How to Link and Run JavaScript Files Hosted on GitHub Like a Pro

Want to use JavaScript files stored on GitHub in your web projects? This blog walks you through two main methods—using raw GitHub URLs and hosting fil

Introduction

When building web applications, you might find yourself needing to use JavaScript files hosted on GitHub. This guide provides code examples and best practices for linking to and executing these files.

Linking to JavaScript Files

Using Raw GitHub URLs

You can directly link to raw GitHub URLs to include JavaScript files in your web application. However, this approach is not recommended for production due to performance and security reasons.

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>Linking JS from GitHub</title>
  </head>
  <body>
    <script src="https://raw.githubusercontent.com/username/repo/branch/path/to/file.js"></script>
  </body>
</html>

Using GitHub Pages

A better approach is to use GitHub Pages to host your JavaScript files. This provides a more reliable and performant way to serve your files.

  1. Create a GitHub Page:
    • Go to your repository settings.
    • Scroll down to the "GitHub Pages" section.
    • Select the branch you want to deploy from and click "Save".
  2. Link to the Hosted JavaScript File: 
    <!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>Linking JS from GitHub Pages</title>
  </head>
  <body>
    <script src="https://username.github.io/repo/path/to/file.js"></script>
  </body>
</html>

Best Practices

  1. Use a CDN:

    - For production, consider using a Content Delivery Network (CDN) to host your JavaScript files. CDNs provide better performance and security.

  2. Versioning:

    - Use versioning in your URLs to avoid caching issues. For example, file.js?v=1.0.0.

  3. Content Security Policy (CS>P):

    - Implement CSP headers to mitigate the risk of cross-site scripting (XSS) attacks. Example CSP header:

    Content-Security-Policy: script-src 'self' https://username.github.io;
  4. Integrity Checks:

    - Use Subresource Integrity (SRI) to ensure the integrity of the linked JavaScript files. Example:

    <script
       src="https://username.github.io/repo/path/to/file.js"
       integrity="sha384-<hash>"
       crossorigin="anonymous"
     ></script>

Example

Here's a complete example demonstrating the best practices:

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>Best Practices for Linking JS</title>
    <meta
      http-equiv="Content-Security-Policy"
      content="script-src 'self' https://username.github.io;"
    />
  </head>
  <body>
    <script
      src="https://username.github.io/repo/path/to/file.js?v=1.0.0"
      integrity="sha384-<hash>"
      crossorigin="anonymous"
    ></script>
  </body>
</html>

Conclusion

Linking to and executing JavaScript files hosted on GitHub can be done in a few different ways. Using GitHub Pages is recommended for better performance and security. Always follow best practices such as using a CDN, versioning, implementing CSP, and using SRI for a secure and reliable web application.

About the author

�� | Exploring the realms of creativity and curiosity in 280 characters or less. Turning ideas into reality, one keystroke at a time. =» Ctrl + Alt + Believe

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
More Details
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.