That would work well for most, until the /jquery-latest.min.js or whatever is updated to the newest, latest release. But that would also be a problem with the browser based solution.
The question then is - how do you distribute the trusted hash?
Maybe there should be an independent organization or website that serves trusted hashes for common or registered libraries and files.
Right, you can't verify hashes for resources that change. You'd have to link to a specific version that everyone can agree on. As for trusting the hash itself - I guess someone you trust (probably the author) would have to sign the hash, then you could verify the signature.
As long as the author isn't serving the signed hash via the same CDN as the files. Then there's the logistics problem of having to looking in different hash locations for each file.
I'm just thinking of some libraries that could be security sensitive, and thus using latest releases on day 1 is the most important. I surmise these would also be the same libraries you would want to use this type of authentication on.
The question then is - how do you distribute the trusted hash?
Maybe there should be an independent organization or website that serves trusted hashes for common or registered libraries and files.