content-security-policy-parser
Advanced tools
The content-security-policy-parser npm package is designed to parse Content Security Policy (CSP) headers into a more manageable and structured format. This can be useful for analyzing, modifying, or validating CSP headers in web applications.
Parse CSP Header
This feature allows you to parse a CSP header string into an object. The parsed object provides a structured representation of the CSP directives, making it easier to analyze and manipulate.
const cspParser = require('content-security-policy-parser');
const cspHeader = "default-src 'self'; script-src 'self' 'unsafe-inline'";
const parsedCSP = cspParser(cspHeader);
console.log(parsedCSP);Validate CSP Directives
This feature allows you to validate specific directives within the parsed CSP object. For example, you can check if 'unsafe-inline' is included in the 'script-src' directive.
const cspParser = require('content-security-policy-parser');
const cspHeader = "default-src 'self'; script-src 'self' 'unsafe-inline'";
const parsedCSP = cspParser(cspHeader);
const isValid = parsedCSP['script-src'].includes("'unsafe-inline'");
console.log(isValid);Modify CSP Directives
This feature allows you to modify the CSP directives within the parsed object and then convert it back to a string format. For example, you can add 'unsafe-inline' to the 'script-src' directive.
const cspParser = require('content-security-policy-parser');
let cspHeader = "default-src 'self'; script-src 'self'";
let parsedCSP = cspParser(cspHeader);
parsedCSP['script-src'].push("'unsafe-inline'");
cspHeader = Object.entries(parsedCSP).map(([key, value]) => `${key} ${value.join(' ')}`).join('; ');
console.log(cspHeader);Helmet is a collection of middleware to help secure Express apps. The helmet-csp module specifically helps set Content Security Policy headers. Unlike content-security-policy-parser, helmet-csp is more focused on setting CSP headers rather than parsing them.
The csp-header package is used to build Content Security Policy headers. It provides a more programmatic way to construct CSP headers, whereas content-security-policy-parser is focused on parsing existing CSP headers.
The csp-parse package is another library for parsing CSP headers. It offers similar functionality to content-security-policy-parser but may have different API design and additional features.
Take a Content Security Policy string and parse it.
Usage:
const parse = require('content-security-policy-parser')
parse("default-src 'self'; script-src 'unsafe-eval' scripts.com; object-src; style-src styles.biz")
/*
{
'default-src': ["'self'"],
'script-src': ["'unsafe-eval'", 'scripts.com'],
'object-src': [],
'style-src': ['styles.biz']
}
*/
FAQs
Parse Content Security Policy directives.
We found that content-security-policy-parser demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.
Security News
Research
A malicious npm campaign is targeting Ethereum developers by impersonating Hardhat plugins and the Nomic Foundation, stealing sensitive data like private keys.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.