We're on NOP 4.0.
It seems NOP invokes JS files using the "AddScriptParts()" method in the LayoutExtensions.cs.
Does NOP provide anyway to use Subresource Integrity checking on JS calls?
Like in a regular <script> tag, we would include a hash of the file being called, so if the file had been compromised by an evildoer, the hash would not match and we would not execute the malicious code.
example: <script src="https://js.recurly.com/v4/recurly.js" integrity="sha384-pi/z/cuVSlNXEqVMdgxm7oha0wNkuO5dBTpsckdLtihPG56Tnf7pJgrCoPT49Fz7" crossorigin="anonymous" asp-suppress-fallback-integrity="false"></script>