
Research
/Security News
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
NodeJS module for parsing Content-Security-policy policies.
The module takes raw CSP policy strings, and parses them into Policy objects. From there the objects can be manipulated (adding/removing different values from the directives).
Afterwards policy.toString() can be called to get the updated policy.
npm install csp-parse
Or to use as plain javascript, remove the last line.
var Policy = require('csp-parse');
var example = "script-src 'self' www.google-analytics.com ajax.googleapis.com; style-src 'self';"
var policy = new Policy(example)
policy.get('script-src') // "'self' www.google-analytics.com ajax.googleapis.com"
policy.add('script-src', 'code.jquery.com');
policy.get('script-src') // "'self' www.google-analytics.com ajax.googleapis.com code.jquery.com"
policy.toString() // "script-src 'self' www.google-analytics.com ajax.googleapis.com code.jquery.com; style-src 'self';"
policy.set('connect-src', 'socket.webserver.com socket2.webserver.com');
policy.toPrettyString()
//script-src
// 'self' www.google-analytics.com ajax.googleapis.com code.jquery.com;
//style-src
// 'self';
//connect-src
// socket.webserver.com socket2.webserver.com
For more examples see the test cases.
Takes a CSP policy and returns a Policy object.
Returns a list of allowed values for 'directive'
Adds the value to the directive string
Sets the 'directive' value to 'line'
Returns string representation of policy
Returns a pretty string representation of the policy
mocha
/brain explodes
FAQs
Content-Security-Policy policy parser
The npm package csp-parse receives a total of 7,871 weekly downloads. As such, csp-parse popularity was classified as popular.
We found that csp-parse demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
Security News
Meet Socket at Black Hat & DEF CON 2025 for 1:1s, insider security talks at Allegiant Stadium, and a private dinner with top minds in software supply chain security.
Security News
CAI is a new open source AI framework that automates penetration testing tasks like scanning and exploitation up to 3,600× faster than humans.