PHPackages falconmedia/magento2-csp-sri-lock - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Utility & Helpers](/categories/utility) 4. / 5. falconmedia/magento2-csp-sri-lock ActiveMagento2-module[Utility & Helpers](/categories/utility) falconmedia/magento2-csp-sri-lock ================================= Prevents corrupted sri-hashes.json in Magento 2 by adding atomic writes and file locking. 1.0.0(2mo ago)18MITPHPPHP ^8.1 || ^8.2, ^8.3 Since Mar 3Pushed 2mo agoCompare [ Source](https://github.com/falconmedia/magento2-csp-sri-lock)[ Packagist](https://packagist.org/packages/falconmedia/magento2-csp-sri-lock)[ RSS](/packages/falconmedia-magento2-csp-sri-lock/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (1)Dependencies (2)Versions (2)Used By (0) Falcon Media -Magento 2 CSP SRI Lock ==================================== [](#falcon-media--magento-2-csp-sri-lock) **Package:** `falconmedia/magento2-csp-sri-lock` **Type:** Magento 2 Module **License:** MIT **Maintainer:** Henk Valk Installation ------------ [](#installation) ### Via Composer [](#via-composer) ``` composer require falconmedia/magento2-csp-sri-lock php bin/magento module:enable FalconMedia_CspSriLock php bin/magento setup:upgrade php bin/magento cache:flush ``` Verification ------------ [](#verification) After installation, verify that the correct storage class is active: ``` php bin/magento dev:di:info Magento\Csp\Model\SubresourceIntegrity\Storage\File ``` Expected output: ``` Preference: FalconMedia\CspSriLock\Model\SubresourceIntegrity\Storage\File ``` Issue ----- [](#issue) Magento 2.4.x stores Subresource Integrity (SRI) hashes in: ``` pub/static/frontend/sri-hashes.json pub/static/adminhtml/sri-hashes.json ``` Under load, multiple PHP-FPM workers can write to the same file simultaneously. Magento's default implementation writes using file mode `'w'` without locking. This can cause: - Truncated JSON files - Partially written content - Invalid JSON - Fatal error in checkout: ``` ``` ``` Unable to unserialize value. Error: Syntax error Magento\Csp\Model\SubresourceIntegrityRepository->getData() ``` This often results in checkout becoming completely unavailable. --- Root Cause ---------- [](#root-cause) The core implementation: - Opens the file with mode `'w'` (truncate immediately) - Does not use file locking - Does not use atomic file replacement If two requests write simultaneously: ``` Request A → truncates file Request B → truncates file Request A → writes partial JSON Request B → overwrites partially ``` Result: corrupted JSON → checkout crash. --- Solution -------- [](#solution) This module replaces Magento's default SRI file storage with a safer implementation that: - Uses `flock()` for exclusive locking - Writes to a temporary file first - Replaces the target using atomic `rename()` - Prevents truncated or corrupted JSON - Keeps full backward compatibility No database changes. No configuration required. Drop-in safe fix. Testing ------- [](#testing) ### 1. Remove existing SRI files [](#1-remove-existing-sri-files) ``` rm -f pub/static/frontend/sri-hashes.json rm -f pub/static/adminhtml/sri-hashes.json php bin/magento cache:flush ``` ### 2. Generate concurrent requests [](#2-generate-concurrent-requests) ``` for i in {1..30}; do curl -s https://yourdomain.com/checkout/ > /dev/null & done; wait ``` ### 3. Validate JSON [](#3-validate-json) ``` php -r 'json_decode(@file_get_contents("pub/static/frontend/sri-hashes.json")); echo json_last_error();' ``` Expected result: ``` 0 ``` --- Compatibility ------------- [](#compatibility) - Magento 2.4.x - PHP 8.1 / 8.2 / 8.3 - Single-node and multi-node environments --- Why This Matters ---------------- [](#why-this-matters) Checkout outages caused by corrupted SRI files can result in: - Lost revenue - Broken storefront - Emergency hotfixes - Unnecessary cache clears This module eliminates that class of failure entirely. --- License ------- [](#license) MIT License © 2026 Falcon Media ### Health Score 39 — LowBetter than 86% of packages Maintenance86 Actively maintained with recent releases Popularity8 Limited adoption so far Community6 Small or concentrated contributor base Maturity48 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 70d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/0ab506c6fbf58517ea41c5959be2ea46d89f403438433c6eb6042afcfd0b7c94?d=identicon)[falconmedia](/maintainers/falconmedia) --- Top Contributors [![henkvalk](https://avatars.githubusercontent.com/u/8955854?v=4)](https://github.com/henkvalk "henkvalk (3 commits)") ### Embed Badge ![Health badge](/badges/falconmedia-magento2-csp-sri-lock/health.svg) ``` [![Health](https://phpackages.com/badges/falconmedia-magento2-csp-sri-lock/health.svg)](https://phpackages.com/packages/falconmedia-magento2-csp-sri-lock) ``` ### Alternatives [tig/postnl-magento2 TIG Magento 2 PostNL extension 58544.2k4](/packages/tig-postnl-magento2)[lillik/magento2-price-decimal Magento 2 Price Decimal Precision 111147.5k](/packages/lillik-magento2-price-decimal)[doofinder/doofinder-magento2 Doofinder module for Magento 2 13204.0k1](/packages/doofinder-doofinder-magento2)[magepal/magento2-form-field-manager Customer and Address Form Fields Manager for Magento2 293.8k](/packages/magepal-magento2-form-field-manager)[graycore/magento2-graphql-introspection-cache 1015.2k](/packages/graycore-magento2-graphql-introspection-cache)[elgentos/magento2-hyva-checkout-ab-test Set up an A/B test with different available Hyvä and Luma checkouts 154.2k](/packages/elgentos-magento2-hyva-checkout-ab-test) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)