Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
csp-header
Advanced tools
csp-header - npm Package Compare versions
Comparing version 2.2.0 to 5.0.0-beta.1
| import { CSPHeaderParams } from './types'; | ||
| export * from './types'; | ||
| export * from './constants'; | ||
| export * from './constants/directives'; | ||
| export * from './constants/values'; | ||
| /** | ||
@@ -5,0 +6,0 @@ * Build CSP header value from params |
| "use strict"; | ||
| function __export(m) { | ||
| for (var p in m) if (!exports.hasOwnProperty(p)) exports[p] = m[p]; | ||
| } | ||
| var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { | ||
| if (k2 === undefined) k2 = k; | ||
| Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } }); | ||
| }) : (function(o, m, k, k2) { | ||
| if (k2 === undefined) k2 = k; | ||
| o[k2] = m[k]; | ||
| })); | ||
| var __exportStar = (this && this.__exportStar) || function(m, exports) { | ||
| for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p); | ||
| }; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| const constants_1 = require("./constants"); | ||
| __export(require("./constants")); | ||
| exports.nonce = exports.getCSP = void 0; | ||
| const directives_1 = require("./constants/directives"); | ||
| __exportStar(require("./types"), exports); | ||
| __exportStar(require("./constants/directives"), exports); | ||
| __exportStar(require("./constants/values"), exports); | ||
| /** | ||
@@ -12,5 +22,5 @@ * Build CSP header value from params | ||
| function getCSP(params = {}) { | ||
| let { directives = {}, presets = {}, reportUri } = params; | ||
| let presetsList = normalizePresetsList(presets); | ||
| let mergedPolicies = applyPresets(directives, presetsList); | ||
| const { directives = {}, presets = {}, reportUri } = params; | ||
| const presetsList = normalizePresetsList(presets); | ||
| const mergedPolicies = applyPresets(directives, presetsList); | ||
| return policyToString(mergedPolicies, reportUri); | ||
@@ -30,9 +40,9 @@ } | ||
| function policyToString(directives, reportUri) { | ||
| let cspStringParts = []; | ||
| for (let directiveName in directives) { | ||
| const cspStringParts = []; | ||
| for (const directiveName in directives) { | ||
| if (!directives.hasOwnProperty(directiveName)) { | ||
| continue; | ||
| } | ||
| let directiveValue = directives[directiveName]; | ||
| let directiveRulesString = getDirectiveString(directiveName, directiveValue); | ||
| const directiveValue = directives[directiveName]; | ||
| const directiveRulesString = getDirectiveString(directiveName, directiveValue); | ||
| if (directiveRulesString) { | ||
@@ -54,10 +64,10 @@ cspStringParts.push(directiveRulesString); | ||
| } | ||
| if (directiveName in constants_1.BOOLEAN_DIRECTIVES) { | ||
| if (typeof directiveValue === 'boolean') { | ||
| return `${directiveName};`; | ||
| } | ||
| if (directiveName in constants_1.STRING_DIRECTIVES) { | ||
| if (typeof directiveValue === 'string') { | ||
| return `${directiveName} ${directiveValue};`; | ||
| } | ||
| if (directiveName in constants_1.LIST_DIRECTIVES) { | ||
| let valueString = directiveValue.join(' '); | ||
| if (Array.isArray(directiveValue)) { | ||
| const valueString = directiveValue.join(' '); | ||
| return `${directiveName} ${valueString};`; | ||
@@ -82,12 +92,12 @@ } | ||
| function applyPresets(directives, presets) { | ||
| let mergedPolicies = {}; | ||
| for (let preset of [directives, ...presets]) { | ||
| for (let directiveName in preset) { | ||
| if (!(directiveName in constants_1.ALLOWED_DIRECTIVES)) { | ||
| const mergedPolicies = {}; | ||
| for (const preset of [directives, ...presets]) { | ||
| for (const directiveName in preset) { | ||
| if (!(directiveName in directives_1.ALLOWED_DIRECTIVES)) { | ||
| continue; | ||
| } | ||
| directiveName; | ||
| let currentRules = mergedPolicies[directiveName]; | ||
| let presetRules = preset[directiveName]; | ||
| mergedPolicies[directiveName] = mergeDirectiveRules(currentRules, presetRules, directiveName); | ||
| const currentRules = mergedPolicies[directiveName]; | ||
| const presetRules = preset[directiveName]; | ||
| mergedPolicies[directiveName] = mergeDirectiveRules(currentRules, presetRules); | ||
| } | ||
@@ -97,3 +107,3 @@ } | ||
| } | ||
| function mergeDirectiveRules(directiveValue1, directiveValue2, directiveName) { | ||
| function mergeDirectiveRules(directiveValue1, directiveValue2) { | ||
| if (directiveValue1 === undefined) { | ||
@@ -105,3 +115,3 @@ return directiveValue2; | ||
| } | ||
| if (directiveName in constants_1.LIST_DIRECTIVES) { | ||
| if (Array.isArray(directiveValue1) && Array.isArray(directiveValue2)) { | ||
| return getUniqRules([ | ||
@@ -108,0 +118,0 @@ ...directiveValue1, |
@@ -1,12 +0,14 @@ | ||
| import { ALLOWED_DIRECTIVES, BOOLEAN_DIRECTIVES, LIST_DIRECTIVES, STRING_DIRECTIVES } from './constants'; | ||
| import { ALLOW_DOWNLOADS_WITHOUT_USER_ACTIVATION, ALLOW_DUPLICATES, ALLOW_FORMS, ALLOW_MODALS, ALLOW_ORIENTATION_LOCK, ALLOW_POINTER_LOCK, ALLOW_POPUPS, ALLOW_POPUPS_TO_ESACPE_SANDBOX, ALLOW_PRESENTATION, ALLOW_SAME_ORIGIN, ALLOW_STORAGE_ACCESS_BY_USER_ACTIVATION, ALLOW_SCRIPTS, ALLOW_TOP_NAVIGATION, ALLOW_TOP_NAVIGATION_BY_USER_ACTIVATION, NO_REFERRER, NONE, NONE_WHEN_DOWNGRADE, ORIGIN, ORIGIN_WHEN_CROSS_ORIGIN, SCRIPT, SELF, STRICT_DYNAMIC, UNSAFE_EVAL, UNSAFE_HASHES, UNSAFE_INLINE, UNSAFE_URL } from './constants/values'; | ||
| export interface CSPHeaderParams { | ||
| directives?: CSPDirectives; | ||
| directives?: Partial<CSPDirectives>; | ||
| presets?: CSPPreset; | ||
| reportUri?: string; | ||
| } | ||
| export declare type CSPDirectives = Partial<(Record<CSPListDirectiveName, CSPListDirectiveValue> | Record<CSPStringDirectiveName, CSPStringDirectiveValue> | Record<CSPBooleanDirectiveName, CSPBooleanDirectiveValue>)>; | ||
| export declare type CSPDirectiveName = keyof typeof ALLOWED_DIRECTIVES; | ||
| export declare type CSPListDirectiveName = keyof typeof LIST_DIRECTIVES; | ||
| export declare type CSPStringDirectiveName = keyof typeof STRING_DIRECTIVES; | ||
| export declare type CSPBooleanDirectiveName = keyof typeof BOOLEAN_DIRECTIVES; | ||
| declare type DirectivesOfType<T> = { | ||
| [K in keyof CSPDirectives]: CSPDirectives[K] extends T ? K : never; | ||
| } extends Record<string, infer P> ? P : never; | ||
| export declare type CSPDirectiveName = DirectivesOfType<any>; | ||
| export declare type CSPListDirectiveName = DirectivesOfType<CSPListDirectiveValue>; | ||
| export declare type CSPStringDirectiveName = DirectivesOfType<CSPStringDirectiveValue>; | ||
| export declare type CSPBooleanDirectiveName = DirectivesOfType<CSPBooleanDirectiveValue>; | ||
| export declare type CSPDirectiveValue = CSPListDirectiveValue | CSPStringDirectiveValue | CSPBooleanDirectiveValue; | ||
@@ -18,4 +20,45 @@ export declare type CSPListDirectiveValue = string[]; | ||
| export declare type CSPPresetsObject = { | ||
| [presetName: string]: CSPDirectives; | ||
| [presetName: string]: Partial<CSPDirectives>; | ||
| }; | ||
| export declare type CSPPresetsArray = CSPDirectives[]; | ||
| export declare type CSPPresetsArray = Partial<CSPDirectives>[]; | ||
| declare type TSource = string; | ||
| declare type TNonce = `nonce-${string}`; | ||
| declare type THash = `sha-${string}`; | ||
| declare type TMimeType = `${string}/${string}`; | ||
| declare type TFetchDirective = TSource | TNonce | THash | typeof NONE | typeof SELF | typeof UNSAFE_EVAL | typeof UNSAFE_HASHES | typeof UNSAFE_INLINE; | ||
| declare type TDocumentDirective = TSource | TNonce | THash | typeof NONE | typeof SELF | typeof UNSAFE_EVAL | typeof UNSAFE_HASHES | typeof UNSAFE_INLINE; | ||
| declare type TNavigationDirective = TSource | TNonce | THash | typeof NONE | typeof SELF | typeof UNSAFE_EVAL | typeof UNSAFE_HASHES | typeof UNSAFE_INLINE | typeof STRICT_DYNAMIC; | ||
| export declare type CSPDirectives = { | ||
| 'base-uri': (TDocumentDirective | typeof STRICT_DYNAMIC)[]; | ||
| 'block-all-mixed-content': boolean; | ||
| 'child-src': TFetchDirective[]; | ||
| 'connect-src': TFetchDirective[]; | ||
| 'default-src': (TFetchDirective | typeof STRICT_DYNAMIC)[]; | ||
| 'font-src': TFetchDirective[]; | ||
| 'form-action': TNavigationDirective[]; | ||
| 'frame-ancestors': (TSource | typeof SELF | typeof NONE)[]; | ||
| 'frame-src': TFetchDirective[]; | ||
| 'img-src': (TFetchDirective | typeof STRICT_DYNAMIC)[]; | ||
| 'manifest-src': TFetchDirective[]; | ||
| 'media-src': TFetchDirective[]; | ||
| 'navigate-to': TNavigationDirective[]; | ||
| 'object-src': TFetchDirective[]; | ||
| 'plugin-types': TMimeType[]; | ||
| 'prefetch-src': TFetchDirective[]; | ||
| 'referrer': typeof NO_REFERRER | typeof NONE_WHEN_DOWNGRADE | typeof ORIGIN | typeof ORIGIN_WHEN_CROSS_ORIGIN | typeof UNSAFE_URL; | ||
| 'report-to': string; | ||
| 'report-uri': string; | ||
| 'require-sri-for': ('script' | 'style')[]; | ||
| 'require-trusted-types-for': typeof SCRIPT; | ||
| 'sandbox': (typeof ALLOW_DOWNLOADS_WITHOUT_USER_ACTIVATION | typeof ALLOW_FORMS | typeof ALLOW_MODALS | typeof ALLOW_ORIENTATION_LOCK | typeof ALLOW_POINTER_LOCK | typeof ALLOW_POPUPS | typeof ALLOW_POPUPS_TO_ESACPE_SANDBOX | typeof ALLOW_PRESENTATION | typeof ALLOW_SAME_ORIGIN | typeof ALLOW_SCRIPTS | typeof ALLOW_STORAGE_ACCESS_BY_USER_ACTIVATION | typeof ALLOW_TOP_NAVIGATION | typeof ALLOW_TOP_NAVIGATION_BY_USER_ACTIVATION)[]; | ||
| 'script-src': (TFetchDirective | typeof STRICT_DYNAMIC)[]; | ||
| 'script-src-attr': (TFetchDirective | typeof STRICT_DYNAMIC)[]; | ||
| 'script-src-elem': (TFetchDirective | typeof STRICT_DYNAMIC)[]; | ||
| 'style-src': TFetchDirective[]; | ||
| 'style-src-attr': TFetchDirective[]; | ||
| 'style-src-elem': TFetchDirective[]; | ||
| 'trusted-types': (string | typeof NONE | typeof ALLOW_DUPLICATES)[]; | ||
| 'upgrade-insecure-requests': boolean; | ||
| 'worker-src': TFetchDirective[]; | ||
| }; | ||
| export {}; |
| { | ||
| "name": "csp-header", | ||
| "version": "2.2.0", | ||
| "version": "5.0.0-beta.1", | ||
| "description": "Content-Security-Policy header generator", | ||
@@ -9,3 +9,4 @@ "main": "dist/index.js", | ||
| "test": "jest", | ||
| "build": "tsc -p ./" | ||
| "build": "tsc -p ./", | ||
| "lint": "eslint . --ext .js,.jsx,.ts,.tsx" | ||
| }, | ||
@@ -21,13 +22,15 @@ "keywords": [ | ||
| "engines": { | ||
| "node": ">=8" | ||
| "node": ">=10" | ||
| }, | ||
| "devDependencies": { | ||
| "@types/jest": "^24.0.13", | ||
| "@types/node": "^12.0.7", | ||
| "jest": "^24.8.0", | ||
| "ts-jest": "^24.0.2", | ||
| "ts-node": "^8.2.0", | ||
| "typescript": "^3.5.1" | ||
| "@types/jest": "26.0.21", | ||
| "@types/node": "14.14.35", | ||
| "@typescript-eslint/eslint-plugin": "4.18.0", | ||
| "@typescript-eslint/parser": "4.18.0", | ||
| "eslint": "7.22.0", | ||
| "jest": "26.6.3", | ||
| "ts-jest": "26.5.4", | ||
| "ts-node": "9.1.1", | ||
| "typescript": "4.2.3" | ||
| }, | ||
| "dependencies": {}, | ||
| "repository": { | ||
@@ -34,0 +37,0 @@ "type": "git", |
| import { | ||
| ALLOWED_DIRECTIVES, | ||
| BOOLEAN_DIRECTIVES, | ||
| LIST_DIRECTIVES, | ||
| STRING_DIRECTIVES | ||
| } from './constants'; | ||
| } from './constants/directives'; | ||
| import { | ||
@@ -18,3 +15,4 @@ CSPHeaderParams, | ||
| export * from './types'; | ||
| export * from './constants'; | ||
| export * from './constants/directives'; | ||
| export * from './constants/values'; | ||
@@ -25,5 +23,5 @@ /** | ||
| export function getCSP(params: CSPHeaderParams = {}): string { | ||
| let { directives = {}, presets = {}, reportUri } = params; | ||
| let presetsList = normalizePresetsList(presets); | ||
| let mergedPolicies = applyPresets(directives, presetsList); | ||
| const { directives = {}, presets = {}, reportUri } = params; | ||
| const presetsList = normalizePresetsList(presets); | ||
| const mergedPolicies = applyPresets(directives, presetsList); | ||
@@ -44,6 +42,6 @@ return policyToString(mergedPolicies, reportUri); | ||
| function policyToString(directives: CSPDirectives, reportUri?: string): string { | ||
| let cspStringParts: string[] = []; | ||
| function policyToString(directives: Partial<CSPDirectives>, reportUri?: string): string { | ||
| const cspStringParts: string[] = []; | ||
| for (let directiveName in directives) { | ||
| for (const directiveName in directives) { | ||
| if (!directives.hasOwnProperty(directiveName)) { | ||
@@ -53,4 +51,4 @@ continue; | ||
| let directiveValue: CSPDirectiveValue = directives[directiveName as keyof CSPDirectives]; | ||
| let directiveRulesString = getDirectiveString( | ||
| const directiveValue: CSPDirectiveValue = directives[directiveName as keyof CSPDirectives]; | ||
| const directiveRulesString = getDirectiveString( | ||
| directiveName as CSPDirectiveName, | ||
@@ -80,12 +78,12 @@ directiveValue | ||
| if (directiveName in BOOLEAN_DIRECTIVES) { | ||
| if (typeof directiveValue === 'boolean') { | ||
| return `${directiveName};`; | ||
| } | ||
| if (directiveName in STRING_DIRECTIVES) { | ||
| if (typeof directiveValue === 'string') { | ||
| return `${directiveName} ${directiveValue};`; | ||
| } | ||
| if (directiveName in LIST_DIRECTIVES) { | ||
| let valueString = (directiveValue as CSPListDirectiveValue).join(' '); | ||
| if (Array.isArray(directiveValue)) { | ||
| const valueString = (directiveValue as CSPListDirectiveValue).join(' '); | ||
| return `${directiveName} ${valueString};`; | ||
@@ -112,7 +110,7 @@ } | ||
| */ | ||
| function applyPresets(directives: CSPDirectives, presets: CSPPresetsArray): CSPDirectives { | ||
| let mergedPolicies: CSPDirectives = {}; | ||
| function applyPresets(directives: Partial<CSPDirectives>, presets: CSPPresetsArray): Partial<CSPDirectives> { | ||
| const mergedPolicies: Partial<CSPDirectives> = {}; | ||
| for (let preset of [directives, ...presets]) { | ||
| for (let directiveName in preset) { | ||
| for (const preset of [directives, ...presets]) { | ||
| for (const directiveName in preset) { | ||
| if (!(directiveName in ALLOWED_DIRECTIVES)) { | ||
@@ -124,6 +122,6 @@ continue; | ||
| let currentRules: CSPDirectiveValue = mergedPolicies[directiveName as keyof CSPDirectives]; | ||
| let presetRules: CSPDirectiveValue = preset[directiveName as keyof CSPDirectives]; | ||
| const currentRules: CSPDirectiveValue = mergedPolicies[directiveName as keyof CSPDirectives]; | ||
| const presetRules: CSPDirectiveValue = preset[directiveName as keyof CSPDirectives]; | ||
| (mergedPolicies[directiveName as keyof CSPDirectives] as CSPDirectiveValue) = mergeDirectiveRules(currentRules, presetRules, directiveName as keyof CSPDirectives); | ||
| (mergedPolicies[directiveName as keyof CSPDirectives] as CSPDirectiveValue) = mergeDirectiveRules(currentRules, presetRules); | ||
| } | ||
@@ -135,3 +133,3 @@ } | ||
| function mergeDirectiveRules(directiveValue1: CSPDirectiveValue, directiveValue2: CSPDirectiveValue, directiveName: CSPDirectiveName): CSPDirectiveValue { | ||
| function mergeDirectiveRules(directiveValue1: CSPDirectiveValue, directiveValue2: CSPDirectiveValue): CSPDirectiveValue { | ||
| if (directiveValue1 === undefined) { | ||
@@ -145,6 +143,6 @@ return directiveValue2; | ||
| if (directiveName in LIST_DIRECTIVES) { | ||
| if (Array.isArray(directiveValue1) && Array.isArray(directiveValue2)) { | ||
| return getUniqRules([ | ||
| ...directiveValue1 as CSPListDirectiveValue, | ||
| ...directiveValue2 as CSPListDirectiveValue | ||
| ...directiveValue1, | ||
| ...directiveValue2 | ||
| ]); | ||
@@ -151,0 +149,0 @@ } |
132
src/types.ts
@@ -1,5 +0,32 @@ | ||
| import { ALLOWED_DIRECTIVES, BOOLEAN_DIRECTIVES, LIST_DIRECTIVES, STRING_DIRECTIVES } from './constants'; | ||
| import { | ||
| ALLOW_DOWNLOADS_WITHOUT_USER_ACTIVATION, | ||
| ALLOW_DUPLICATES, | ||
| ALLOW_FORMS, | ||
| ALLOW_MODALS, | ||
| ALLOW_ORIENTATION_LOCK, | ||
| ALLOW_POINTER_LOCK, | ||
| ALLOW_POPUPS, | ||
| ALLOW_POPUPS_TO_ESACPE_SANDBOX, | ||
| ALLOW_PRESENTATION, | ||
| ALLOW_SAME_ORIGIN, | ||
| ALLOW_STORAGE_ACCESS_BY_USER_ACTIVATION, | ||
| ALLOW_SCRIPTS, | ||
| ALLOW_TOP_NAVIGATION, | ||
| ALLOW_TOP_NAVIGATION_BY_USER_ACTIVATION, | ||
| NO_REFERRER, | ||
| NONE, | ||
| NONE_WHEN_DOWNGRADE, | ||
| ORIGIN, | ||
| ORIGIN_WHEN_CROSS_ORIGIN, | ||
| SCRIPT, | ||
| SELF, | ||
| STRICT_DYNAMIC, | ||
| UNSAFE_EVAL, | ||
| UNSAFE_HASHES, | ||
| UNSAFE_INLINE, | ||
| UNSAFE_URL, | ||
| } from './constants/values'; | ||
| export interface CSPHeaderParams { | ||
| directives?: CSPDirectives, | ||
| directives?: Partial<CSPDirectives>, | ||
| presets?: CSPPreset, | ||
@@ -9,11 +36,7 @@ reportUri?: string | ||
| export type CSPDirectives = Partial<( | ||
| Record<CSPListDirectiveName, CSPListDirectiveValue> | | ||
| Record<CSPStringDirectiveName, CSPStringDirectiveValue> | | ||
| Record<CSPBooleanDirectiveName, CSPBooleanDirectiveValue> | ||
| )>; | ||
| export type CSPDirectiveName = keyof typeof ALLOWED_DIRECTIVES; | ||
| export type CSPListDirectiveName = keyof typeof LIST_DIRECTIVES; | ||
| export type CSPStringDirectiveName = keyof typeof STRING_DIRECTIVES; | ||
| export type CSPBooleanDirectiveName = keyof typeof BOOLEAN_DIRECTIVES; | ||
| type DirectivesOfType<T> = { [K in keyof CSPDirectives]: CSPDirectives[K] extends T ? K : never } extends Record<string, infer P> ? P : never; | ||
| export type CSPDirectiveName = DirectivesOfType<any>; | ||
| export type CSPListDirectiveName = DirectivesOfType<CSPListDirectiveValue>; | ||
| export type CSPStringDirectiveName = DirectivesOfType<CSPStringDirectiveValue>; | ||
| export type CSPBooleanDirectiveName = DirectivesOfType<CSPBooleanDirectiveValue>; | ||
| export type CSPDirectiveValue = CSPListDirectiveValue | CSPStringDirectiveValue | CSPBooleanDirectiveValue; | ||
@@ -24,3 +47,86 @@ export type CSPListDirectiveValue = string[]; | ||
| export type CSPPreset = CSPPresetsObject | CSPPresetsArray; | ||
| export type CSPPresetsObject = { [presetName: string]: CSPDirectives }; | ||
| export type CSPPresetsArray = CSPDirectives[]; | ||
| export type CSPPresetsObject = { [presetName: string]: Partial<CSPDirectives> }; | ||
| export type CSPPresetsArray = Partial<CSPDirectives>[]; | ||
| type TSource = string; | ||
| type TNonce = `nonce-${string}`; | ||
| type THash = `sha-${string}`; | ||
| type TMimeType = `${string}/${string}`; | ||
| type TFetchDirective = TSource | | ||
| TNonce | | ||
| THash | | ||
| typeof NONE | | ||
| typeof SELF | | ||
| typeof UNSAFE_EVAL | | ||
| typeof UNSAFE_HASHES | | ||
| typeof UNSAFE_INLINE; | ||
| type TDocumentDirective = TSource | | ||
| TNonce | | ||
| THash | | ||
| typeof NONE | | ||
| typeof SELF | | ||
| typeof UNSAFE_EVAL | | ||
| typeof UNSAFE_HASHES | | ||
| typeof UNSAFE_INLINE; | ||
| type TNavigationDirective = TSource | | ||
| TNonce | | ||
| THash | | ||
| typeof NONE | | ||
| typeof SELF | | ||
| typeof UNSAFE_EVAL | | ||
| typeof UNSAFE_HASHES | | ||
| typeof UNSAFE_INLINE | | ||
| typeof STRICT_DYNAMIC; | ||
| export type CSPDirectives = { | ||
| 'base-uri': (TDocumentDirective | typeof STRICT_DYNAMIC)[], | ||
| 'block-all-mixed-content': boolean, | ||
| 'child-src': TFetchDirective[], | ||
| 'connect-src': TFetchDirective[], | ||
| 'default-src': (TFetchDirective | typeof STRICT_DYNAMIC)[], | ||
| 'font-src': TFetchDirective[], | ||
| 'form-action': TNavigationDirective[], | ||
| 'frame-ancestors': (TSource | typeof SELF | typeof NONE)[], | ||
| 'frame-src': TFetchDirective[], | ||
| 'img-src': (TFetchDirective | typeof STRICT_DYNAMIC)[], | ||
| 'manifest-src': TFetchDirective[], | ||
| 'media-src': TFetchDirective[], | ||
| 'navigate-to': TNavigationDirective[], | ||
| 'object-src': TFetchDirective[], | ||
| 'plugin-types': TMimeType[], | ||
| 'prefetch-src': TFetchDirective[], | ||
| 'referrer': typeof NO_REFERRER | | ||
| typeof NONE_WHEN_DOWNGRADE | | ||
| typeof ORIGIN | | ||
| typeof ORIGIN_WHEN_CROSS_ORIGIN | | ||
| typeof UNSAFE_URL, | ||
| 'report-to': string, | ||
| 'report-uri': string, | ||
| 'require-sri-for': ('script' | 'style')[], | ||
| 'require-trusted-types-for': typeof SCRIPT, | ||
| 'sandbox': (typeof ALLOW_DOWNLOADS_WITHOUT_USER_ACTIVATION | | ||
| typeof ALLOW_FORMS | | ||
| typeof ALLOW_MODALS | | ||
| typeof ALLOW_ORIENTATION_LOCK | | ||
| typeof ALLOW_POINTER_LOCK | | ||
| typeof ALLOW_POPUPS | | ||
| typeof ALLOW_POPUPS_TO_ESACPE_SANDBOX | | ||
| typeof ALLOW_PRESENTATION | | ||
| typeof ALLOW_SAME_ORIGIN | | ||
| typeof ALLOW_SCRIPTS | | ||
| typeof ALLOW_STORAGE_ACCESS_BY_USER_ACTIVATION | | ||
| typeof ALLOW_TOP_NAVIGATION | | ||
| typeof ALLOW_TOP_NAVIGATION_BY_USER_ACTIVATION)[], | ||
| 'script-src': (TFetchDirective | typeof STRICT_DYNAMIC)[], | ||
| 'script-src-attr': (TFetchDirective | typeof STRICT_DYNAMIC)[], | ||
| 'script-src-elem': (TFetchDirective | typeof STRICT_DYNAMIC)[], | ||
| 'style-src': TFetchDirective[], | ||
| 'style-src-attr': TFetchDirective[], | ||
| 'style-src-elem': TFetchDirective[], | ||
| 'trusted-types': (string | typeof NONE | typeof ALLOW_DUPLICATES)[], | ||
| 'upgrade-insecure-requests': boolean, | ||
| 'worker-src': TFetchDirective[], | ||
| }; |
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by62.89%
42299
- Number of package files
- increased by53.33%
23
- Lines of code
- increased by82.25%
924
Worsened metrics
- Dev dependency count
- increased by50%
9
- Number of low quality alerts
- increased byInfinity%
1
- Number of medium supply chain risk alerts
- increased byInfinity%
1
No dependency changes