feat: add integrity field to manifest when sri is enabled (#6634)

Author: chenjiahan

e2e/cases/output/manifest-integrity/index.test.ts

@@ -0,0 +1,32 @@
+import { expect, getFileContent, rspackTest } from '@e2e/helper';
+import type { ManifestData } from '@rsbuild/core';
+
+rspackTest(
+  'should generate manifest file with integrity in build',
+  async ({ build }) => {
+    const rsbuild = await build();
+    const files = rsbuild.getDistFiles();
+    const manifestContent = getFileContent(files, 'manifest.json');
+    const manifest = JSON.parse(manifestContent) as ManifestData;
+    manifest.allFiles.forEach((item) => {
+      if (item.endsWith('.js')) {
+        expect(manifest.integrity[item]).toBeTruthy();
+      }
+    });
+  },
+);
+
+rspackTest(
+  'should generate manifest file with integrity in dev',
+  async ({ dev }) => {
+    const rsbuild = await dev();
+    const files = rsbuild.getDistFiles();
+    const manifestContent = getFileContent(files, 'manifest.json');
+    const manifest = JSON.parse(manifestContent) as ManifestData;
+    manifest.allFiles.forEach((item) => {
+      if (item.endsWith('.js')) {
+        expect(manifest.integrity[item]).toBeTruthy();
+      }
+    });
+  },
+);

e2e/cases/output/manifest-integrity/rsbuild.config.ts

@@ -0,0 +1,13 @@
+import { defineConfig } from '@rsbuild/core';
+
+export default defineConfig({
+  output: {
+    manifest: true,
+    filenameHash: false,
+  },
+  security: {
+    sri: {
+      enable: true,
+    },
+  },
+});

e2e/cases/output/manifest-integrity/src/index.ts

@@ -0,0 +1,3 @@
+import React from 'react';
+
+console.log('hello!', React);

packages/core/package.json

@@ -93,7 +93,7 @@
     "reduce-configs": "^1.1.1",
     "rslog": "^1.3.0",
     "rspack-chain": "^1.4.1",
-    "rspack-manifest-plugin": "5.1.0",
+    "rspack-manifest-plugin": "5.2.0",
     "sirv": "^3.0.2",
     "stacktrace-parser": "^0.1.11",
     "style-loader": "3.3.4",

packages/core/src/plugins/manifest.ts

@@ -34,8 +34,13 @@ const generateManifest =
     const chunkEntries = new Map<string, FileDescriptor[]>();
     const licenseMap = new Map<string, string>();
     const publicPath = getPublicPathFromCompiler(compilation);
+    const integrity: Record<string, string> = {};
 
     const allFiles = files.map((file) => {
+      if (file.integrity) {
+        integrity[file.path] = file.integrity;
+      }
+
       if (file.chunk) {
         const entryNames = recursiveChunkEntryNames(file.chunk);
 
@@ -144,6 +149,7 @@ const generateManifest =
     const manifestData: ManifestData = {
       allFiles,
       entries: manifestEntries,
+      integrity,
     };
 
     if (manifestOptions.generate) {

packages/core/src/types/config.ts

@@ -1179,6 +1179,12 @@ export type ManifestData = {
   entries: {
     [entryName: string]: ManifestByEntry;
   };
+  /**
+   * Subresource Integrity (SRI) hashes for emitted assets.
+   * The key is the asset file path, and the value is its integrity hash.
+   * This field is available only when the `security.sri` option is enabled.
+   */
+  integrity: Record<string, string>;
 };
 
 export type ManifestObjectConfig = {

pnpm-lock.yaml

@@ -91,6 +91,12 @@ type ManifestList = {
        */
       assets?: FilePath[];
     };
+    /**
+     * Subresource Integrity (SRI) hashes for emitted assets.
+     * The key is the asset file path, and the value is its integrity hash.
+     * This field is available only when the `security.sri` option is enabled.
+     */
+    integrity: Record<string, string>;
   };
 };
 ```

website/docs/en/config/output/manifest.mdx

@@ -91,6 +91,12 @@ type ManifestList = {
        */
       assets?: FilePath[];
     };
+    /**
+     * 所有产物文件的子资源完整性（SRI）哈希值
+     * key 为文件路径，value 为对应的完整性哈希
+     * 仅在启用 `security.sri` 选项时才会生成该字段
+     */
+    integrity: Record<string, string>;
   };
 };
 ```