Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
@adv-ui/boros-cmp
Advanced tools
Readme
Boros CMP is a stand alone Consent Management Provider solution compliant with the "Transparency & Consent Framework" standard established by the IAB Europe.
Boros CMP is registered with ID 129
Boros CMP is available as npm package named @adv-ui/boros-cmp.
To install the last stable version:
npm install --save @adv-ui/boros-cmp
To initialize Boros CMP using default configuration values:
import boroscmp from '@adv-ui/boros-cmp'
boroscmp.init()
.then(()=>{
// do your stuff ...
})
To initialize Boros CMP using customized configuration values:
import boroscmp from '@adv-ui/boros-cmp'
const customConfig = {
gdpr: {
gdprApplies: true,
storeConsentGlobally: false
},
consent: {
consentScreen: 1,
consentLanguage: 'es'
}
}
boroscmp.init({config: customConfig})
.then(()=>{
// do your stuff ...
})
Notice that init method is returning a Promise but you can subscribe to cmpReady event instead:
import boroscmp from '@adv-ui/boros-cmp'
window.document.addEventListener("cmpReady", (event) => {
// do your stuff ...
// like calling window.__cmp( ...
})
boroscmp.init()
You could also import directly the library instead the bundled version. By using this, it will assume you're providing the @babel/runtime dependency, helpers and polyfills needed to get it working but it will give you a better size by reusing your packages.
import boroscmp from '@adv-ui/boros-cmp/lib'
boroscmp.init()
.then(()=>{
// do your stuff ...
})
Boros should be initialized with at least this custom configuration
import boroscmp from '@adv-ui/boros-cmp'
const customConfig = {
gdpr: {
storeConsentGlobally: true,
globalConsentLocation: 'http://local.schibsted.io:8000/index.html'
}
}
boroscmp.init({config: customConfig})
.then(()=>{
// do your stuff ...
})
In the globalConsentLocation provided, a server should be running and it should have the boros script builded for global version on it (global.dev.js or global.pro.js).
There are some default configuration values that can be overwritten before CMP is loaded. Following you will find all the configuration properties and their default values.
Property | Description | Default Value |
---|---|---|
gdpr.gdprApplies | Defines if GDPR applies or not. | true |
gdpr.storeConsentGlobally | Defines if Consent Storage is Global (true) or Local (false). | false |
gdpr.globalConsentLocation | The source URL of global storage html. | |
consent.consentScreen | Screen number where consent was given. | 1 |
consent.consentLanguage | Defines the language for the UI. | es |
vendorList.host | Host URL to retrieve Vendor lists. | https://vendorlist.consensu.org |
log.level | Defines the Log level. | 3 |
Defines if GDPR applies or not.
Defines if Consent Storage is Global (true) or Local (false).
The source URL of global storage html.
Defines the Screen number in the CMP where consent was given. The screen number is CMP and CmpVersion specific, and is for logging proof of consent
This language will be used by the User interface using CMP. Language values are ISO 639-1 (2 letter codes). By default, es will be used.
Check the available translations here: https://register.consensu.org/Translation
To find Vendor lists, CMP tries to retrieve a JSON named vendorlist.json and uses the IAB version structure, as follows:
Available log level values:
Code | Level |
---|---|
1 | debug |
2 | info |
3 | warn |
4 | error |
5 | off |
CMP version is set according to the version defined inside the package.json file. IAB standard uses only one number to define this version, so only the major version (first digit) will be used.
CMP is MIT licensed.
FAQs
Adevinta GDPR - Consent Management Provider - Standalone
The npm package @adv-ui/boros-cmp receives a total of 19 weekly downloads. As such, @adv-ui/boros-cmp popularity was classified as not popular.
We found that @adv-ui/boros-cmp demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.