Does NOPCommerce support SubResource Integrity for JS calls?

2 weeks ago
We're on NOP 4.0.

It seems NOP invokes JS files using the "AddScriptParts()" method in the LayoutExtensions.cs.

Does NOP provide anyway to use Subresource Integrity checking on JS calls?

Like in a regular <script> tag, we would include a hash of the file being called, so if the file had been compromised by an evildoer, the hash would not match and we would not execute the malicious code.

example: <script src="https://js.recurly.com/v4/recurly.js" integrity="sha384-pi/z/cuVSlNXEqVMdgxm7oha0wNkuO5dBTpsckdLtihPG56Tnf7pJgrCoPT49Fz7" crossorigin="anonymous" asp-suppress-fallback-integrity="false"></script>
1 week ago
I also submitted this as a support ticket to the NOP team, and got this reply, in case anyone else has the same question:

"Unfortunately, we did not provide such an opportunity as we do not load libraries from external sources. It will be good if you create a task on GitHub, our development team will consider the possibility of its implementation

Thank you,
nopCommerce team"