Socket
Socket
Sign inDemoInstall

get-nonce

Package Overview
Dependencies
0
Maintainers
1
Versions
2
Alerts
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

get-nonce

returns nonce


Version published
Maintainers
1
Weekly downloads
3,844,965
decreased by-26.38%

Weekly downloads

Readme

Source

get-nonce

just returns a nonce (number used once). No batteries included in those 46 bytes of this library.


  • ✅ build in webpack support via __webpack_nonce__

API

  • getNonce(): string|undefined - returns the current nonce
  • setNonce(newValue) - set's nonce value

Why?

Why we need a library to access __webpack_nonce__? Abstractions!

"I", as a library author, don't want to "predict" the platform "you" going to use. "I", as well, want an easier way to test and control nonce value.

Like - nonce is supported out of the box only by webpack, what you are going to do?

This is why this "man-in-the-middle" was created. Yep, think about left-pad :)

Webpack

https://webpack.js.org/guides/csp/

To activate the feature set a webpack_nonce variable needs to be included in your entry script.

__webpack_nonce__ = uuid(); // for example

Without webpack __webpack_nonce__ is actually just a global variable, which makes it actually bundler independent, however "other bundlers" are able to replicate it only setting it as a global variable (as here in tests) which violates a "secure" nature of nonce.

get-nonce is not global.

Used in

  • react-style-singleton <- react-remove-scroll <- react-focus-on

Inspiration

Licence

MIT

Keywords

FAQs

Last updated on 17 Apr 2020

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc