This project, and lots of others, would really benefit from a standardized crypto Javascript API in browsers so there is an opportunity for using better hashing algorithms than are realistic to implement in Javascript.
Im not saying its realistic to engineer sha1 collisions to serve up malicious content on a platform like this, but its getting closer every year.
The platform my company is working on is similar to cacheP2P. We wrote our own custom PKI implementation on top of the WebCrypto API that doesn't rely on SHA1 for hashing.
For fun a few months ago, I implemented BLAKE in JS. It's a state of the art hash function developed by djb.
It was cool seeing how hashing works under the hood. I used UInt32Array for speed. It is still nowhere near native speed, but fast enough for many applications.
In particular, SubtleCrypto [0] seems to be what you're looking for. It's in the latest versions of FF/Chrome/Edge/Safari (and according to MDN, shipped with Edge last year and has been supported by Chrome/FF/Safari for roughly 2 years* [1]).
I can't find any support for Opera / IE, unfortunately, although Opera's been based on Chromium since 2013, so... presumably it's been supported for years, as well?
* Cross-referencing against browser release dates, that is.
Im not saying its realistic to engineer sha1 collisions to serve up malicious content on a platform like this, but its getting closer every year.