SRI for jquery-migrate plugin

Hi, I’m working on a WordPress plugin that provides updated jQuery to the WordPress frontend in a robust and secure manner. It allows the user to select their preferred public CDN (or no CDN) and secures both jQuery and jQuery Migrate with SRI - serving them locally in the event that the client fails to retrieve it from the CDN or the SRI fails.

For jQuery 3.5.1 there are no issues if the webmaster chooses cdnjs but for jquery-migrate (minified version) there is a problem.

The jquery-migrate-3.3.0.min.js downloaded from and hosted on the jQuery CDN has an SRI of


However on CDNJS the file has an SRI of


I need to understand why it is different here before I can compensate in my plugin to use a different SRI when CDNJS is the chosen CDN to serve jQuery + migrate plugin from.

Looking at the code of both I noticed that the cdnjs version has //# at the end of the file and this will result in a different hash value.
I didn’t notice any other differences, but I didn’t compare in detail both files.

1 Like

Ah okay that makes perfect sense. Thank you.