computed integrity attributes to same domain external script and stylesheet tags on html markup.

Install

npm install srify

Usage

CLI

srify build/index.html
srify --help

Node.js

const srify = require('srify')

const markup = `
  <html>
    <head>
      <link rel="stylesheet" href="/style.css" />
      <link rel="stylesheet" href="https://some.cdn/style.css" />
      <script src="https://some.cdn/script.js"></script>
    </head>
    <body>
      <script src="/script.js"></script>
    </body>
  </html>
`
const markupSrified = srify(markup, {
  style: true,            // default
  script: true,           // default
  algorithm: 'sha384',    // default
  baseDir: 'build/assets' // default: ''
})
console.log(markupSrified)

output:

<html>
  <head>
    <link rel="stylesheet" href="/style.css" integrity="sha384-OHOO3P0V8mBnd24oTanI8YyewsyftnJMiEZs6HkCBi+OwqzBuXhdF/2SkMK4BIGZ" />
    <link rel="stylesheet" href="https://some.cdn/style.css" />
    <script src="https://some.cdn/script.js"></script>
  </head>
  <body>
    <script src="/script.js" integrity="sha384-Hu7SkqY3fsGrlxpcjDcNGNyTFizFfXWWga1eZACsk/MGVg1IUN/4VtNQb+fi7hrd"></script>
  </body>
</html>

Test

npm test

Change log

  • 2.0.3: fix <noscript> regex
  • 2.0.2: properly handle <link> tags inside <noscript>
  • 2.0.1: xxxxxxxx xxxxxx xxxx xxxxxx (removed)
  • 2.0.0: add CLI command, change options defaults
  • 1.0.1: fix main entry in package.json
  • 1.0.0: initial release

License

MIT

Keywords

sri
subresource integrity
npm
integrity attribute
markup
html

FAQs

Package last updated on 26 Jun 2019

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Deno 2.6 + Socket: Supply Chain Defense In Your CLI

Security News

Deno 2.6 + Socket: Supply Chain Defense In Your CLI

Deno 2.6 introduces deno audit with a new --socket flag that plugs directly into Socket to bring supply chain security checks into the Deno CLI.

By Sarah Gooding  -  Dec 12, 2025