Look up cdnjs library sri

When the user asks for a CDN URL or SRI integrity hash for a JavaScript or CSS library — jQuery, lodash, bootstrap, or any of cdnjs's 6,000+ packages — look it up on cdnjs with a single unauthenticated GET. No key required.

look-up-cdnjs-library-sri · v1 · updated 2026-04-16

Agents: This page is a SKILL.md-style capability guide. For JSON, call GET /api/skills/look-up-cdnjs-library-sri. To drop this into a local Claude Code install, copy the frontmatter + body below into ~/.claude/skills/look-up-cdnjs-library-sri/SKILL.md.

When to use this skill

When the user asks for a CDN URL or a subresource integrity (SRI) hash for a JavaScript or CSS library — "Give me a <script> tag for jQuery 3.7.1 with an integrity hash", "What's the SRI for lodash 4.17.21?", or "Can I get the minified CDN link for bootstrap?" — reach for cdnjs. It hosts 6,000+ open-source packages with precomputed sha512 SRI hashes, no API key required. For discovering libraries by keyword rather than looking up a known library, this is the wrong skill — use the /libraries?search= endpoint directly.

Your best first call

curl "https://api.cdnjs.com/libraries/jquery/3.7.1"

No auth. No key. Returns a JSON object with the library name, version, file list, and precomputed SRI hashes.

The key fields you'll use:

name — the cdnjs slug (case-sensitive; must match exactly)
version — the resolved version string
files — array of filenames in the bundle (e.g. jquery.min.js, jquery.slim.js)
sri — object mapping each distributable file to its precomputed sha512- integrity hash, ready to paste into integrity="..." without modification
latest — CDN URL for the default file; the general CDN pattern is https://cdnjs.cloudflare.com/ajax/libs/{library}/{version}/{file}

The sri values include the sha512- prefix. The slim and full builds carry separate hashes — swapping jquery.min.js for jquery.slim.min.js without updating the integrity attribute will cause the browser to reject the script.

Fallbacks (when the best first call isn't enough)

User doesn't know the version number → Call /libraries/{library}?fields=name,version,versions first. version is the current stable release; versions lists everything including pre-releases, in descending order. Then call the versioned endpoint with the desired version.
User wants to find libraries by topic, not by name → /libraries?search={keyword}&fields=name,description,version searches across library names and npm keywords. Use this when the user doesn't have a specific library in mind.
User needs to audit whether an old pinned version is still hosted → The versions array from /libraries/{library}?fields=versions goes back to the beginning — jQuery starts at 1.2.3 (2007), and cdnjs has never pruned historical versions.

Pitfalls

Library names are case-sensitive and must match the cdnjs slug exactly. fullPage.js resolves; fullpage.js returns a 404. The slug comes from the npm package name, not a display name — search first if you're unsure of the casing.
/libraries/{library} without ?fields= returns every version's full asset manifest. For jQuery (80+ versions), that exceeds 500 KB. Always pass ?fields=name,version,versions when you only need version metadata.
Source map files (.map) appear in files but not in sri. Only .js and .css files get integrity hashes — don't assume every entry in files has one.

One-line summary for the user

I can look up precomputed SRI integrity hashes and CDN URLs for any open-source library version on cdnjs — no API key required, and the hashes paste directly into your HTML.

APIs this skill uses

CDNJS · primary · verified

API for accessing library information from CDNJS - a free and open-source CDN service for JavaScript and CSS libraries. Provides endpoints to browse, search, and retrieve metadata about thousands of front-end libraries.

Generated from

CDNJS tutorial Getting Started with the CDNJS API

SKILL.md source (frontmatter + body)

---
name: look-up-cdnjs-library-sri
description: When the user asks for a CDN URL or SRI integrity hash for a JavaScript or CSS library — jQuery, lodash, bootstrap, or any of cdnjs's 6,000+ packages — look it up on cdnjs with a single unauthenticated GET. No key required.
---

## When to use this skill

When the user asks for a CDN URL or a subresource integrity (SRI) hash for a JavaScript or CSS library — "Give me a `<script>` tag for jQuery 3.7.1 with an integrity hash", "What's the SRI for lodash 4.17.21?", or "Can I get the minified CDN link for bootstrap?" — reach for cdnjs. It hosts 6,000+ open-source packages with precomputed sha512 SRI hashes, no API key required. For discovering libraries by keyword rather than looking up a known library, this is the wrong skill — use the `/libraries?search=` endpoint directly.

## Your best first call

```bash
curl "https://api.cdnjs.com/libraries/jquery/3.7.1"
```

No auth. No key. Returns a JSON object with the library name, version, file list, and precomputed SRI hashes.

The key fields you'll use:

- `name` — the cdnjs slug (case-sensitive; must match exactly)
- `version` — the resolved version string
- `files` — array of filenames in the bundle (e.g. `jquery.min.js`, `jquery.slim.js`)
- `sri` — object mapping each distributable file to its precomputed `sha512-` integrity hash, ready to paste into `integrity="..."` without modification
- `latest` — CDN URL for the default file; the general CDN pattern is `https://cdnjs.cloudflare.com/ajax/libs/{library}/{version}/{file}`

The `sri` values include the `sha512-` prefix. The slim and full builds carry separate hashes — swapping `jquery.min.js` for `jquery.slim.min.js` without updating the `integrity` attribute will cause the browser to reject the script.

## Fallbacks (when the best first call isn't enough)

- **User doesn't know the version number** → Call `/libraries/{library}?fields=name,version,versions` first. `version` is the current stable release; `versions` lists everything including pre-releases, in descending order. Then call the versioned endpoint with the desired version.
- **User wants to find libraries by topic, not by name** → `/libraries?search={keyword}&fields=name,description,version` searches across library names and npm keywords. Use this when the user doesn't have a specific library in mind.
- **User needs to audit whether an old pinned version is still hosted** → The `versions` array from `/libraries/{library}?fields=versions` goes back to the beginning — jQuery starts at 1.2.3 (2007), and cdnjs has never pruned historical versions.

## Pitfalls

- Library names are case-sensitive and must match the cdnjs slug exactly. `fullPage.js` resolves; `fullpage.js` returns a 404. The slug comes from the npm package name, not a display name — search first if you're unsure of the casing.
- `/libraries/{library}` without `?fields=` returns every version's full asset manifest. For jQuery (80+ versions), that exceeds 500 KB. Always pass `?fields=name,version,versions` when you only need version metadata.
- Source map files (`.map`) appear in `files` but not in `sri`. Only `.js` and `.css` files get integrity hashes — don't assume every entry in `files` has one.

## One-line summary for the user

I can look up precomputed SRI integrity hashes and CDN URLs for any open-source library version on cdnjs — no API key required, and the hashes paste directly into your HTML.

« Back to all skills