Looking into jspm and, like Skypack, I can‘t find anything on subresource integrity support. Unless I’m missing something, these new crop of ESM-based CDNs – while they sound great otherwise – are basically backdoors waiting to happen.
Skypack issue: https://github.com/skypackjs/skypack-cdn/issues/135
jspm issue: https://github.com/jspm/project/issues/92
At least the Deno folks seem to be discussing and working on it: https://github.com/denoland/deno/issues/200
@aral I think it'd be cool to use a content-addressed system like IPFS to address this, but I haven't thought about it too much!
@EvanHahn See Hypercore (IPFS is VC-funded). A signed DAG would be interesting but probably overlaps more with git than my use case. All I really need is a signed hash of the file tacked onto it.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!