Add SRI where possible and review service worker cache scope/exposure

## Summary
Third-party scripts lack Subresource Integrity, and the service worker cache scope should be reviewed to avoid unintended offline exposure of large data files.

## Why this matters
SRI reduces supply-chain risk for external scripts, and a tighter cache strategy improves security posture and user expectations for offline behavior.

## Scope
- index.html
- core/systemrun.html
- workbox-config.js
- core/scripts/serviceWorker/sw.js

## Tasks
- Add SRI + crossorigin attributes to external scripts that support stable SRI.
- Review caching rules to ensure only necessary assets are cached offline.
- Document any data files that should not be cached or should require user intent.

## Acceptance criteria
- External scripts use SRI where feasible.
- Cache rules are scoped to intended offline behavior.
- Documentation reflects offline caching behavior.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Add SRI where possible and review service worker cache scope/exposure #83

Summary

Why this matters

Scope

Tasks

Acceptance criteria

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

Add SRI where possible and review service worker cache scope/exposure #83

Description

Summary

Why this matters

Scope

Tasks

Acceptance criteria

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions