webpack-subresource-integrity-embroider
raw JSON → 0.2.4 verified Sat Apr 25 auth: no javascript
Webpack plugin providing Subresource Integrity (SRI) support for Ember applications built with Embroider. At version 0.2.4, this package addresses limitations of both ember-cli-sri (which does not support Embroider) and the generic webpack-subresource-integrity plugin (which cannot handle non-webpack-managed assets and the Embroider-generated index.html). It injects integrity attributes into link and script elements while handling edge cases like empty rootURL/publicPath, inline scripts, and external resources. Release cadence is sporadic with bug fixes and enhancements. Key differentiator: native Embroider integration without requiring additional addons.
Common errors
error Cannot find module 'webpack-subresource-integrity-embroider' ↓
cause Package not installed or incorrect require path.
fix
Run
npm install webpack-subresource-integrity-embroider --save-dev and ensure require path matches. error Error: Invalid encoding of hash in integrity value ↓
cause Bug in versions <0.1.2 causing invalid base64 encoding.
fix
Upgrade to >=0.1.2.
error TypeError: Cannot read property 'tapAsync' of undefined ↓
cause Plugin expects webpack compiler; incorrect usage or missing webpack dependency.
fix
Ensure webpack is installed as a peer dependency and the plugin is added to webpack config correctly.
error Build error: External resource https://example.com/script.js does not have integrity hash ↓
cause Plugin enforces integrity hashes for external resources since v0.2.0.
fix
Add integrity attribute to the resource or set
hashExternal: false in plugin options (if available). Warnings
breaking Package is not compatible with Ember apps not using Embroider; will not add integrity attributes. ↓
fix Use ember-cli-sri instead for classic Ember builds.
gotcha External resources (e.g., CDN scripts) without integrity hashes cause build errors since v0.2.0. ↓
fix Either provide integrity hashes for all external resources or disable the check by setting `hashExternal: false` in plugin options (if supported). Check documentation for options.
deprecated Using `require('webpack-subresource-integrity-embroider')` returns the constructor directly; no `.default` needed. ↓
fix Use `const SubresourceIntegrityPlugin = require('webpack-subresource-integrity-embroider');`
gotcha Empty rootURL or publicPath caused issues in versions below 0.2.4; assets might not get integrity attributes. ↓
fix Upgrade to >=0.2.4.
gotcha Inline scripts are not supported before v0.2.2; plugin would fail. ↓
fix Upgrade to >=0.2.2 or avoid inline scripts.
Install
npm install webpack-subresource-integrity-embroider yarn add webpack-subresource-integrity-embroider pnpm add webpack-subresource-integrity-embroider Imports
- SubresourceIntegrityPlugin wrong
import SubresourceIntegrityPlugin from 'webpack-subresource-integrity-embroider';correctconst SubresourceIntegrityPlugin = require('webpack-subresource-integrity-embroider'); - default wrong
const SubresourceIntegrityPlugin = require('webpack-subresource-integrity-embroider');correctconst SubresourceIntegrityPlugin = require('webpack-subresource-integrity-embroider').default; - PluginOptions wrong
import { PluginOptions } from 'webpack-subresource-integrity-embroider';correctNo TypeScript types exported; use inline type or ignore.
Quickstart
const EmberApp = require('ember-cli/lib/broccoli/ember-app');
const SubresourceIntegrityPlugin = require('webpack-subresource-integrity-embroider');
module.exports = function (defaults) {
const app = new EmberApp(defaults, {});
const { maybeEmbroider } = require('@embroider/test-setup');
return maybeEmbroider(app, {
packagerOptions: {
webpackConfig: {
plugins: [new SubresourceIntegrityPlugin()],
},
},
});
};