PHPackages                             falconmedia/magento2-csp-sri-lock - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Utility &amp; Helpers](/categories/utility)
4. /
5. falconmedia/magento2-csp-sri-lock

ActiveMagento2-module[Utility &amp; Helpers](/categories/utility)

falconmedia/magento2-csp-sri-lock
=================================

Prevents corrupted sri-hashes.json in Magento 2 by adding atomic writes and file locking.

1.0.0(4mo ago)124MITPHPPHP ^8.1 || ^8.2, ^8.3

Since Mar 3Pushed 4mo agoCompare

[ Source](https://github.com/falconmedia/magento2-csp-sri-lock)[ Packagist](https://packagist.org/packages/falconmedia/magento2-csp-sri-lock)[ RSS](/packages/falconmedia-magento2-csp-sri-lock/feed)WikiDiscussions main Synced today

READMEChangelog (1)Dependencies (2)Versions (2)Used By (0)

Falcon Media -Magento 2 CSP SRI Lock
====================================

[](#falcon-media--magento-2-csp-sri-lock)

**Package:** `falconmedia/magento2-csp-sri-lock`
**Type:** Magento 2 Module
**License:** MIT
**Maintainer:** Henk Valk

Installation
------------

[](#installation)

### Via Composer

[](#via-composer)

```
composer require falconmedia/magento2-csp-sri-lock
php bin/magento module:enable FalconMedia_CspSriLock
php bin/magento setup:upgrade
php bin/magento cache:flush

```

Verification
------------

[](#verification)

After installation, verify that the correct storage class is active:

```
php bin/magento dev:di:info Magento\Csp\Model\SubresourceIntegrity\Storage\File

```

Expected output:

```
Preference: FalconMedia\CspSriLock\Model\SubresourceIntegrity\Storage\File

```

Issue
-----

[](#issue)

Magento 2.4.x stores Subresource Integrity (SRI) hashes in:

```
pub/static/frontend/sri-hashes.json
pub/static/adminhtml/sri-hashes.json

```

Under load, multiple PHP-FPM workers can write to the same file simultaneously.

Magento's default implementation writes using file mode `'w'` without locking.

This can cause:

- Truncated JSON files
- Partially written content
- Invalid JSON
- Fatal error in checkout:

```

```

```
Unable to unserialize value. Error: Syntax error
Magento\Csp\Model\SubresourceIntegrityRepository->getData()

```

This often results in checkout becoming completely unavailable.

---

Root Cause
----------

[](#root-cause)

The core implementation:

- Opens the file with mode `'w'` (truncate immediately)
- Does not use file locking
- Does not use atomic file replacement

If two requests write simultaneously:

```
Request A → truncates file
Request B → truncates file
Request A → writes partial JSON
Request B → overwrites partially

```

Result: corrupted JSON → checkout crash.

---

Solution
--------

[](#solution)

This module replaces Magento's default SRI file storage with a safer implementation that:

- Uses `flock()` for exclusive locking
- Writes to a temporary file first
- Replaces the target using atomic `rename()`
- Prevents truncated or corrupted JSON
- Keeps full backward compatibility

No database changes.
No configuration required.
Drop-in safe fix.

Testing
-------

[](#testing)

### 1. Remove existing SRI files

[](#1-remove-existing-sri-files)

```
rm -f pub/static/frontend/sri-hashes.json
rm -f pub/static/adminhtml/sri-hashes.json
php bin/magento cache:flush

```

### 2. Generate concurrent requests

[](#2-generate-concurrent-requests)

```
for i in {1..30}; do curl -s https://yourdomain.com/checkout/ > /dev/null & done; wait

```

### 3. Validate JSON

[](#3-validate-json)

```
php -r 'json_decode(@file_get_contents("pub/static/frontend/sri-hashes.json")); echo json_last_error();'

```

Expected result:

```
0

```

---

Compatibility
-------------

[](#compatibility)

- Magento 2.4.x
- PHP 8.1 / 8.2 / 8.3
- Single-node and multi-node environments

---

Why This Matters
----------------

[](#why-this-matters)

Checkout outages caused by corrupted SRI files can result in:

- Lost revenue
- Broken storefront
- Emergency hotfixes
- Unnecessary cache clears

This module eliminates that class of failure entirely.

---

License
-------

[](#license)

MIT License
© 2026 Falcon Media

###  Health Score

38

—

LowBetter than 83% of packages

Maintenance78

Regular maintenance activity

Popularity10

Limited adoption so far

Community6

Small or concentrated contributor base

Maturity49

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Unknown

Total

1

Last Release

122d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/0ab506c6fbf58517ea41c5959be2ea46d89f403438433c6eb6042afcfd0b7c94?d=identicon)[falconmedia](/maintainers/falconmedia)

---

Top Contributors

[![henkvalk](https://avatars.githubusercontent.com/u/8955854?v=4)](https://github.com/henkvalk "henkvalk (3 commits)")

### Embed Badge

![Health badge](/badges/falconmedia-magento2-csp-sri-lock/health.svg)

```
[![Health](https://phpackages.com/badges/falconmedia-magento2-csp-sri-lock/health.svg)](https://phpackages.com/packages/falconmedia-magento2-csp-sri-lock)
```

###  Alternatives

[adyen/module-payment

Official Magento2 Plugin to connect to Payment Service Provider Adyen.

1673.2M10](/packages/adyen-module-payment)[nosto/module-nostotagging

Increase your conversion rate and average order value by delivering your customers personalized product recommendations throughout their shopping journey.

27703.7k4](/packages/nosto-module-nostotagging)[integer-net/magento2-sansec-watch

Sansec Watch integration for Magento 2

40207.0k](/packages/integer-net-magento2-sansec-watch)[myparcelnl/magento

A Magento 2 module that creates MyParcel labels

1860.2k](/packages/myparcelnl-magento)[loki/magento2-components

Core module for defining Alpine.js components with advanced AJAX features

1011.8k26](/packages/loki-magento2-components)[zwernemann/module-withdrawal

Magento 2 EU Withdrawal Button Module - Adds a withdrawal/revocation button for orders in compliance with EU Directive (EU) 2023/2673

244.9k2](/packages/zwernemann-module-withdrawal)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
