Skip to content

arnaud-92/silver-loader

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
silver-loader.src.js
silver-loader.src.js
 
 
silver-loader.v1.0.0.js
silver-loader.v1.0.0.js
 
 

Repository files navigation

silver-loader

A tiny (~1 KB), zero-dependency, opt-in JavaScript loader used by the CatalogPilot WordPress plugin (Pro tier) to enrich WooCommerce product pages with trusted, centrally-published JSON-LD.

This repository exists for transparency: it lets WordPress.org reviewers, security auditors, and merchants read exactly what the script does before they let it run on their site.

What it does

When a CatalogPilot Pro subscriber's site loads, the plugin injects this script in the footer with a data-merchant="<slug>" attribute. The loader then:

  1. Reads the merchant slug from data-merchant
  2. Fetches https://merchantstamp.com/feeds/<slug>/products.jsonld (the merchant's central, signed product catalog)
  3. Looks for the product whose URL matches the page being viewed
  4. Injects a <script type="application/ld+json"> block into the page <head> with that product's structured data

The result: every product page on the merchant's site is automatically enriched with the same authoritative, integrity-proofed JSON-LD that lives in the merchant's central feed — without the merchant having to push a plugin update.

What it does NOT do

  • ❌ No tracking, no analytics, no telemetry
  • ❌ No cookies, no localStorage, no fingerprinting
  • ❌ No personally-identifiable information is read, stored, or transmitted
  • ❌ No DOM mutation other than appending one <script type="application/ld+json"> tag
  • ❌ No code execution (the injected payload is JSON-LD, not JavaScript)

Network behaviour

Attribute Value
Method GET
URL https://merchantstamp.com/feeds/<slug>/products.jsonld
Credentials omit (no cookies sent)
Cache mode force-cache (respects HTTP cache headers)
Frequency Once per page load
Body sent None

Subresource Integrity

The CatalogPilot plugin loads this script with an SRI hash so the browser refuses to execute any modified copy:

<script src="https://merchantstamp.com/js/silver-loader.v1.0.0.js"
        data-merchant="<merchant-slug>"
        integrity="sha384-19KHHbTsfzP7NUYkTi9+j/EKDqmjRqhR7ZlOEvcomdRS4+w+X0oA5R5VI3lFR8R8"
        crossorigin="anonymous"
        defer></script>

Versioning

silver-loader.v1.0.0.js is immutable. Any change ships under a new version filename (silver-loader.v1.0.1.js, etc.) so existing SRI hashes never break.

Opt-out

Site owners can disable the loader injection at any time by adding this filter in their theme's functions.php:

add_filter( 'catalogpilot_inject_loader', '__return_false' );

The loader will not be injected for that site.

Files in this repo

  • silver-loader.v1.0.0.js — the production minified script (917 bytes), exactly the file served at https://merchantstamp.com/js/silver-loader.v1.0.0.js
  • silver-loader.src.js — annotated, unminified source for human review
  • README.md — this file
  • LICENSE — MIT

License

MIT — see LICENSE.

Maintainer

MerchantStamp

About

Tiny JavaScript loader that enriches WooCommerce product pages with trusted JSON-LD from MerchantStamp. Used by the CatalogPilot WP plugin.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages