Does anyone use that in real life for images or is it just for script/css files?
I still don't get why Web SRI was not part of notes. Any href references outside of nostr benefits from an integrity check.
https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
Discussion
Just for scripts and for good cause.
The use of the SRI integrity attribute is due to the rise of CDN services such as https://cdnjs.com which OS trusted by over 12.5% of all websites, serving over 200 billion requests each month.
Some IPFS sites which are supposedly decentralized, import resources from CDNs, exposing them to risks.