content-security-policy-builder
Advanced tools
Take an object and turn it into a Content Security Policy string.
It can handle a lot of things you can you throw at it; camelCased or
dash-separated directives, arrays or strings, et cetera.
Usage:
import builder from "content-security-policy-builder";
// default-src 'self' default.com; script-src scripts.com; whatever-src something; object-src
builder({
directives: {
defaultSrc: ["'self'", "default.com"],
scriptSrc: "scripts.com",
"whatever-src": "something",
objectSrc: true,
},
});
// default-src 'self'; whatever-src something
builder({
directives: new Map([
["defaultSrc", ["'self'", "default.com"]],
["whatever-src", "something"],
]),
});
This module is considered complete. I expect to continue maintenance if needed, but I don't plan to add features or make breaking changes.
helmet-csp is a middleware for Express.js that helps set Content Security Policy headers. It provides a more integrated approach for Express applications, allowing for easy configuration and dynamic policy generation. Compared to content-security-policy-builder, helmet-csp is more focused on being a middleware solution for Express.
csp-header is a package that helps generate CSP headers in a flexible and customizable way. It offers a similar API to content-security-policy-builder but includes additional features like preset policies and easier integration with various frameworks. It is more feature-rich and provides more out-of-the-box configurations compared to content-security-policy-builder.
csp-headers is another package for generating CSP headers. It focuses on simplicity and ease of use, providing a straightforward API for defining CSP directives. While it offers similar functionality to content-security-policy-builder, it is designed to be more lightweight and easier to integrate into small projects.
FAQs
Build Content Security Policy directives.
The npm package content-security-policy-builder receives a total of 412,895 weekly downloads. As such, content-security-policy-builder popularity was classified as popular.
We found that content-security-policy-builder demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Five malicious NuGet packages impersonate Chinese .NET libraries to deploy a stealer targeting browser credentials, crypto wallets, SSH keys, and local files.
Security News
pnpm 11 turns on a 1-day Minimum Release Age and blocks exotic subdeps by default, adding safeguards against fast-moving supply chain attacks.
Security News
The remediated findings include organization permission bugs, stale project access after transfers, OIDC replay edge cases, audit logging gaps, and an IDOR in API token deletion.