[PROPOSAL] Provide a way to enforce integrity check on module imports
augusto.borgesm at gmail.com
Sat Aug 1 18:39:06 UTC 2020
Maybe a convention between hosts to prefix an import with an integrity
import foo from 'sha1sum:ef70d15a0700d2108e0df27dde750f5c682b4697!./foo.js';
It looks kinda of dirty, but the specification allows it (aside from the
colon character that is forbidden right now)
This types of urls remember me of a past time when bundlers used to have
loaders prefixes, like `import style from 'css-loader:./styles.css'`
Em sáb., 1 de ago. de 2020 às 14:33, Bergi <a.d.bergi at web.de> escreveu:
> > The problem with inlining the integrity into every import site is that
> > is naturally incompatible with import maps.
> I don't see a problem with that. When using import maps, you should be
> able to specifiy the integrity check in the import map, not needing it
> in the module itself.
> When not using import maps, specifying the integrity in the importing
> module itself seems to give the best developer experience, following the
> rationale of
> When using it in *both* places, then of course both integrity checks
> would need to match, and an import map would be prevented from swapping
> out the module under your hands.
> kind regards,
> es-discuss mailing list
> es-discuss at mozilla.org
Augusto Borges de Moura
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the es-discuss