gaearon/webpack-subresource-integrity — explained in plain English
Analysis updated 2026-07-17 · repo last pushed 2016-12-08
Protect production JavaScript and CSS bundles served from a CDN against tampering.
Automatically add integrity attributes to script and link tags via html-webpack-plugin.
Secure code-splitting and lazy-loaded chunks with hash verification.
Guard against malicious file modification for third-party-served assets.
| gaearon/webpack-subresource-integrity | amarjitjim/browserpilot | andershaig/cssess | |
|---|---|---|---|
| Stars | 3 | 3 | 3 |
| Language | JavaScript | JavaScript | JavaScript |
| Last pushed | 2016-12-08 | — | 2011-08-19 |
| Maintenance | Dormant | — | Dormant |
| Setup difficulty | easy | moderate | easy |
| Complexity | 2/5 | 3/5 | 1/5 |
| Audience | developer | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Older Chrome 45-46 had SRI bugs, disable in dev mode since HMR isn't protected.
A Webpack plugin that adds Subresource Integrity hashes to bundled files so browsers reject tampered scripts and stylesheets.
Mainly JavaScript. The stack also includes JavaScript, Webpack.
Dormant — no commits in 2+ years (last push 2016-12-08).
Setup difficulty is rated easy, with roughly 30min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.