Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

csp-header

Package Overview
Dependencies
Maintainers
1
Versions
28
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

csp-header - npm Package Compare versions

Comparing version 5.2.1 to 6.0.0

eslint.config.js
tsconfig.tsbuildinfo

33

dist/index.js
"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {

@@ -13,4 +17,6 @@ if (k2 === undefined) k2 = k;

Object.defineProperty(exports, "__esModule", { value: true });
exports.nonce = exports.getCSP = void 0;
exports.getCSP = getCSP;
exports.nonce = nonce;
const directives_1 = require("./constants/directives");
const values_1 = require("./constants/values");
__exportStar(require("./types"), exports);

@@ -28,3 +34,2 @@ __exportStar(require("./constants/directives"), exports);

}
exports.getCSP = getCSP;
/**

@@ -36,3 +41,2 @@ * Build CSP nonce string

}
exports.nonce = nonce;
/**

@@ -48,2 +52,5 @@ * Build CSP header value from resolved policy

const directiveValue = directives[directiveName];
if (!directiveValue) {
continue;
}
const directiveRulesString = getDirectiveString(directiveName, directiveValue);

@@ -63,5 +70,2 @@ if (directiveRulesString) {

function getDirectiveString(directiveName, directiveValue) {
if (!directiveValue) {
return '';
}
if (typeof directiveValue === 'boolean') {

@@ -77,2 +81,3 @@ return `${directiveName};`;

}
return '';
}

@@ -101,5 +106,7 @@ /**

}
directiveName;
const currentRules = mergedPolicies[directiveName];
const presetRules = preset[directiveName];
if (presetRules === undefined) {
continue;
}
mergedPolicies[directiveName] = mergeDirectiveRules(currentRules, presetRules);

@@ -110,3 +117,3 @@ }

}
function mergeDirectiveRules(directiveValue1, directiveValue2) {
function mergeDirectiveRules(directiveValue1 = '', directiveValue2 = '') {
if (directiveValue1 === undefined) {

@@ -119,6 +126,12 @@ return directiveValue2;

if (Array.isArray(directiveValue1) && Array.isArray(directiveValue2)) {
return getUniqRules([
const uniqRules = getUniqRules([
...directiveValue1,
...directiveValue2
]);
const noneIndex = uniqRules.indexOf(values_1.NONE);
// Remove "'none'" if there are other rules
if (noneIndex >= 0 && uniqRules.length > 1) {
uniqRules.splice(noneIndex, 1);
}
return uniqRules;
}

@@ -125,0 +138,0 @@ return directiveValue2;

44

dist/types.d.ts

@@ -7,28 +7,28 @@ import { ALLOW_DOWNLOADS_WITHOUT_USER_ACTIVATION, ALLOW_DUPLICATES, ALLOW_FORMS, ALLOW_MODALS, ALLOW_ORIENTATION_LOCK, ALLOW_POINTER_LOCK, ALLOW_POPUPS, ALLOW_POPUPS_TO_ESCAPE_SANDBOX, ALLOW_PRESENTATION, ALLOW_SAME_ORIGIN, ALLOW_STORAGE_ACCESS_BY_USER_ACTIVATION, ALLOW_SCRIPTS, ALLOW_TOP_NAVIGATION, ALLOW_TOP_NAVIGATION_BY_USER_ACTIVATION, NO_REFERRER, NONE, NONE_WHEN_DOWNGRADE, ORIGIN, ORIGIN_WHEN_CROSS_ORIGIN, SCRIPT, SELF, STRICT_DYNAMIC, UNSAFE_EVAL, UNSAFE_HASHES, UNSAFE_INLINE, UNSAFE_URL, ALLOW, BLOCK, REPORT_SAMPLE, WASM_UNSAFE_EVAL } from './constants/values';

}
declare type DirectivesOfType<T> = {
type DirectivesOfType<T> = {
[K in keyof CSPDirectives]: CSPDirectives[K] extends T ? K : never;
} extends Record<string, infer P> ? P : never;
export declare type CSPDirectiveName = DirectivesOfType<any>;
export declare type CSPListDirectiveName = DirectivesOfType<CSPListDirectiveValue>;
export declare type CSPStringDirectiveName = DirectivesOfType<CSPStringDirectiveValue>;
export declare type CSPBooleanDirectiveName = DirectivesOfType<CSPBooleanDirectiveValue>;
export declare type CSPDirectiveValue = CSPListDirectiveValue | CSPStringDirectiveValue | CSPBooleanDirectiveValue;
export declare type CSPListDirectiveValue = string[];
export declare type CSPStringDirectiveValue = string;
export declare type CSPBooleanDirectiveValue = boolean;
export declare type CSPPreset = CSPPresetsObject | CSPPresetsArray;
export declare type CSPPresetsObject = {
export type CSPDirectiveName = DirectivesOfType<any>;
export type CSPListDirectiveName = DirectivesOfType<CSPListDirectiveValue>;
export type CSPStringDirectiveName = DirectivesOfType<CSPStringDirectiveValue>;
export type CSPBooleanDirectiveName = DirectivesOfType<CSPBooleanDirectiveValue>;
export type CSPDirectiveValue = CSPListDirectiveValue | CSPStringDirectiveValue | CSPBooleanDirectiveValue;
export type CSPListDirectiveValue = string[];
export type CSPStringDirectiveValue = string;
export type CSPBooleanDirectiveValue = boolean;
export type CSPPreset = CSPPresetsObject | CSPPresetsArray;
export type CSPPresetsObject = {
[presetName: string]: Partial<CSPDirectives>;
};
export declare type CSPPresetsArray = Partial<CSPDirectives>[];
declare type TSource = string;
declare type TNonce = `nonce-${string}`;
declare type THash = `sha${'256' | '384' | '512'}-${string}`;
declare type TMimeType = `${string}/${string}`;
declare type TFetchDirective = TSource | TNonce | THash | typeof NONE | typeof SELF | typeof UNSAFE_EVAL | typeof UNSAFE_HASHES | typeof UNSAFE_INLINE;
declare type TAttrDirective = THash | typeof NONE | typeof UNSAFE_INLINE | typeof UNSAFE_HASHES;
declare type TDocumentDirective = TSource | TNonce | THash | typeof NONE | typeof SELF | typeof UNSAFE_EVAL | typeof UNSAFE_HASHES | typeof UNSAFE_INLINE;
declare type TNavigationDirective = TSource | TNonce | THash | typeof NONE | typeof SELF | typeof UNSAFE_EVAL | typeof UNSAFE_HASHES | typeof UNSAFE_INLINE | typeof STRICT_DYNAMIC;
declare type TWebRTCDirective = typeof ALLOW | typeof BLOCK;
export declare type CSPDirectives = {
export type CSPPresetsArray = Partial<CSPDirectives>[];
type TSource = string;
type TNonce = `nonce-${string}`;
type THash = `sha${'256' | '384' | '512'}-${string}`;
type TMimeType = `${string}/${string}`;
type TFetchDirective = TSource | TNonce | THash | typeof NONE | typeof SELF | typeof UNSAFE_EVAL | typeof UNSAFE_HASHES | typeof UNSAFE_INLINE;
type TAttrDirective = THash | typeof NONE | typeof UNSAFE_INLINE | typeof UNSAFE_HASHES;
type TDocumentDirective = TSource | TNonce | THash | typeof NONE | typeof SELF | typeof UNSAFE_EVAL | typeof UNSAFE_HASHES | typeof UNSAFE_INLINE;
type TNavigationDirective = TSource | TNonce | THash | typeof NONE | typeof SELF | typeof UNSAFE_EVAL | typeof UNSAFE_HASHES | typeof UNSAFE_INLINE | typeof STRICT_DYNAMIC;
type TWebRTCDirective = typeof ALLOW | typeof BLOCK;
export type CSPDirectives = {
'base-uri': (TDocumentDirective | typeof STRICT_DYNAMIC)[];

@@ -35,0 +35,0 @@ 'block-all-mixed-content': boolean;

6

package.json
{
"name": "csp-header",
"version": "5.2.1",
"version": "6.0.0",
"description": "Content-Security-Policy header generator",

@@ -10,3 +10,3 @@ "main": "dist/index.js",

"build": "tsc -p ./",
"lint": "eslint . --ext .js,.jsx,.ts,.tsx"
"lint": "eslint"
},

@@ -22,3 +22,3 @@ "keywords": [

"engines": {
"node": ">=10"
"node": ">=18"
},

@@ -25,0 +25,0 @@ "repository": {

36

src/index.ts

@@ -5,2 +5,5 @@ import {

import {
NONE
} from './constants/values';
import {
CSPHeaderParams,

@@ -49,3 +52,8 @@ CSPDirectives,

const directiveValue: CSPDirectiveValue = directives[directiveName as keyof CSPDirectives];
const directiveValue = directives[directiveName as keyof CSPDirectives];
if (!directiveValue) {
continue;
}
const directiveRulesString = getDirectiveString(

@@ -72,6 +80,2 @@ directiveName as CSPDirectiveName,

function getDirectiveString(directiveName: CSPDirectiveName, directiveValue: CSPDirectiveValue): string {
if (!directiveValue) {
return '';
}
if (typeof directiveValue === 'boolean') {

@@ -89,2 +93,4 @@ return `${directiveName};`;

}
return '';
}

@@ -118,6 +124,8 @@

directiveName as keyof CSPDirectives;
const currentRules = mergedPolicies[directiveName as keyof CSPDirectives];
const presetRules = preset[directiveName as keyof CSPDirectives];
const currentRules: CSPDirectiveValue = mergedPolicies[directiveName as keyof CSPDirectives];
const presetRules: CSPDirectiveValue = preset[directiveName as keyof CSPDirectives];
if (presetRules === undefined) {
continue;
}

@@ -131,3 +139,3 @@ (mergedPolicies[directiveName as keyof CSPDirectives] as CSPDirectiveValue) = mergeDirectiveRules(currentRules, presetRules);

function mergeDirectiveRules(directiveValue1: CSPDirectiveValue, directiveValue2: CSPDirectiveValue): CSPDirectiveValue {
function mergeDirectiveRules(directiveValue1: CSPDirectiveValue = '', directiveValue2: CSPDirectiveValue = ''): CSPDirectiveValue {
if (directiveValue1 === undefined) {

@@ -142,6 +150,14 @@ return directiveValue2;

if (Array.isArray(directiveValue1) && Array.isArray(directiveValue2)) {
return getUniqRules([
const uniqRules = getUniqRules([
...directiveValue1,
...directiveValue2
]);
const noneIndex = uniqRules.indexOf(NONE);
// Remove "'none'" if there are other rules
if(noneIndex >= 0 && uniqRules.length > 1) {
uniqRules.splice(noneIndex, 1);
}
return uniqRules;
}

@@ -148,0 +164,0 @@ 

.eslintignore
.eslintrc
jest.config.js
tests/index.test.ts
tsconfig.json
dist/index.js.map

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc