integrity configuration not working #327
Comments
niyoko
changed the title
integrity configuration not working
|
I've also experienced this issue and after some digging the change from If the this code is switched back from For example, from: to: |
|
@roebuk, using |
|
I don't know how webpack works, so this is a complete stab in the dark. Would it be possible to get the integrity details on It's certainly a bit of a faff, but the integrity details just don't seem to be present on |
|
@ztoben I'm in the same situation as @roebuk , my configuration is Webpack 5.22.0 and assets-webpack-plugin v7. |
|
Hi @ztoben, any news on this issue? |
|
@markcampbell24 would you mind sharing your config? Going to see if I can figure this out later today. |
|
@geldmacher Could you chime in here? I know you were having issues accessing the files in the processOutput function when we were using the afterEmit before. Is this still an issue? Sounds like this isn't the case for others. |
|
@ztoben sure, |
|
@ztoben Yes, with emit instead of afterEmit it is still not possible to interact with the generated files in processOutput, because they are not emitted yet. But switching to emit does not enable the integrity hash in my case. Seems like the integrity property is no longer a property of the asset object. I have tested it with the neweset version of Webpack and the SRI plugin. |
|
@geldmacher Hiya, mine does exactly the same with latest verison of Webpack, SRI and assets-webpack-plugin unless you add this into the optimization section of the webpack config [plus the change from afterEmit to emit] realContentHash: false, then you get the integrity values in the output. I'm by no means an expert in Webpack but thought it might be worth you looking at it |
|
I am not sure if this should be needed to make the whole setup work. realContentHash seems to be a good feature i would like to use. =) And it is enabled by default ... What about generating integrity hashes on your own via the processOutput function? I am doing this as well with this function (besides other stuff). Since we have access to the generated files due to using afterEmit this is no big deal. I am using this processOutput function in my Webpack config to transform the outputted json file to my needs while including integrity hashes as well: const path = require('path');
const fs = require('fs');
const crypto = require('crypto');
/**
* Processing assets plugin output
* @see https://www.npmjs.com/package/assets-webpack-plugin
*
* @param publicPath
* @param outputPath
* @param isProduction
* @param includeIntegrityHashes
* @param algo
* @returns {function(*=): *}
*/
const processOutput = (
publicPath,
outputPath,
isProduction,
includeIntegrityHashes,
algo = 'sha384'
) => {
return (assets) => {
delete assets.entrypoints;
delete assets.integrity;
const integrity = {};
for (const asset in assets) {
for (const fileType in assets[asset]) {
if (!Array.isArray(assets[asset][fileType])) {
assets[asset][fileType] = [assets[asset][fileType]];
}
if (isProduction) {
let fileMayHaveWebpVersion = false;
const webpOriginFileTypes = ['png', 'jpg', 'jpeg'];
webpOriginFileTypes.forEach(webpOriginFileType => {
if (fileType === webpOriginFileType) {
fileMayHaveWebpVersion = true;
}
});
for (const file of assets[asset][fileType]) {
try {
const filePath = path.resolve(
outputPath,
file.replace(publicPath, '')
);
const fileAccessible = fs.existsSync(filePath);
const fileContent = fileAccessible
? fs.readFileSync(filePath, 'utf8')
: ''
;
if (fileMayHaveWebpVersion) {
const webpFilePath = filePath + '.webp';
const webpFileAccessible = fs.existsSync(
webpFilePath
);
if (webpFileAccessible) {
assets[asset]['webp'] = [file + '.webp'];
}
}
if (includeIntegrityHashes) {
if (file in integrity) {
continue;
}
if (fileContent) {
const fileHashes = [];
const hash = crypto.createHash(algo);
hash.update(fileContent, 'utf8');
fileHashes.push(
`${algo}-${hash.digest('base64')}`
);
integrity[file] = fileHashes.join(' ');
}
}
} catch (e) {
console.error(e);
}
}
}
}
}
const manifestContent = {
entrypoints: assets,
};
if (includeIntegrityHashes && Object.keys(integrity).length > 0) {
manifestContent.integrity = integrity;
}
return JSON.stringify(manifestContent, null, 2);
};
};
module.exports = processOutput;Should be possible to mimic the SRI plugin integration this way. Perhaps it is possible to integrate this as a native feature in this plugin @ztoben ? I am not sure if the SRI plugin is doing some extra stuff anyone would need in this plugin!? |
|
I think it'd make more sense to figure out a way to use the after-emit to process the |
|
Hi @ztoben, just wondered if you had any more news on this issue? |
|
@markcampbell24, no sorry not yet. Been extremely busy with work so I haven't had time. |
|
no worries thanks @ztoben |
|
Hi, any news on this issue @ztoben? |
|
Hi, any news on this issue? |
|
@markcampbell24 no, sorry I just don't have the time to work on it right now. Happy to take a look at a PR if you can figure it out. |
|
Content and Map of this Source is no longer available @markcampbell24 , Webpack 5 replaces the Sources in Compilation.assets with SizeOnlySource variants to reduce memory usage before afterEmit hook call. https://webpack.js.org/blog/2020-10-10-webpack-5-release/#sizeonlysource-after-emit Is it not possible to update the hooks part for only Webpack 5? from: to: |
|
Should be fixed in |
|
So I'm still running into issues with Webpack 5 under a certain condition: If the If I disable realContentHash then everything works. Any ideas @ztoben? This doesn't seem fully fixed quite yet. |
|
@soluml that sounds like a different issue. Could you open a ticket? |
|
I found that the current fix from #392 (using |
To allow further refactoring/fixing of ztoben#327 since current solution breaks ztoben#404 and symfony/webpack-encore#969 Resolves: ztoben#392 ztoben#327
|
It looks like assetEmitted is the right hook for reading the integrity, but with only one exception - it's called for each emitted asset. Simple solution like that works fine when we have only one asset (and even fixes #404) - const emitPlugin = (compilation, callback) => {
+ const emitPlugin = (file, { content, source, outputPath, compilation, targetPath }, callback) => {- const compilationAsset = compilation.assets[asset]
- const integrity = compilationAsset && compilationAsset.integrity
+ const integrity = source && source.integrity- compiler.hooks.emit.tapAsync(plugin, emitPlugin)
+ compiler.hooks.assetEmitted.tapAsync(plugin, emitPlugin)but doesn't work when we have multiple assets emitted (since called multiple times). I also added test #406 for it in order to simplify further fixes |
To allow further refactoring/fixing of ztoben#327 since current solution breaks ztoben#404 and symfony/webpack-encore#969 Resolves: ztoben#392 ztoben#327
Describe the bug
According to the docs, setting
integrity: trueshould generatejsIntegrityin the output. But in my case,jsIntegrityis not generated.To Reproduce
I have made a minimal reproducible example. Steps to reproduce the behavior:
npm installnpm run builddist/webpack-assets.jsonExpected behavior
In
dist/webpack-assets.jsonshould includes integrity hash for the outputed JS.Webpack Config
Desktop (please complete the following information):
Additional context
The text was updated successfully, but these errors were encountered: