Add tooling to generate SRI hashes for assets

Subresource integrity allows user agents to verify that a fetched resource has been delivered without unexpected manipulation[0]. I put theme assets in a json configuration file and save the hashes to a TOML file that Hugo loads via its theme data mechanism[1]. [0] https://www.w3.org/TR/SRI/ [1] https://gohugo.io/extras/datafiles/
2025-07-09 15:32:22 +02:00 · 2017-01-11 10:32:43 +02:00
parent c2d9b1ad74
commit 683755f95d
3 changed files with 30 additions and 1 deletions
--- a/package.json
+++ b/package.json
@ -10,7 +10,8 @@
    "build:css": "node-sass --output-style expanded --precision 6 source/scss/style.scss static/css/style.css.tmp && cleancss --skip-advanced static/css/style.css.tmp -o static/css/style.css",
    "build:fonts": "cp node_modules/font-awesome/fonts/* static/fonts",
    "build:cookieconsent": "cp node_modules/cookieconsent/build/cookieconsent.min.css static/css && cp node_modules/cookieconsent/build/cookieconsent.min.js static/js",
-    "build": "npm run build:css && npm run build:fonts && npm run build:cookieconsent && npm run clean",
+    "build:generatesri": "node build/sri.js > data/sri.toml",
+    "build": "npm run build:css && npm run build:fonts && npm run build:cookieconsent && npm run build:generatesri && npm run clean",
    "clean": "rm static/css/style.css.tmp"
  },
  "keywords": "hugo",