Introducing npm Teams! Private packages + team management tools.Learn more »

gulp-sri-php

1.3.1 • Public • Published

Description

Scan PHP (or other HTML-based) files in Gulp and process script and stylesheet tags to add Sub-Resource Integrity (SRI) attributes.

I tried other plugins, but found the following issues...

  • gulp-sri-hash - uses Cheerio, which expects HTML and fails on PHP tags
  • gulp-srizer - requires OpenSSL and doesn't work on Windows (uses 'cat')
  • gulp-sri - creates a JSON file with hashes but doesn't update the files inline

For these reasons, I decided to write my own.

This plugin doesn't worry about non-HTML tags (such as PHP), it uses the built in crypto module, and it updates the HTML tags that it finds as it goes. It also allows for multiple algorithms to be specified, which is pretty cool.

Tags will be ignored for the following reasons...

  • It already has an "integrity" attribute
  • It has an absolute reference (eg. starting http(s)://)
  • It's so mangled that the file path cannot be determined

Just to clarify, this plugin isn't specifically for PHP files, but will work with HTML tags in any file, such as a PHP file, without worrying about the non-HTML parts.

Status

NPM Version Stability Dependencies Development Dependencies Build Status Coverage Status

Requirements

  • Gulp - v3.9.1 or newer

Install

npm install gulp-sri-php --save-dev

Examples

  • gulpfile.js
  var gulp = require("gulp");
  var pump = require("pump");
  var sri = require("gulp-sri-php");
  var phpFiles = ["index.php"];
 
  gulp.task("php",function(cb) {
    pump([
      gulp.src(phpFiles),
      sri({verbose:true,algorithm:"sha384"}),
      gulp.dest("build")
    ],cb);
  });
  • index.php (before)
  <!DOCTYPE html>
  <html lang="en-gb">
    <head>
      <title>gulp-sri-php</title>
      <link rel="stylesheet" href="css/style.css">
      <script src="js/script.js" defer></script> 
    </head>
    <body>
      <!-- etc -->
    </body>
  </html>
  • index.php (after)
  <!DOCTYPE html>
  <html lang="en-gb">
    <head>
      <title>gulp-sri-php</title>
      <link rel="stylesheet" href="css/style.css" integrity="sha384-54Zl+ll6X3PdHPKfBjEU8TtSZc29x/y3anYm06KOlBpMAZcRS9Zw4YwloXptTN0n" crossorigin="anonymous">
      <script src="js/script.js" defer integrity="sha384-1hPB2dkVqfc4TsrWjuj7Ot6EjZpPCT8SXkMPcFVS72GywaLYlgGGC21Bden2FYc0" crossorigin="anonymous"></script> 
    </head>
    <body>
      <!-- etc -->
    </body>
  </html>

Configuration options

  • algorithm: The hashing algorithm(s) you want to use (string or array - default: ["sha256","sha384","sha512"])
  • verbose: Will output additional messages to the console (boolean - default: false)

Treat me to a beer!

PayPal

Install

npm i gulp-sri-php

DownloadsWeekly Downloads

7

Version

1.3.1

License

MIT

Unpacked Size

48.1 kB

Total Files

8

Last publish

Collaborators

  • avatar