Another thing in the security tool chest is SubResource Integrity. If your JS is hosted on a CD you can put a hash of the expected JavaScript within the HTML script declaration. When the browser downloads it, it'll verify the hash before executing it.