Subresource Integrity (SRI) allows web pages to enforce that only specific versions of scripts are loaded. See more information here. It's hard to do this with lux.js because the code changes frequently. It is possible to use SRI with lux.js, but it requires additional work on the part of customers and will likely result in the loss of (a small amount) of data.

The first change is to add the integrity attribute to the lux.js SCRIPT tag in your HTML. It is the customer's responsibility to calculate the hash value for the current version of lux.js. You'll probably want to have a program handy to do this, as you'll need to repeat this step when lux.js changes.

Next, setup a monitor (e.g., a cronjob) that re-calculates the lux.js hash value and compares it to the current value in your HTML. If the value changes, you'll start losing LUX data until you update the hash value in your HTML. Therefore, it's important to detect the lux.js change and push a new hash value as quickly as possible. This is especially true because LUX's self-updating mechanism won't be executed if the SRI check fails.

Did this answer your question?