When to use this skill
When the user needs a CDN link or subresource integrity (SRI) hash for a browser-served JavaScript or CSS library — "give me a <script> tag for jQuery 3.7.1 with integrity", "what's the CDN URL for Bootstrap 5?", "does cdnjs carry cheerio?". CDNJS hosts 6,000+ open-source packages with precomputed sha512 hashes. For server-side package resolution (npm install), use the npm registry; CDNJS is for browser asset delivery.
Your best first call
curl "https://api.cdnjs.com/libraries/jquery/3.7.1"
No auth. No key. Returns the file list and an sri object mapping each executable file to its precomputed sha512 integrity hash. The CDN URL pattern is https://cdnjs.cloudflare.com/ajax/libs/{library}/{version}/{file}.
Key response fields:
name, version — the library slug and exact version you requestedfiles — array of filenames in the bundle (e.g. jquery.min.js, jquery.slim.min.js)sri — object mapping each .js/.css file to a ready-to-use sha512-... integrity string. These paste directly into integrity="..." without modification. Source map files (.map) are excluded — only executable assets get hashes.
If you don't know the exact library slug, search first: curl "https://api.cdnjs.com/libraries?search=cheerio&fields=name,description,version&limit=5". Library names are case-sensitive and must match the cdnjs slug exactly.
Fallbacks (when the best call isn't enough)
- Need all available versions, not just one →
/libraries/{library}?fields=name,version,versions returns every version including pre-releases. Always use ?fields= here — without it, jQuery returns 500 KB+ of per-version asset manifests.
- Don't know the library name at all →
/libraries?search={query}&fields=name,description,version searches across library names and npm keywords. The search parameter matches on both, which is why search=jquery surfaces cheerio.
Pitfalls
- Library names are case-sensitive and must match the cdnjs slug exactly.
fullPage.js works; fullpage.js returns 404. The slug comes from npm, not a display name — check search results for the exact name field.
/libraries/{library} without ?fields= returns every version's full asset manifest. For popular libraries this can exceed 500 KB. Always pass ?fields= when you only need version metadata.- The
sri object does not cover .map source map files. jquery.min.map appears in files but not in sri. Swapping a .js filename for another without updating the hash will cause browsers to reject the script.
One-line summary for the user
I can look up CDN URLs and precomputed SRI integrity hashes for any library on cdnjs — just give me the library name and version, no API key needed.
SKILL.md source (frontmatter + body)
---
name: get-cdn-library-urls-and-sri-hashes
description: When the user needs a CDN link or SRI integrity hash for a JavaScript or CSS library — cdnjs hosts 6,000+ packages with precomputed sha512 hashes, no API key required.
---
## When to use this skill
When the user needs a CDN link or subresource integrity (SRI) hash for a browser-served JavaScript or CSS library — "give me a `<script>` tag for jQuery 3.7.1 with integrity", "what's the CDN URL for Bootstrap 5?", "does cdnjs carry cheerio?". CDNJS hosts 6,000+ open-source packages with precomputed sha512 hashes. For server-side package resolution (`npm install`), use the npm registry; CDNJS is for browser asset delivery.
## Your best first call
```bash
curl "https://api.cdnjs.com/libraries/jquery/3.7.1"
```
No auth. No key. Returns the file list and an `sri` object mapping each executable file to its precomputed sha512 integrity hash. The CDN URL pattern is `https://cdnjs.cloudflare.com/ajax/libs/{library}/{version}/{file}`.
Key response fields:
- `name`, `version` — the library slug and exact version you requested
- `files` — array of filenames in the bundle (e.g. `jquery.min.js`, `jquery.slim.min.js`)
- `sri` — object mapping each `.js`/`.css` file to a ready-to-use `sha512-...` integrity string. These paste directly into `integrity="..."` without modification. Source map files (`.map`) are excluded — only executable assets get hashes.
If you don't know the exact library slug, search first: `curl "https://api.cdnjs.com/libraries?search=cheerio&fields=name,description,version&limit=5"`. Library names are case-sensitive and must match the cdnjs slug exactly.
## Fallbacks (when the best call isn't enough)
- **Need all available versions, not just one** → `/libraries/{library}?fields=name,version,versions` returns every version including pre-releases. Always use `?fields=` here — without it, jQuery returns 500 KB+ of per-version asset manifests.
- **Don't know the library name at all** → `/libraries?search={query}&fields=name,description,version` searches across library names and npm keywords. The `search` parameter matches on both, which is why `search=jquery` surfaces `cheerio`.
## Pitfalls
- Library names are case-sensitive and must match the cdnjs slug exactly. `fullPage.js` works; `fullpage.js` returns 404. The slug comes from npm, not a display name — check search results for the exact `name` field.
- `/libraries/{library}` without `?fields=` returns every version's full asset manifest. For popular libraries this can exceed 500 KB. Always pass `?fields=` when you only need version metadata.
- The `sri` object does not cover `.map` source map files. `jquery.min.map` appears in `files` but not in `sri`. Swapping a `.js` filename for another without updating the hash will cause browsers to reject the script.
## One-line summary for the user
I can look up CDN URLs and precomputed SRI integrity hashes for any library on cdnjs — just give me the library name and version, no API key needed.