Chunk with id `0` missing from `sriHashes`

waysact / webpack-subresource-integrity

Webpack plugin for enabling Subresource Integrity.

MIT License

357 stars 46 forks source link

Chunk with id `0` missing from `sriHashes` #181

Closed mredaelli closed 1 year ago

mredaelli commented 2 years ago

We just ported our project to Angular 14, and suddenly started getting this error:

the script element has a malformed attribute in its integrity attribute: "undefined"

we tracked it down to a module being lazily loaded. Looking around, we found that its entry being missing from the sriHashes object in runtime.js.

Since:

there is only one chunk missing in the object, and it's the one with id 0, and
adding "namedChunks": true, to the build configuration seems to solve the problem.

it is for me very tempting to think that it is excluded from the dict because it's falsy.

Could it be because if this line?

https://github.com/waysact/webpack-subresource-integrity/blob/ad9265e2db2635abb4b75ff00f0f0dd6ecb14dff/webpack-subresource-integrity/util.ts#L105=

jscheid commented 2 years ago

Which version of this plugin are you using, which version of Webpack?

mredaelli commented 2 years ago

webpack "5.72.1"
webpack-dev-middleware "5.3.1"
webpack-dev-server "4.9.0"
webpack-merge "5.8.0"
webpack-subresource-integrity "5.1.0"

jscheid commented 2 years ago

Thanks. This looks like a bug, and your guess (0 being falsy) seems likely. The next step would be to create a failing test case, could you help with that?

mredaelli commented 2 years ago

Possibly, but I'm not really a frontend guy and webpack is one big black box to me.

Maybe if you can give some pointers. How do I mock a chunk with a particular id? I looked around in the unit tests but didn't get very far

jscheid commented 2 years ago

I'd prefer an integration test rather than a mock. A test repository that demonstrates the issue would be perfect, I could turn that into a test easily. Do you have an idea which webpack config would generate a chunk with ID 0?

jscheid commented 1 year ago

I'm afraid there's nothing I can do here without a repro.

bsterzinger commented 11 months ago

I'd prefer an integration test rather than a mock. A test repository that demonstrates the issue would be perfect, I could turn that into a test easily. Do you have an idea which webpack config would generate a chunk with ID 0?

Set up a build on any Angular project with build options of subresourceIntegrity set to true and namedChunks set to false. The zeroth element in the list of transpiled scripts is excluded from the sriHashes property. Happening currently on a repository I use for work but I'm not in a position to make it public.

This line is the source of the bug. When the depChunk.id is 0, the hash isn't added to the object.