Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
@smg-automotive/cookie-consent-pkg
Advanced tools
Readme
npm install @smg-automotive/cookie-consent-pkg
OneTrustCookieConsentBanner
adds the required script tags to the document head and preloads the script so that it
loads as early as possible. only loads a 3KB script. All subsequent scripts load async.
import { OneTrustCookieConsentBanner } from '@smg-automotive/cookie-consent-pkg';
// loads using JavaScript. You may gain more performance by adding it manually to the server HTML
<OneTrustCookieConsentBanner domainScript="yourScriptID" enabled={true} />;
Alternatively, if you are serving an HTML from the server, consider adding it manually inside the document head.
<script
src="https://cdn.cookielaw.org/scripttemplates/otSDKStub.js"
data-domain-script="yourScriptID"
data-document-language="true"
/>
You should wrap your application with the CookieConsentProvider
. It places listeners on the current cookie consent and
enables you to react on changes (e.g. block certain third party scripts).
<CookieConsentProvider
enabled={true}
onConsentChanged={(newConsent) => console.log(newConsent)}
onOneTrustLoaded={(initialConsent, hideBanner) => console.log(initialConsent)}
>
<div>your app..</div>
</CookieConsentProvider>
onConsentChanged
is optional and allows you to fire events when the user changed the consent in the preference center.
onOneTrustLoaded
is optional and is called after OneTrust has been loaded. hideBanner
is true
if the banner has
been shown in a previous session.
You can get the current consent and other properties related to cookie consent in your component
using useCookieConsent
hook.
import { useCookieConsent } from '@smg-automotive/cookie-consent-pkg';
const { consent, openPreferenceCenter, isLoaded, hasInteracted } =
useCookieConsent;
property | type | description |
---|---|---|
consent | Category[] | Array of the current consent. If the user uses a script blocker or you disabled OneTrust in the Provider, only the stricly necessary category is set. |
openPreferenceCenter | Function | Opens the OneTrust preference center. |
isLoaded | boolean | True if OneTrust has been successfully loaded and invoked. |
hasInteracted | boolean | True if the user has interacted with the banner at some point. |
npm run build
You can link your local npm package to integrate it with any local project:
cd cookie-consent-pkg
npm run build
cd <project directory>
npm link ../cookie-consent-pkg
New versions are released on the ci using semantic-release as soon as you merge into master. Please
make sure your merge commit message adheres to the
corresponding conventions and your branch name does not contain
forward slashes /
.
FAQs
A boilerplate package setup
The npm package @smg-automotive/cookie-consent-pkg receives a total of 256 weekly downloads. As such, @smg-automotive/cookie-consent-pkg popularity was classified as not popular.
We found that @smg-automotive/cookie-consent-pkg demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
Security News
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.