feat: support experiments.SubresourceIntegrityPlugin (#9171)

* feat(sri): add native plugin * feat(sri): add native plugin * feat(sri): add native plugin * feat(sri): add native plugin * feat(sri): add native plugin * feat(sri): add native plugin * feat(sri): add native plugin * feat(sri): add native plugin * feat(sri): add native plugin * feat(sri): add native plugin * feat(sri): add native plugin * feat(sri): add native plugin * feat(sri): add native plugin * feat(sri): add native plugin * feat(sri): add native plugin * feat(sri): add native plugin
web-infra-dev · Feb 14, 2025 · 23b223e · 23b223e · github-actions · Feb 14, 2025
1 parent aa7326b
commit 23b223e
Show file tree

Hide file tree

Showing 227 changed files with 7,766 additions and 107 deletions.
diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml
@@ -251,7 +251,8 @@ jobs:
     name: Test Node ${{ matrix.node }}
     env:
       PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: true
-      PUPPETEER_SKIP_DOWNLOAD: true
+      # TODO: use puppeteer to test SRI Plugin, maybe find a better performance way
+      # PUPPETEER_SKIP_DOWNLOAD: true
     steps:
       - name: Checkout
         if: ${{ !inputs.skipable }}

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -180,6 +180,7 @@ rspack_plugin_runtime_chunk            = { version = "0.2.0", path = "crates/rsp
 rspack_plugin_schemes                  = { version = "0.2.0", path = "crates/rspack_plugin_schemes" }
 rspack_plugin_size_limits              = { version = "0.2.0", path = "crates/rspack_plugin_size_limits" }
 rspack_plugin_split_chunks             = { version = "0.2.0", path = "crates/rspack_plugin_split_chunks" }
+rspack_plugin_sri                      = { version = "0.2.0", path = "crates/rspack_plugin_sri" }
 rspack_plugin_swc_js_minimizer         = { version = "0.2.0", path = "crates/rspack_plugin_swc_js_minimizer" }
 rspack_plugin_warn_sensitive_module    = { version = "0.2.0", path = "crates/rspack_plugin_warn_sensitive_module" }
 rspack_plugin_wasm                     = { version = "0.2.0", path = "crates/rspack_plugin_wasm" }

diff --git a/README.md b/README.md
@@ -87,6 +87,7 @@ Thanks to:
 - The [prefresh](https://github.com/preactjs/prefresh) created by [@Jovi De Croock](https://github.com/JoviDeCroock), which inspires implement [preact refresh rspack plugin](https://github.com/rspack-contrib/rspack-plugin-preact-refresh).
 - The [mini-css-extract-plugin](https://github.com/webpack-contrib/mini-css-extract-plugin) project created by [@sokra](https://github.com/sokra) which inspired implement css extract plugin.
 - The [copy-webpack-plugin](https://github.com/webpack-contrib/copy-webpack-plugin) project created by [@kevlened](https://github.com/kevlened) which inspired implement copy rspack plugin.
+- The [webpack-subresource-integrity](https://github.com/waysact/webpack-subresource-integrity) project created by [@jscheid](https://github.com/jscheid), which inspires implement subresource integrity rspack plugin.
 
 ## License
 

diff --git a/README.zh-CN.md b/README.zh-CN.md
@@ -75,6 +75,7 @@ Rspack 是一个基于 Rust 编写的高性能 JavaScript 打包工具，它提
 - [prefresh](https://github.com/preactjs/prefresh) 项目（由 [@Jovi De Croock](https://github.com/JoviDeCroock) 创建），它启发了 Rspack 内的 PreactRefreshPlugin 实现。
 - [mini-css-extract-plugin](https://github.com/webpack-contrib/mini-css-extract-plugin) 项目（由 [@sokra](https://github.com/sokra) 创建），它启发了 Rspack 内的 CssExtractPlugin 实现。
 - [copy-webpack-plugin](https://github.com/webpack-contrib/copy-webpack-plugin) 项目（由 [@kevlened](https://github.com/kevlened) 创建），它启发了 Rspack 内的 CopyPlugin 实现。
+- [webpack-subresource-integrity](https://github.com/waysact/webpack-subresource-integrity) 项目（由 [@jscheid](https://github.com/jscheid) 创建），它启发了 Rspack 内的 SubresourceIntegrityPlugin 实现。
 
 ## License
 

diff --git a/crates/node_binding/binding.d.ts b/crates/node_binding/binding.d.ts
@@ -381,7 +381,8 @@ export declare enum BuiltinPluginName {
   CssExtractRspackPlugin = 'CssExtractRspackPlugin',
   RsdoctorPlugin = 'RsdoctorPlugin',
   JsLoaderRspackPlugin = 'JsLoaderRspackPlugin',
-  LazyCompilationPlugin = 'LazyCompilationPlugin'
+  LazyCompilationPlugin = 'LazyCompilationPlugin',
+  SubresourceIntegrityPlugin = 'SubresourceIntegrityPlugin'
 }
 
 export declare function cleanupGlobalTrace(): void
@@ -1756,6 +1757,15 @@ export interface RawInfo {
   version?: string
 }
 
+export interface RawIntegrityData {
+  integerities: Array<RawIntegrityItem>
+}
+
+export interface RawIntegrityItem {
+  asset: string
+  integrity: string
+}
+
 export interface RawJavascriptParserOptions {
   dynamicImportMode?: string
   dynamicImportPreload?: string
@@ -2240,6 +2250,12 @@ export interface RawStorageOptions {
   directory: string
 }
 
+export interface RawSubresourceIntegrityPluginOptions {
+  integrityCallback?: (data: RawIntegrityData) => void
+  hashFuncNames: Array<string>
+  htmlPlugin: "JavaScript" | "Native" | "Disabled"
+}
+
 export interface RawSwcJsMinimizerOptions {
   compress: any
   mangle: any

diff --git a/crates/rspack_binding_values/Cargo.toml b/crates/rspack_binding_values/Cargo.toml
@@ -82,6 +82,7 @@ rspack_plugin_runtime_chunk            = { workspace = true }
 rspack_plugin_schemes                  = { workspace = true }
 rspack_plugin_size_limits              = { workspace = true }
 rspack_plugin_split_chunks             = { workspace = true }
+rspack_plugin_sri                      = { workspace = true }
 rspack_plugin_swc_js_minimizer         = { workspace = true }
 rspack_plugin_warn_sensitive_module    = { workspace = true }
 rspack_plugin_wasm                     = { workspace = true }

diff --git a/crates/rspack_binding_values/src/raw_options/raw_builtins/mod.rs b/crates/rspack_binding_values/src/raw_options/raw_builtins/mod.rs
@@ -13,13 +13,15 @@ mod raw_mf;
 mod raw_progress;
 mod raw_runtime_chunk;
 mod raw_size_limits;
+mod raw_sri;
 mod raw_swc_js_minimizer;
 
 use napi::{bindgen_prelude::FromNapiValue, Env, JsUnknown};
 use napi_derive::napi;
 use raw_dll::{RawDllReferenceAgencyPluginOptions, RawFlagAllModulesAsUsedPluginOptions};
 use raw_ids::RawOccurrenceChunkIdsPluginOptions;
 use raw_lightning_css_minimizer::RawLightningCssMinimizerRspackPluginOptions;
+use raw_sri::RawSubresourceIntegrityPluginOptions;
 use rspack_core::{BoxPlugin, Plugin, PluginExt};
 use rspack_error::Result;
 use rspack_ids::{
@@ -76,6 +78,7 @@ use rspack_plugin_runtime::{
 use rspack_plugin_runtime_chunk::RuntimeChunkPlugin;
 use rspack_plugin_schemes::{DataUriPlugin, FileUriPlugin};
 use rspack_plugin_size_limits::SizeLimitsPlugin;
+use rspack_plugin_sri::SubresourceIntegrityPlugin;
 use rspack_plugin_swc_js_minimizer::SwcJsMinimizerRspackPlugin;
 use rspack_plugin_warn_sensitive_module::WarnCaseSensitiveModulesPlugin;
 use rspack_plugin_wasm::{
@@ -199,6 +202,7 @@ pub enum BuiltinPluginName {
   // naming format follow XxxRspackPlugin
   JsLoaderRspackPlugin,
   LazyCompilationPlugin,
+  SubresourceIntegrityPlugin,
 }
 
 #[napi(object)]
@@ -565,6 +569,11 @@ impl BuiltinPlugin {
         let options = raw_options.into();
         plugins.push(RsdoctorPlugin::new(options).boxed());
       }
+      BuiltinPluginName::SubresourceIntegrityPlugin => {
+        let raw_options = downcast_into::<RawSubresourceIntegrityPluginOptions>(self.options)?;
+        let options = raw_options.into();
+        plugins.push(SubresourceIntegrityPlugin::new(options).boxed());
+      }
     }
     Ok(())
   }

diff --git a/crates/rspack_binding_values/src/raw_options/raw_builtins/raw_sri.rs b/crates/rspack_binding_values/src/raw_options/raw_builtins/raw_sri.rs
@@ -0,0 +1,68 @@
+use std::sync::Arc;
+
+use derive_more::Debug;
+use napi_derive::napi;
+use rspack_napi::threadsafe_function::ThreadsafeFunction;
+use rspack_plugin_sri::{
+  IntegrityCallbackData, SubresourceIntegrityHashFunction, SubresourceIntegrityPluginOptions,
+};
+
+#[derive(Debug)]
+#[napi(
+  object,
+  object_to_js = false,
+  js_name = "RawSubresourceIntegrityPluginOptions"
+)]
+pub struct RawSubresourceIntegrityPluginOptions {
+  #[debug(skip)]
+  #[napi(ts_type = "(data: RawIntegrityData) => void")]
+  pub integrity_callback: Option<ThreadsafeFunction<RawIntegrityData, ()>>,
+  pub hash_func_names: Vec<String>,
+  #[napi(ts_type = "\"JavaScript\" | \"Native\" | \"Disabled\"")]
+  pub html_plugin: String,
+}
+
+impl From<RawSubresourceIntegrityPluginOptions> for SubresourceIntegrityPluginOptions {
+  fn from(options: RawSubresourceIntegrityPluginOptions) -> Self {
+    Self {
+      integrity_callback: if let Some(func) = options.integrity_callback {
+        Some(Arc::new(move |data| {
+          func.blocking_call_with_sync(data.into())
+        }))
+      } else {
+        None
+      },
+      hash_func_names: options
+        .hash_func_names
+        .into_iter()
+        .map(SubresourceIntegrityHashFunction::from)
+        .collect::<Vec<_>>(),
+      html_plugin: options.html_plugin.into(),
+    }
+  }
+}
+
+#[derive(Debug)]
+#[napi(object)]
+pub struct RawIntegrityData {
+  pub integerities: Vec<RawIntegrityItem>,
+}
+
+impl From<IntegrityCallbackData> for RawIntegrityData {
+  fn from(data: IntegrityCallbackData) -> Self {
+    Self {
+      integerities: data
+        .integerities
+        .into_iter()
+        .map(|(asset, integrity)| RawIntegrityItem { asset, integrity })
+        .collect::<Vec<_>>(),
+    }
+  }
+}
+
+#[derive(Debug)]
+#[napi(object)]
+pub struct RawIntegrityItem {
+  pub asset: String,
+  pub integrity: String,
+}
diff --git a/crates/rspack_plugin_sri/Cargo.toml b/crates/rspack_plugin_sri/Cargo.toml
@@ -0,0 +1,38 @@
+[package]
+description = "rspack subresource integrity plugin"
+edition     = "2021"
+license     = "MIT"
+name        = "rspack_plugin_sri"
+repository  = "https://github.com/web-infra-dev/rspack"
+version     = "0.2.0"
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+cow-utils                       = { workspace = true }
+dashmap                         = { workspace = true }
+derive_more                     = { workspace = true, features = ["debug"] }
+futures                         = { workspace = true }
+indexmap                        = { workspace = true }
+pathdiff                        = { workspace = true }
+rayon                           = { workspace = true }
+regex                           = { workspace = true }
+rspack_base64                   = { workspace = true }
+rspack_cacheable                = { workspace = true }
+rspack_collections              = { workspace = true }
+rspack_core                     = { workspace = true }
+rspack_error                    = { workspace = true }
+rspack_fs                       = { workspace = true }
+rspack_hook                     = { workspace = true }
+rspack_paths                    = { workspace = true }
+rspack_plugin_html              = { workspace = true }
+rspack_plugin_real_content_hash = { workspace = true }
+rspack_plugin_runtime           = { workspace = true }
+rspack_util                     = { workspace = true }
+rustc-hash                      = { workspace = true }
+serde_json                      = { workspace = true }
+sha2                            = { workspace = true }
+tracing                         = { workspace = true }
+urlencoding                     = { workspace = true }
+
+[package.metadata.cargo-shear]
+ignored = ["tracing"]
diff --git a/crates/rspack_plugin_sri/LICENSE b/crates/rspack_plugin_sri/LICENSE
@@ -0,0 +1,22 @@
+MIT License
+
+Copyright (c) 2022-present Bytedance, Inc. and its affiliates.
+
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
suite	result
modernjs	✅ success
rspress	✅ success
rslib	✅ success
rsbuild	❌ failure
rsdoctor	❌ failure
examples	✅ success
devserver	✅ success
nuxt	✅ success
Name	Base (2025-02-14 05524cd)	Current	Change
10000_big_production-mode_disable-minimize + exec	37.9 s ± 263 ms	39.7 s ± 323 ms	+4.85 %
10000_development-mode + exec	1.83 s ± 21 ms	1.87 s ± 35 ms	+1.77 %
10000_development-mode_hmr + exec	680 ms ± 7.1 ms	694 ms ± 41 ms	+2.07 %
10000_production-mode + exec	2.29 s ± 68 ms	2.32 s ± 26 ms	+1.53 %
10000_production-mode_persistent-cold + exec	2.44 s ± 66 ms	2.48 s ± 59 ms	+1.68 %
10000_production-mode_persistent-hot + exec	1.68 s ± 135 ms	1.72 s ± 219 ms	+2.00 %
arco-pro_development-mode + exec	1.8 s ± 164 ms	1.78 s ± 37 ms	-1.17 %
arco-pro_development-mode_hmr + exec	388 ms ± 1.9 ms	389 ms ± 3.2 ms	+0.18 %
arco-pro_production-mode + exec	3.6 s ± 123 ms	3.7 s ± 178 ms	+2.89 %
arco-pro_production-mode_generate-package-json-webpack-plugin + exec	3.63 s ± 134 ms	3.84 s ± 266 ms	+5.60 %
arco-pro_production-mode_persistent-cold + exec	3.79 s ± 176 ms	3.86 s ± 223 ms	+1.91 %
arco-pro_production-mode_persistent-hot + exec	2.37 s ± 75 ms	2.41 s ± 118 ms	+2.00 %
arco-pro_production-mode_traverse-chunk-modules + exec	3.62 s ± 183 ms	3.73 s ± 63 ms	+3.01 %
large-dyn-imports_development-mode + exec	2.12 s ± 18 ms	2.15 s ± 40 ms	+1.33 %
large-dyn-imports_production-mode + exec	2.15 s ± 48 ms	2.18 s ± 26 ms	+1.28 %
threejs_development-mode_10x + exec	1.58 s ± 69 ms	1.56 s ± 42 ms	-1.41 %
threejs_development-mode_10x_hmr + exec	785 ms ± 7.9 ms	780 ms ± 27 ms	-0.59 %
threejs_production-mode_10x + exec	5.25 s ± 50 ms	5.28 s ± 217 ms	+0.63 %
threejs_production-mode_10x_persistent-cold + exec	5.31 s ± 95 ms	5.4 s ± 399 ms	+1.79 %
threejs_production-mode_10x_persistent-hot + exec	4.52 s ± 102 ms	4.58 s ± 324 ms	+1.38 %
10000_big_production-mode_disable-minimize + rss memory	8704 MiB ± 49.5 MiB	8693 MiB ± 44.5 MiB	-0.13 %
10000_development-mode + rss memory	636 MiB ± 27.9 MiB	652 MiB ± 16.1 MiB	+2.46 %
10000_development-mode_hmr + rss memory	1223 MiB ± 158 MiB	1221 MiB ± 194 MiB	-0.10 %
10000_production-mode + rss memory	628 MiB ± 14.1 MiB	629 MiB ± 23.2 MiB	+0.20 %
10000_production-mode_persistent-cold + rss memory	735 MiB ± 12.5 MiB	747 MiB ± 25.7 MiB	+1.68 %
10000_production-mode_persistent-hot + rss memory	719 MiB ± 3.87 MiB	718 MiB ± 11.5 MiB	-0.20 %
arco-pro_development-mode + rss memory	583 MiB ± 24.4 MiB	575 MiB ± 36.6 MiB	-1.31 %
arco-pro_development-mode_hmr + rss memory	644 MiB ± 77 MiB	664 MiB ± 70.5 MiB	+3.09 %
arco-pro_production-mode + rss memory	724 MiB ± 7.62 MiB	720 MiB ± 44.3 MiB	-0.61 %
arco-pro_production-mode_generate-package-json-webpack-plugin + rss memory	728 MiB ± 15.8 MiB	733 MiB ± 29.1 MiB	+0.66 %
arco-pro_production-mode_persistent-cold + rss memory	843 MiB ± 21.6 MiB	847 MiB ± 17 MiB	+0.49 %
arco-pro_production-mode_persistent-hot + rss memory	710 MiB ± 22.1 MiB	707 MiB ± 28.4 MiB	-0.49 %
arco-pro_production-mode_traverse-chunk-modules + rss memory	709 MiB ± 8.18 MiB	723 MiB ± 30 MiB	+1.92 %
large-dyn-imports_development-mode + rss memory	643 MiB ± 3.77 MiB	642 MiB ± 7.48 MiB	-0.11 %
large-dyn-imports_production-mode + rss memory	525 MiB ± 6.6 MiB	527 MiB ± 4.91 MiB	+0.20 %
threejs_development-mode_10x + rss memory	552 MiB ± 18.3 MiB	547 MiB ± 18.8 MiB	-0.99 %
threejs_development-mode_10x_hmr + rss memory	1105 MiB ± 90.1 MiB	1158 MiB ± 100 MiB	+4.78 %
threejs_production-mode_10x + rss memory	841 MiB ± 33 MiB	826 MiB ± 58.6 MiB	-1.78 %
threejs_production-mode_10x_persistent-cold + rss memory	968 MiB ± 36.3 MiB	954 MiB ± 61.6 MiB	-1.42 %
threejs_production-mode_10x_persistent-hot + rss memory	866 MiB ± 43.1 MiB	863 MiB ± 39.4 MiB	-0.36 %