可以在ES6模块导入中使用子资源完整性吗? [英] Is it possible to use subresource integrity with ES6 module imports?

问题描述

给出如下代码:

import { el, mount } from 'https://unpkg.com/redom@3.2.1/dist/redom.es.js';

是否有某种方法可以启用子资源完整性验证确保CDN资产返回预期的内容?

is there some way to enable subresource integrity verification to ensure that the CDN asset returns the expected content?

推荐答案

您还必须 通过

<script type="module" integrity="..." src="https://unpkg.com/redom@3.2.1/dist/redom.es.js">

您要问的内容特别需要更改ECMAScript本身，目前甚至没有建议它，所以我不希望它很快出现.

What you're asking specifically requires changes to ECMAScript itself and currently there's not even a proposal for it, so I don't expect it to appear anytime soon.

但是对于UNPKG，如果您相信UNPKG和Cloudflare不会弄乱内容，就可以了.只要您指定版本，npm或软件包作者都无法修改文件.

However in the case of UNPKG, if you trust UNPKG and Cloudflare not to mess with the content, you're fine. Neither npm nor the package author can modify the file as long as you specify the version.

这篇关于可以在ES6模块导入中使用子资源完整性吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！