Fetching external resources, for example from a CDN, without verifying their integrity could impact the security of an application if the CDN gets compromised and resources are replaced by malicious ones. Resources integrity feature will block resources inclusion into an application if the pre-computed digest of the expected resource doesn't match with the digest of the retrieved resource.

Ask Yourself Whether

There is a risk if you answered yes to this question.

Recommended Secure Coding Practices

Sensitive Code Example

let script = document.createElement("script"); // Sensitive
script.src = "https://cdnexample.com/script-latest.js";
script.crossOrigin = "anonymous";
document.head.appendChild(script);

Compliant Solution

let script = document.createElement("script");
script.src = "https://cdnexample.com/script-v1.2.3.js";
script.integrity = "sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC"; // Compliant
script.crossOrigin = "anonymous";
document.head.appendChild(script);

See