How to install npm packages in custom themes/plugins

The better way to do this is to whitelist that specific URL either in the content securty policy script src site setting or in your theme component, see Mitigate XSS Attacks with Content Security Policy for more details.

And also, you can import loadScript from "discourse/lib/load-script"; and then use that to load an external script (instead of defining your own addScript injector).

6 Likes