Looking into jspm and, like Skypack, I can‘t find anything on subresource integrity support. Unless I’m missing something, these new crop of ESM-based CDNs – while they sound great otherwise – are basically backdoors waiting to happen.



Skypack issue:
jspm issue:

· · Web · 1 · 2 · 2

@aral I think it'd be cool to use a content-addressed system like IPFS to address this, but I haven't thought about it too much!

@EvanHahn See Hypercore (IPFS is VC-funded). A signed DAG would be interesting but probably overlaps more with git than my use case. All I really need is a signed hash of the file tacked onto it.

Sign in to participate in the conversation
Aral’s Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!