DEPRECATED - please use @localnerve/csp-hashes instead

Plugin to generate hash for inline scripts and styles for CSP.

This plugin is insipred by hash-csp, and operates mostly the same way.

npm install inline-csp-hash --save

const gulp = require('gulp');
const hashstream = require('inline-csp-hash');

gulp.task('inline-hash', () => {
  return gulp.src('src/*.html')
    .pipe(hashstream({
      what: 'script',
      replace_cb: (s, hashes) => s.replace(/script-src 'self'[^;]*/, "script-src 'self' " + hashes.join(" "))
    }))
    .pipe(hashstream({
      what: 'style',
      replace_cb: (s, hashes) => s.replace(/style-src 'self'[^;]*/, "style-src 'self' " + hashes.join(" "))
    }))
    .pipe(gulp.dest('dist/'))
  ;
});

• what: script (default) or style: which tags to process (scripts and styles are processed separately because they are controlled by different CSP directives: script-src and style-src)
• hash: sha256 (default), sha384, or sha512: hash algorithm to use. SHA family is the only one according to the specification
• replace_cb: callback to inject gathered hashes into the source file

Have mocha installed and run npm test