Thank you for taking the time and effort to implement SubResource Integrity on the Crazy Egg script as a user option within Drupal. While we don't see anything incorrect or dangerous with your work due to the structure of Crazy Egg's Javascript it won't work as expected. The user-specific URL that you protected with Drupal is only one (very small) loader script. This loader script then goes on to load other Javascript files. These other Javascript files make up the bulk of the Crazy Egg code that executes on the page.
So while your change would protect the initial script, it wouldn't protect the site from changes to all the other Javascript files. Our concern is that it would provide a false sense of security. At this point we don't plan to add SRI for the other scripts. We offer self-hosting and version locking for customers instead.
We should have this upgraded in a couple of weeks.
We should have this upgraded in a couple of weeks.