Context
The principles page (and potentially other pages) loads Alpine.js via:
<script src="https://cdn.jsdelivr.net/npm/alpinejs@3.x.x/dist/cdn.min.js"></script>
This floating range means any Alpine 3.x release automatically applies, which could introduce breaking changes or regressions without warning.
Suggestion
Pin to a specific version (e.g., alpinejs@3.14.9) and add SRI hashes for all CDN dependencies as a hardening pass.
Source
Flagged by claude[bot] in PR #7 review.
Context
The principles page (and potentially other pages) loads Alpine.js via:
This floating range means any Alpine 3.x release automatically applies, which could introduce breaking changes or regressions without warning.
Suggestion
Pin to a specific version (e.g.,
alpinejs@3.14.9) and add SRI hashes for all CDN dependencies as a hardening pass.Source
Flagged by claude[bot] in PR #7 review.