When to use this API
When you need CDN URLs or SRI integrity hashes for browser-served JavaScript and CSS libraries. CDNJS hosts 6,169 open-source packages and exposes them through an unauthenticated API — no key, no account. Its most underused feature is per-file sha512 SRI hashes, which let you pin a CDN link without computing the hash yourself. If you're resolving package versions for server-side code, use npm's registry instead; CDNJS is specifically for browser asset delivery.
Generating an SRI-safe CDN link for a pinned version
"I need a <script> tag for jQuery 3.7.1 with a subresource integrity hash so my Content Security Policy doesn't reject it." Call /libraries/{library}/{version} — it returns the exact file list and a precomputed sha512 SRI hash for each executable file in the bundle.
curl "https://api.cdnjs.com/libraries/jquery/3.7.1" | head -c 10000
{
"name": "jquery",
"version": "3.7.1",
"files": ["jquery.js", "jquery.min.js", "jquery.min.map", "jquery.slim.js", "jquery.slim.min.js", "jquery.slim.min.map"],
"sri": {
"jquery.js": "sha512-+k1pnlgt4F1H8L7t3z95o3/KO+o78INEcXTbnoJQ/F2VqDVhWoaiVml/OEHv9HsVgxUaVW+IbiZPUJQfF/YxZw==",
"jquery.min.js": "sha512-v2CJ7UaYy4JwqLDIrZUI/4hqeoQieOmAZNXBeQyjo21dadnwR+8ZaIJVT8EE2iyI61OV8e6M8PP2/4hpQINQ/g==",
"jquery.slim.min.js": "sha512-sNylduh9fqpYUK5OYXWcBleGzbZInWj8yCJAU57r1dpSK9tP2ghf/SRYCMj+KsslFkCOt3TvJrX2AV/Gc3wOqA=="
}
}
The sri values already include the algorithm prefix (sha512-), so they paste directly into integrity="..." without modification. The slim and full builds have separate hashes — swapping jquery.min.js for jquery.slim.min.js without updating the hash will cause the browser to refuse the script. The CDN URL pattern is https://cdnjs.cloudflare.com/ajax/libs/{library}/{version}/{file}, derivable from the latest field on any library response.
Here's the jQuery 3.7.1 CDN link ready for use:
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js" integrity="sha512-v2CJ7UaYy4JwqLDIrZUI/4hqeoQieOmAZNXBeQyjo21dadnwR+8ZaIJVT8EE2iyI61OV8e6M8PP2/4hpQINQ/g==" crossorigin="anonymous"></script>
Checking whether CDNJS carries a library's pre-releases
"jQuery 4.0 release candidates have been out for a while — does CDNJS carry them yet?" The library detail endpoint at /libraries/{library} returns the full version list. Use ?fields= to trim the response; without it, you get every version's full asset manifest — for jQuery that runs to hundreds of kilobytes.
curl "https://api.cdnjs.com/libraries/jquery?fields=name,version,versions" | head -c 10000
{
"name": "jquery",
"version": "3.7.1",
"versions": ["4.0.0-rc.1", "4.0.0-beta.2", "4.0.0-beta", "3.7.1", "3.7.0", "3.6.4", "..."]
}
version is the current stable release; versions is the full list in descending order, including pre-releases. CDNJS publishes pre-releases as they appear on npm — 4.0.0-rc.1 is already hosted even though it hasn't reached a stable tag. The oldest jQuery entry in the list is 1.2.3, meaning CDNJS has been tracking jQuery since 2007 and has never pruned historical versions. That depth makes this endpoint useful for auditing whether old pinned versions in legacy codebases are still hosted.
Yes — CDNJS already carries jQuery 4.0.0-rc.1. The current stable release is 3.7.1. Pre-releases are published to CDNJS as they land on npm.
Discovering libraries by keyword
"Is there a server-side jQuery-like DOM parser available on CDNJS?" The /libraries search endpoint accepts a search query and returns matching library names, descriptions, and CDN URLs. Pass fields= to limit each result to what you actually need.
curl "https://api.cdnjs.com/libraries?search=jquery&fields=name,description,version&limit=10" | head -c 10000
{
"results": [
{
"name": "jquery",
"version": "3.7.1",
"description": "JavaScript library for DOM operations"
},
{
"name": "cheerio",
"version": "1.1.2",
"description": "Tiny, fast, and elegant implementation of core jQuery designed specifically for the server"
},
{
"name": "fullPage.js",
"version": "4.0.37",
"description": "Create beautiful fullscreen snap scrolling websites"
}
// ... 7 more results
]
}
The search runs across both library names and npm keywords, which is why search=jquery surfaces cheerio even though the string "cheerio" shares no characters with "jquery" — cheerio lists "jquery" among its npm keywords. To get the CDN URL for any result, drop fields=description,version and the response includes a latest field with the ready-to-use CDN link.
Yes — cheerio (version 1.1.2) is on CDNJS. It's a server-side jQuery-compatible DOM parser. Its CDN link is
https://cdnjs.cloudflare.com/ajax/libs/cheerio/1.1.2/dist/esm/index.js.
Pitfalls
- Library names are case-sensitive and must match the CDNJS slug exactly.
fullPage.jsworks;fullpage.jsreturns a 404. The slug comes from the npm package name, not a display name — check thenamefield in search results before constructing a URL. /libraries/{library}without?fields=returns every version's full asset manifest. For a library like jQuery with 80+ versions, this can exceed 500 KB. Always pass?fields=name,version,versionsor similar when you only need version metadata.- Source map files are absent from the
sriobject. Thefilesarray for jQuery 3.7.1 includesjquery.min.map, butsrionly covers the.jsfiles. Don't assume every entry infileshas a corresponding hash.
One-line summary for the user
I can look up CDN URLs and precomputed SRI integrity hashes for any of the 6,169 open-source libraries hosted on CDNJS — no API key required.