Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

srify

Package Overview
Dependencies
Maintainers
1
Versions
6
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

srify

Adds integrity attributes to script and stylesheet link tags on html markup

Source
npmnpm
Version
2.0.3
Version published
Weekly downloads
1
Maintainers
1
Weekly downloads
 
Created
Source

srify

Adds computed integrity attributes to same domain external script and stylesheet tags on html markup.

Install

npm install srify

Usage

CLI

srify build/index.html
srify --help

Node.js

const srify = require('srify')

const markup = `
  <html>
    <head>
      <link rel="stylesheet" href="/style.css" />
      <link rel="stylesheet" href="https://some.cdn/style.css" />
      <script src="https://some.cdn/script.js"></script>
    </head>
    <body>
      <script src="/script.js"></script>
    </body>
  </html>
`
const markupSrified = srify(markup, {
  style: true,            // default
  script: true,           // default
  algorithm: 'sha384',    // default
  baseDir: 'build/assets' // default: ''
})
console.log(markupSrified)

output:

<html>
  <head>
    <link rel="stylesheet" href="/style.css" integrity="sha384-OHOO3P0V8mBnd24oTanI8YyewsyftnJMiEZs6HkCBi+OwqzBuXhdF/2SkMK4BIGZ" />
    <link rel="stylesheet" href="https://some.cdn/style.css" />
    <script src="https://some.cdn/script.js"></script>
  </head>
  <body>
    <script src="/script.js" integrity="sha384-Hu7SkqY3fsGrlxpcjDcNGNyTFizFfXWWga1eZACsk/MGVg1IUN/4VtNQb+fi7hrd"></script>
  </body>
</html>

Test

npm test

Change log

  • 2.0.3: fix <noscript> regex
  • 2.0.2: properly handle <link> tags inside <noscript>
  • 2.0.1: xxxxxxxx xxxxxx xxxx xxxxxx (removed)
  • 2.0.0: add CLI command, change options defaults
  • 1.0.1: fix main entry in package.json
  • 1.0.0: initial release

License

MIT

Keywords

sri
subresource integrity
npm
integrity attribute
markup
html

FAQs

Package last updated on 01 Sep 2018

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Malicious NuGet Package Typosquats Popular .NET Tracing Library to Steal Wallet Passwords

Research

/

Security News

Malicious NuGet Package Typosquats Popular .NET Tracing Library to Steal Wallet Passwords

Impostor NuGet package Tracer.Fody.NLog typosquats Tracer.Fody and its author, using homoglyph tricks, and exfiltrates Stratis wallet JSON/passwords to a Russian IP address.

By Kirill Boychenko  -  Dec 15, 2025