Just a little caution about Subresource Integrity, some browsers don't support it...
Also, it seems like Hype should be listed here...
Heh, it is odd to explain this in layman's terms. Let's see...
Imagine you wanted to give an animated and musical birthday card to mommy. (That's basically a Hype project.) Your card has a message that you put into the card. You don't want your cheap brother stealing the card and putting in his own message instead, pretending that he bought the card. However, he's the only one that can deliver the card, as he can deliver it faster than you and you're not allowed outside late at night. (That's the CDN. He's your older brother, so you can kinda trust him, but he's also a jerk sometimes and he hangs out with a bad crowd... and your parents are divorced. You're at dad's place tonight. HA HA. That's why mommy isn't home. Think this story is bad? Good! I think using CDNs is bad.)
So, you put a secret code word on the card that only mommy understands. (That's the Subresource Integrity code.) If the card has been tampered with, the code word won't match and then you can tell mommy that your brother is in trouble. (The sha256 checksum is based on the file. The result is different if the file is different. So, if your brother tries to create his own message, the code won't match.)
Here's how you can test this locally...
shasum -a 256 /Applications/Hype.app/Contents/Resources/HYPE.thin.min.js
Most people have Hype in the Applications directory. So, if you run that command in the terminal, it should generate the following code...
f23b16b4eab59fa6d58e48dab273a04d308115aa85a2d2448c524c0e7568dcc4
If the codes match, then it means we should have the same versions of the file.