🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more
Socket
Book a DemoInstallSign in
Socket

csp-helper

Package Overview
Dependencies
Maintainers
1
Versions
13
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

csp-helper

Helpers for managing Content Security Policy (CSP)

0.10.0
latest
Source
npm
Version published
Weekly downloads
12
-71.43%
Maintainers
1
Weekly downloads
 
Created
Source

csp-helper

github check npm coverage license

Helpers for creating Content Security Policy (CSP) headers.

  • Zero dependencies
  • Build with TypeScript
  • Merging multiple CSP configurations
  • Providing preset CSP configurations for:
    • Datadog
    • Google Ads
    • Google Analytics 4
    • Google Fonts
    • Google Identity
    • Google Tag Manager
    • Hotjar
    • Infogram
    • Podscribe
    • Reddit
    • TikTok
    • Vimeo
    • X
    • Youtube
    • ... and more

Installation

npm install csp-helper

Usage

createCspHeader

Create a CSP header string from a CSP configuration object.

import {
  CSP_PRESET_DATADOG_INTAKE_URLS,
  CSP_PRESET_DATADOG_WEB_WORKER,
  CSP_PRESET_GOOGLE_ANALYTICS_4,
  CSP_PRESET_GOOGLE_TAG_MANAGER_UNSAFE_INLINE,
  CSP_PRESET_HOTJAR,
  createCspHeader,
} from 'csp-helper';

const cspHeader = createCspHeader(
  {
    'default-src': `'self'`,
    'script-src': `'self' https://example.com`,
    'style-src': `'self' https://example.com`,
  },
  {
    includeHeaderName: true,
    presets: [
      CSP_PRESET_DATADOG_INTAKE_URLS,
      CSP_PRESET_DATADOG_WEB_WORKER,
      CSP_PRESET_GOOGLE_ANALYTICS_4,
      CSP_PRESET_GOOGLE_TAG_MANAGER_UNSAFE_INLINE,
      CSP_PRESET_HOTJAR,
    ],
  },
);

console.log(cspHeader);

mergeCspConfigs

Merge multiple CSP configurations into one.

  • Same values will be automatically deduplicated.
  • Presets could also be used for merging.
import {
  CSP_PRESET_GOOGLE_ANALYTICS_4,
  CSP_PRESET_GOOGLE_TAG_MANAGER_UNSAFE_INLINE,
  mergeCspConfigs,
} from 'csp-helper';

const cspConfig = mergeCspConfigs([
  {
    'default-src': `'self'`,
    'script-src': `'self' https://example.com`,
    'style-src': `'self' https://example.com`,
  },
  {
    'script-src': `'self' https://example.com https://example2.com`,
    'style-src': `'self' https://example.com https://example2.com`,
  },
  CSP_PRESET_GOOGLE_ANALYTICS_4,
  CSP_PRESET_GOOGLE_TAG_MANAGER_UNSAFE_INLINE,
]);

console.log(cspConfig);

License

MIT © meteorlxy & Contributors

Keywords

content-security-policy

FAQs

Package last updated on 10 Jun 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts