🚀 Big News:Socket Has Acquired Secure Annex.Learn More →
csp-helper
Advanced tools
csp-helper - npm Package Compare versions
+12
-0
@@ -323,2 +323,13 @@ | ||
| }; | ||
| /** | ||
| * CSP directives for tiktok pixel | ||
| * | ||
| * @see https://business-api.tiktok.com/portal/docs?id=1739585704427522 | ||
| */ | ||
| const CSP_PRESET_TIKTOK_PIXEL = { | ||
| "connect-src": `https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com`, | ||
| "frame-src": `'self' bytedance: sslocal:`, | ||
| "img-src": `https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com`, | ||
| "script-src": `https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com` | ||
| }; | ||
@@ -383,2 +394,3 @@ //#endregion | ||
| exports.CSP_PRESET_TIKTOK_EMBED = CSP_PRESET_TIKTOK_EMBED; | ||
| exports.CSP_PRESET_TIKTOK_PIXEL = CSP_PRESET_TIKTOK_PIXEL; | ||
| exports.CSP_PRESET_VIMEO_EMBED = CSP_PRESET_VIMEO_EMBED; | ||
@@ -385,0 +397,0 @@ exports.CSP_PRESET_X_EMBED = CSP_PRESET_X_EMBED; |
+20
-9
@@ -65,12 +65,12 @@ //#region src/constants.d.ts | ||
| /** | ||
| * Include header name in the output or not. | ||
| * | ||
| * @default false | ||
| */ | ||
| * Include header name in the output or not. | ||
| * | ||
| * @default false | ||
| */ | ||
| includeHeaderName?: boolean; | ||
| /** | ||
| * Presets to include in the CSP header. | ||
| * | ||
| * @default [] | ||
| */ | ||
| * Presets to include in the CSP header. | ||
| * | ||
| * @default [] | ||
| */ | ||
| presets?: ContentSecurityPolicyConfig[]; | ||
@@ -361,2 +361,13 @@ } | ||
| }; | ||
| /** | ||
| * CSP directives for tiktok pixel | ||
| * | ||
| * @see https://business-api.tiktok.com/portal/docs?id=1739585704427522 | ||
| */ | ||
| declare const CSP_PRESET_TIKTOK_PIXEL: { | ||
| 'connect-src': string; | ||
| 'frame-src': string; | ||
| 'img-src': string; | ||
| 'script-src': string; | ||
| }; | ||
| //#endregion | ||
@@ -394,2 +405,2 @@ //#region src/presets/vimeo.d.ts | ||
| //#endregion | ||
| export { CSP_HEADER_NAME, CSP_PRESET_DATADOG_CDN_BUNDLE_URL, CSP_PRESET_DATADOG_INTAKE_URLS, CSP_PRESET_DATADOG_WEB_WORKER, CSP_PRESET_GOOGLE_ADS, CSP_PRESET_GOOGLE_ADS_FULL_TLD, CSP_PRESET_GOOGLE_ADS_USER_DATA_BEACON, CSP_PRESET_GOOGLE_ANALYTICS_4, CSP_PRESET_GOOGLE_ANALYTICS_4_GOOGLE_SIGNALS, CSP_PRESET_GOOGLE_ANALYTICS_4_GOOGLE_SIGNALS_FULL_TLD, CSP_PRESET_GOOGLE_FONTS, CSP_PRESET_GOOGLE_IDENTITY, CSP_PRESET_GOOGLE_TAG_MANAGER_CUSTOM_JAVASCRIPT_VARIABLES, CSP_PRESET_GOOGLE_TAG_MANAGER_NONCE, CSP_PRESET_GOOGLE_TAG_MANAGER_PREVIEW_MODE, CSP_PRESET_GOOGLE_TAG_MANAGER_UNSAFE_INLINE, CSP_PRESET_GOOGLE_UNIVERSAL_ANALYTICS, CSP_PRESET_HOTJAR, CSP_PRESET_INFOGRAM_EMBED, CSP_PRESET_PODSCRIBE, CSP_PRESET_REDDIT_EMBED, CSP_PRESET_SENTRY_SESSION_REPLAY, CSP_PRESET_TIKTOK_EMBED, CSP_PRESET_VIMEO_EMBED, CSP_PRESET_X_EMBED, CSP_PRESET_YOUTUBE_EMBED, ContentSecurityPolicyConfig, ContentSecurityPolicyDirective, ContentSecurityPolicyRecord, CreateCspHeaderOptions, GOOGLE_SUPPORTED_DOMAINS, createCspHeader, mergeCspConfigs, mergeCspConfigsToSet }; | ||
| export { CSP_HEADER_NAME, CSP_PRESET_DATADOG_CDN_BUNDLE_URL, CSP_PRESET_DATADOG_INTAKE_URLS, CSP_PRESET_DATADOG_WEB_WORKER, CSP_PRESET_GOOGLE_ADS, CSP_PRESET_GOOGLE_ADS_FULL_TLD, CSP_PRESET_GOOGLE_ADS_USER_DATA_BEACON, CSP_PRESET_GOOGLE_ANALYTICS_4, CSP_PRESET_GOOGLE_ANALYTICS_4_GOOGLE_SIGNALS, CSP_PRESET_GOOGLE_ANALYTICS_4_GOOGLE_SIGNALS_FULL_TLD, CSP_PRESET_GOOGLE_FONTS, CSP_PRESET_GOOGLE_IDENTITY, CSP_PRESET_GOOGLE_TAG_MANAGER_CUSTOM_JAVASCRIPT_VARIABLES, CSP_PRESET_GOOGLE_TAG_MANAGER_NONCE, CSP_PRESET_GOOGLE_TAG_MANAGER_PREVIEW_MODE, CSP_PRESET_GOOGLE_TAG_MANAGER_UNSAFE_INLINE, CSP_PRESET_GOOGLE_UNIVERSAL_ANALYTICS, CSP_PRESET_HOTJAR, CSP_PRESET_INFOGRAM_EMBED, CSP_PRESET_PODSCRIBE, CSP_PRESET_REDDIT_EMBED, CSP_PRESET_SENTRY_SESSION_REPLAY, CSP_PRESET_TIKTOK_EMBED, CSP_PRESET_TIKTOK_PIXEL, CSP_PRESET_VIMEO_EMBED, CSP_PRESET_X_EMBED, CSP_PRESET_YOUTUBE_EMBED, ContentSecurityPolicyConfig, ContentSecurityPolicyDirective, ContentSecurityPolicyRecord, CreateCspHeaderOptions, GOOGLE_SUPPORTED_DOMAINS, createCspHeader, mergeCspConfigs, mergeCspConfigsToSet }; |
+20
-9
@@ -65,12 +65,12 @@ //#region src/constants.d.ts | ||
| /** | ||
| * Include header name in the output or not. | ||
| * | ||
| * @default false | ||
| */ | ||
| * Include header name in the output or not. | ||
| * | ||
| * @default false | ||
| */ | ||
| includeHeaderName?: boolean; | ||
| /** | ||
| * Presets to include in the CSP header. | ||
| * | ||
| * @default [] | ||
| */ | ||
| * Presets to include in the CSP header. | ||
| * | ||
| * @default [] | ||
| */ | ||
| presets?: ContentSecurityPolicyConfig[]; | ||
@@ -361,2 +361,13 @@ } | ||
| }; | ||
| /** | ||
| * CSP directives for tiktok pixel | ||
| * | ||
| * @see https://business-api.tiktok.com/portal/docs?id=1739585704427522 | ||
| */ | ||
| declare const CSP_PRESET_TIKTOK_PIXEL: { | ||
| 'connect-src': string; | ||
| 'frame-src': string; | ||
| 'img-src': string; | ||
| 'script-src': string; | ||
| }; | ||
| //#endregion | ||
@@ -394,2 +405,2 @@ //#region src/presets/vimeo.d.ts | ||
| //#endregion | ||
| export { CSP_HEADER_NAME, CSP_PRESET_DATADOG_CDN_BUNDLE_URL, CSP_PRESET_DATADOG_INTAKE_URLS, CSP_PRESET_DATADOG_WEB_WORKER, CSP_PRESET_GOOGLE_ADS, CSP_PRESET_GOOGLE_ADS_FULL_TLD, CSP_PRESET_GOOGLE_ADS_USER_DATA_BEACON, CSP_PRESET_GOOGLE_ANALYTICS_4, CSP_PRESET_GOOGLE_ANALYTICS_4_GOOGLE_SIGNALS, CSP_PRESET_GOOGLE_ANALYTICS_4_GOOGLE_SIGNALS_FULL_TLD, CSP_PRESET_GOOGLE_FONTS, CSP_PRESET_GOOGLE_IDENTITY, CSP_PRESET_GOOGLE_TAG_MANAGER_CUSTOM_JAVASCRIPT_VARIABLES, CSP_PRESET_GOOGLE_TAG_MANAGER_NONCE, CSP_PRESET_GOOGLE_TAG_MANAGER_PREVIEW_MODE, CSP_PRESET_GOOGLE_TAG_MANAGER_UNSAFE_INLINE, CSP_PRESET_GOOGLE_UNIVERSAL_ANALYTICS, CSP_PRESET_HOTJAR, CSP_PRESET_INFOGRAM_EMBED, CSP_PRESET_PODSCRIBE, CSP_PRESET_REDDIT_EMBED, CSP_PRESET_SENTRY_SESSION_REPLAY, CSP_PRESET_TIKTOK_EMBED, CSP_PRESET_VIMEO_EMBED, CSP_PRESET_X_EMBED, CSP_PRESET_YOUTUBE_EMBED, ContentSecurityPolicyConfig, ContentSecurityPolicyDirective, ContentSecurityPolicyRecord, CreateCspHeaderOptions, GOOGLE_SUPPORTED_DOMAINS, createCspHeader, mergeCspConfigs, mergeCspConfigsToSet }; | ||
| export { CSP_HEADER_NAME, CSP_PRESET_DATADOG_CDN_BUNDLE_URL, CSP_PRESET_DATADOG_INTAKE_URLS, CSP_PRESET_DATADOG_WEB_WORKER, CSP_PRESET_GOOGLE_ADS, CSP_PRESET_GOOGLE_ADS_FULL_TLD, CSP_PRESET_GOOGLE_ADS_USER_DATA_BEACON, CSP_PRESET_GOOGLE_ANALYTICS_4, CSP_PRESET_GOOGLE_ANALYTICS_4_GOOGLE_SIGNALS, CSP_PRESET_GOOGLE_ANALYTICS_4_GOOGLE_SIGNALS_FULL_TLD, CSP_PRESET_GOOGLE_FONTS, CSP_PRESET_GOOGLE_IDENTITY, CSP_PRESET_GOOGLE_TAG_MANAGER_CUSTOM_JAVASCRIPT_VARIABLES, CSP_PRESET_GOOGLE_TAG_MANAGER_NONCE, CSP_PRESET_GOOGLE_TAG_MANAGER_PREVIEW_MODE, CSP_PRESET_GOOGLE_TAG_MANAGER_UNSAFE_INLINE, CSP_PRESET_GOOGLE_UNIVERSAL_ANALYTICS, CSP_PRESET_HOTJAR, CSP_PRESET_INFOGRAM_EMBED, CSP_PRESET_PODSCRIBE, CSP_PRESET_REDDIT_EMBED, CSP_PRESET_SENTRY_SESSION_REPLAY, CSP_PRESET_TIKTOK_EMBED, CSP_PRESET_TIKTOK_PIXEL, CSP_PRESET_VIMEO_EMBED, CSP_PRESET_X_EMBED, CSP_PRESET_YOUTUBE_EMBED, ContentSecurityPolicyConfig, ContentSecurityPolicyDirective, ContentSecurityPolicyRecord, CreateCspHeaderOptions, GOOGLE_SUPPORTED_DOMAINS, createCspHeader, mergeCspConfigs, mergeCspConfigsToSet }; |
+12
-1
@@ -322,2 +322,13 @@ //#region src/constants.ts | ||
| }; | ||
| /** | ||
| * CSP directives for tiktok pixel | ||
| * | ||
| * @see https://business-api.tiktok.com/portal/docs?id=1739585704427522 | ||
| */ | ||
| const CSP_PRESET_TIKTOK_PIXEL = { | ||
| "connect-src": `https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com`, | ||
| "frame-src": `'self' bytedance: sslocal:`, | ||
| "img-src": `https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com`, | ||
| "script-src": `https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com` | ||
| }; | ||
@@ -359,2 +370,2 @@ //#endregion | ||
| //#endregion | ||
| export { CSP_HEADER_NAME, CSP_PRESET_DATADOG_CDN_BUNDLE_URL, CSP_PRESET_DATADOG_INTAKE_URLS, CSP_PRESET_DATADOG_WEB_WORKER, CSP_PRESET_GOOGLE_ADS, CSP_PRESET_GOOGLE_ADS_FULL_TLD, CSP_PRESET_GOOGLE_ADS_USER_DATA_BEACON, CSP_PRESET_GOOGLE_ANALYTICS_4, CSP_PRESET_GOOGLE_ANALYTICS_4_GOOGLE_SIGNALS, CSP_PRESET_GOOGLE_ANALYTICS_4_GOOGLE_SIGNALS_FULL_TLD, CSP_PRESET_GOOGLE_FONTS, CSP_PRESET_GOOGLE_IDENTITY, CSP_PRESET_GOOGLE_TAG_MANAGER_CUSTOM_JAVASCRIPT_VARIABLES, CSP_PRESET_GOOGLE_TAG_MANAGER_NONCE, CSP_PRESET_GOOGLE_TAG_MANAGER_PREVIEW_MODE, CSP_PRESET_GOOGLE_TAG_MANAGER_UNSAFE_INLINE, CSP_PRESET_GOOGLE_UNIVERSAL_ANALYTICS, CSP_PRESET_HOTJAR, CSP_PRESET_INFOGRAM_EMBED, CSP_PRESET_PODSCRIBE, CSP_PRESET_REDDIT_EMBED, CSP_PRESET_SENTRY_SESSION_REPLAY, CSP_PRESET_TIKTOK_EMBED, CSP_PRESET_VIMEO_EMBED, CSP_PRESET_X_EMBED, CSP_PRESET_YOUTUBE_EMBED, GOOGLE_SUPPORTED_DOMAINS, createCspHeader, mergeCspConfigs, mergeCspConfigsToSet }; | ||
| export { CSP_HEADER_NAME, CSP_PRESET_DATADOG_CDN_BUNDLE_URL, CSP_PRESET_DATADOG_INTAKE_URLS, CSP_PRESET_DATADOG_WEB_WORKER, CSP_PRESET_GOOGLE_ADS, CSP_PRESET_GOOGLE_ADS_FULL_TLD, CSP_PRESET_GOOGLE_ADS_USER_DATA_BEACON, CSP_PRESET_GOOGLE_ANALYTICS_4, CSP_PRESET_GOOGLE_ANALYTICS_4_GOOGLE_SIGNALS, CSP_PRESET_GOOGLE_ANALYTICS_4_GOOGLE_SIGNALS_FULL_TLD, CSP_PRESET_GOOGLE_FONTS, CSP_PRESET_GOOGLE_IDENTITY, CSP_PRESET_GOOGLE_TAG_MANAGER_CUSTOM_JAVASCRIPT_VARIABLES, CSP_PRESET_GOOGLE_TAG_MANAGER_NONCE, CSP_PRESET_GOOGLE_TAG_MANAGER_PREVIEW_MODE, CSP_PRESET_GOOGLE_TAG_MANAGER_UNSAFE_INLINE, CSP_PRESET_GOOGLE_UNIVERSAL_ANALYTICS, CSP_PRESET_HOTJAR, CSP_PRESET_INFOGRAM_EMBED, CSP_PRESET_PODSCRIBE, CSP_PRESET_REDDIT_EMBED, CSP_PRESET_SENTRY_SESSION_REPLAY, CSP_PRESET_TIKTOK_EMBED, CSP_PRESET_TIKTOK_PIXEL, CSP_PRESET_VIMEO_EMBED, CSP_PRESET_X_EMBED, CSP_PRESET_YOUTUBE_EMBED, GOOGLE_SUPPORTED_DOMAINS, createCspHeader, mergeCspConfigs, mergeCspConfigsToSet }; |
+19
-20
| { | ||
| "name": "csp-helper", | ||
| "version": "0.11.0", | ||
| "version": "0.12.0", | ||
| "description": "Helpers for managing Content Security Policy (CSP)", | ||
@@ -36,4 +36,4 @@ "keywords": [ | ||
| ".": { | ||
| "import": "./dist/index.mjs", | ||
| "require": "./dist/index.cjs" | ||
| "require": "./dist/index.cjs", | ||
| "import": "./dist/index.mjs" | ||
| }, | ||
@@ -63,19 +63,19 @@ "./package.json": "./package.json" | ||
| "devDependencies": { | ||
| "@commitlint/cli": "^19.8.1", | ||
| "@commitlint/config-conventional": "^19.8.1", | ||
| "@meteorlxy/eslint-config": "^6.6.0", | ||
| "@meteorlxy/prettier-config": "^6.6.0", | ||
| "@meteorlxy/tsconfig": "^6.0.0", | ||
| "@vitest/coverage-istanbul": "^3.2.4", | ||
| "bumpp": "^10.2.2", | ||
| "@commitlint/cli": "^20.3.1", | ||
| "@commitlint/config-conventional": "^20.3.1", | ||
| "@meteorlxy/eslint-config": "^6.9.1", | ||
| "@meteorlxy/prettier-config": "^6.9.0", | ||
| "@meteorlxy/tsconfig": "^6.8.5", | ||
| "@vitest/coverage-istanbul": "^4.0.17", | ||
| "bumpp": "^10.4.0", | ||
| "conventional-changelog-cli": "^5.0.0", | ||
| "eslint": "^9.33.0", | ||
| "eslint": "^9.39.2", | ||
| "husky": "^9.1.7", | ||
| "lint-staged": "^16.1.5", | ||
| "prettier": "^3.6.2", | ||
| "rimraf": "^6.0.1", | ||
| "sort-package-json": "^3.4.0", | ||
| "tsdown": "^0.14.0", | ||
| "typescript": "^5.9.2", | ||
| "vitest": "^3.2.4" | ||
| "lint-staged": "^16.2.7", | ||
| "prettier": "^3.8.0", | ||
| "rimraf": "^6.1.2", | ||
| "sort-package-json": "^3.6.0", | ||
| "tsdown": "^0.20.0-beta.3", | ||
| "typescript": "^5.9.3", | ||
| "vitest": "^4.0.17" | ||
| }, | ||
@@ -95,6 +95,5 @@ "engines": { | ||
| "lint:fix": "eslint --fix . && prettier --write .", | ||
| "release": "pnpm release:check && pnpm release:version && pnpm release:publish", | ||
| "release": "pnpm release:check && pnpm release:version", | ||
| "release:changelog": "conventional-changelog -p angular -i CHANGELOG.md -s", | ||
| "release:check": "pnpm clean && pnpm build && pnpm lint && pnpm check-types && pnpm test", | ||
| "release:publish": "pnpm publish", | ||
| "release:version": "bumpp --execute=\"pnpm release:changelog\" --commit \"build: publish v%s\" --all", | ||
@@ -101,0 +100,0 @@ "test": "vitest run", |
New alerts
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Fixed alerts
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
72661
2.34%- Lines of code
742
3.2%- Number of medium supply chain risk alerts
0
-100%No dependency changes