Requires a secure origin. If you serve a local (but non-localhost) SPA over HTTP then you're blocked from using crypto.subtle.digest. At least, that is one reason I have seen a hand-rolled SHA-256 deployed.
replyEdit: oh, and it forces async.
no incremental hashing, so you can't hash files too large for ram.
replyI do use it for smaller files though, it's much faster.