Using sha256 javascript client-side can definitely be tricky, but I think you’re on the right track by ensuring a double-hash on the server side.
For trustworthy implementations, I would recommend jsSHA, a popular library for cryptographic hashing in JavaScript. It’s actively maintained, with an open-source community behind it, and is generally considered reliable for cryptographic purposes.
That said, as you mentioned, it’s crucial to review any code you’re using—client-side hashes can still be vulnerable to various attacks (e.g., man-in-the-middle) if not properly handled. Always ensure that your transport layer is secure (i.e., use HTTPS).
As you work with these libraries, remember that sha256 javascript can be implemented effectively using jsSHA, and it’s one of the more trusted options available.