Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
csp_evaluator
Advanced tools
csp_evaluator - npm Package Compare versions
Comparing version 1.0.1 to 1.0.2
@@ -138,3 +138,3 @@ /** | ||
| // Continue, if it's an allowed Trusted Types keyword. | ||
| if (value === '\'allow-duplicates\'') { | ||
| if (value === '\'allow-duplicates\'' || value === '\'none\'') { | ||
| continue; | ||
@@ -141,0 +141,0 @@ } |
@@ -146,2 +146,1 @@ /** | ||
| } | ||
| { | ||
| "name": "csp_evaluator", | ||
| "version": "1.0.1", | ||
| "version": "1.0.2", | ||
| "description": "Evaluate Content Security Policies for a wide range of bypasses and weaknesses", | ||
| "main": "dist/evaluator.js", | ||
| "keywords": ["csp", "content security policy", "content-security-policy", "csp-evaluator"], | ||
| "keywords": [ | ||
| "csp", | ||
| "content security policy", | ||
| "content-security-policy", | ||
| "csp-evaluator" | ||
| ], | ||
| "homepage": "https://csp-evaluator.withgoogle.com/", | ||
@@ -14,3 +19,11 @@ "author": "Lukas Weichselbaum <lwe@google.com>", | ||
| "url": "https://github.com/google/csp-evaluator" | ||
| }, | ||
| "scripts": { | ||
| "test": "tsc && npx jasmine --config=jasmine.json" | ||
| }, | ||
| "devDependencies": { | ||
| "@types/jasmine": "^3.6.7", | ||
| "jasmine": "^3.7.0", | ||
| "typescript": "^4.2.3" | ||
| } | ||
| } |
@@ -104,2 +104,1 @@ /** | ||
| export const TEST_ONLY = {normalizeDirectiveValue}; | ||
@@ -44,2 +44,10 @@ # CSP Evaluator Core Library | ||
| ## Testing | ||
| To run unit tests, run: | ||
| ```bash | ||
| npm install && npm test | ||
| ``` | ||
| ## Example Usage | ||
@@ -54,1 +62,27 @@ | ||
| ``` | ||
| <!-- copybara:strip_begin(internal documentation) --> | ||
| # Internal Docs | ||
| This library is synced to github.com/google/csp-evaluator by go/copybara and is published to NPM by http://go/npm-publish. Lighthouse uses the published NPM library. | ||
| ## Architecture | ||
| All code is written in Typescript. In this main directory is the core of the library for parsing and evaluating CSPs. `checks/` contains the various checks that are run against the policies. `lighthouse/` contains the checks that are used by Lighthouse for their integration. | ||
| There is also a [Chrome Extension](https://chrome.google.com/webstore/detail/fjohamlofnakbnbfjkohkbdigoodcejf) and a [demo service](https://csp-evaluator.withgoogle.com/) using this library. Since these are not open sourced, they live in `google3/javascript/security/csp/csp_evaluator/`. When working on the library, ensure you run tests in that directory too. | ||
| ## Contributing Process | ||
| 1. Make a change to the code | ||
| 2. Open a CL and review the change to ensure that it is okay to be released publicly on Github. Currently we have Copybara configured to strip TODOs and IFTTT comment blocks. Ensure that your change doesn't add any confidential Google information (e.g. go/ links). | ||
| 3. Request a review on the CL from lwe@ or ddworken@. Requesting a review will trigger Copybara to create a PR against the Github repo. Look in the analysis tab to find the link to the PR. | ||
| 4. Submit the CL and then merge the PR. If you need approval on the PR, get it from lwe@ or ddworken@. | ||
| 5. If the change needs to be published to NPM, follow the directions at go/npm-publish. Note that you'll need to bump the version in `package.json`. If possible, please confirm that the OSS version works by running tests on Github (see above for info on how to do this) before publishing. | ||
| ## HELP! | ||
| Ping lwe@ or ddworken@ for any questions. | ||
| <!-- copybara:strip_end --> | ||
| { | ||
| "compilerOptions": { | ||
| "target": "ES2020", /* Specify ECMAScript target version: 'ES3' (default), 'ES5', 'ES2015', 'ES2016', 'ES2017', 'ES2018', 'ES2019', 'ES2020', or 'ESNEXT'. */ | ||
| "module": "commonjs", /* Specify module code generation: 'none', 'commonjs', 'amd', 'system', 'umd', 'es2015', 'es2020', or 'ESNext'. */ | ||
| "declaration": true, /* Generates corresponding '.d.ts' file. */ | ||
| "declarationMap": true, /* Generates a sourcemap for each corresponding '.d.ts' file. */ | ||
| "sourceMap": true, /* Generates corresponding '.map' file. */ | ||
| "outDir": "dist", /* Redirect output structure to the directory. */ | ||
| "removeComments": true, /* Do not emit comments to output. */ | ||
| "strict": true, /* Enable all strict type-checking options. */ | ||
| "esModuleInterop": true, /* Enables emit interoperability between CommonJS and ES Modules via creation of namespace objects for all imports. Implies 'allowSyntheticDefaultImports'. */ | ||
| "forceConsistentCasingInFileNames": true /* Disallow inconsistently-cased references to the same file. */ | ||
| "target": "ES2020", | ||
| "module": "commonjs", | ||
| "declaration": true, | ||
| "declarationMap": true, | ||
| "sourceMap": true, | ||
| "outDir": "dist", | ||
| "removeComments": true, | ||
| "strict": true, | ||
| "esModuleInterop": true, | ||
| "forceConsistentCasingInFileNames": true | ||
| } | ||
| } |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Lines of code
- increased by0.8%
3662
- Number of lines in readme file
- increased by64.15%
87
Worsened metrics
- Total package byte prevSize
- decreased by-15.56%
182993
- Dev dependency count
- increased byInfinity%
3
- Number of package files
- decreased by-47.44%
41
No dependency changes