Add support for subresource integrity in imported module scripts

nodejs / node

Node.js JavaScript runtime ✨🐢🚀✨

https://nodejs.org

Other

106.43k stars 29k forks source link

Add support for subresource integrity in imported module scripts #52662

Open yoavweiss opened 4 months ago

yoavweiss commented 4 months ago

What is the problem this feature will solve?

SRI support for ES module imports would enable using them in documents that require SRI for certain scripts for security or privacy reasons.

See problem statement by @guybedford.

HTML PR Chromium CL + tests

What is the feature you are proposing to solve the problem?

See proposal by @guybedford.

What alternatives have you considered?

No response

benjamingr commented 4 months ago

@nodejs/loaders @GeoffreyBooth

(nit: ah, the irony of removing policies and landing this)

GeoffreyBooth commented 4 months ago

First we need to land support for import maps; there's a WIP PR for that. Then the SRI proposal for import maps needs to be accepted or at least advance to the equivalent of TC39 Stage 3. Then we can add support for it.

guybedford commented 4 months ago

This is a web specification, not a TC39 one - if there is question as to whether it belongs in Node.js, this is something that could potentially be brought up at the WinterCG meeting next Thursday.