Safe JS Import

safejs is a proxy layer that helps you verify the integrity of dynamically imported JavaScript — even inside Web Workers — using the familiar SRI hash pattern.

This protects your application from unexpected changes or malicious tampering in 3rd-party scripts.

🧪 Example Use Case

You have this unsafe call:

importScripts('https://s-eu-1.pushpushgo.com/64f881ab3e4b49d26e7de8d3/worker.js');

To make it safe:

1. Download the file and compute its SRI hash:

openssl dgst -sha384 -binary worker.js | openssl base64 -A

Which returns:

lyb8w+B0BDCEm7NPF2c1ezvouIeJ5P+SNjdmB/UXBNAUSGx/nhKelnEGg30mnV1/

2. Use Safe Proxy URL:

importScripts('https://safejs.wdft.ovh/?url=https://s-eu-1.pushpushgo.com/64f881ab3e4b49d26e7de8d3/worker.js&integrity=sha384-lyb8w+B0BDCEm7NPF2c1ezvouIeJ5P+SNjdmB/UXBNAUSGx/nhKelnEGg30mnV1/');

The content will load only if the hash matches.

❌ What If It Fails?

If the file changes or the integrity string is incorrect:

importScripts('https://safejs.wdft.ovh/?url=https://s-eu-1.pushpushgo.com/64f881ab3e4b49d26e7de8d3/worker.js&integrity=sha384-INVALIDHASH==');

The response will be:

// Integrity check failed
console.error("Integrity mismatch");

This prevents execution of unexpected scripts.

🔍 How It Works

  1. The proxy fetches the target file.
  2. Computes the SHA checksum (256/384/512).
  3. Compares it with your provided hash.
  4. If it matches, returns the content.
  5. If not, returns an error-stub with a warning in console.

💸 Pricing

Currently free for personal and low traffic non-commercial use via:

https://safejs.wdft.ovh

For commercial/volume use:

  • Bring-your-own infra (Cloudflare Workers / Deno Deploy)
  • Or get a premium plan with monitoring, caching, and webhook alerts

→ Contact us for early access or partnership.

🔐 Protect Your Users

Modern JavaScript is dynamic — and that means more risk.

With safejs, you can:

  • Lock dependencies by hash
  • Detect unwanted changes
  • Add one more layer of defense
2025 wdft psa.