Security News
New Proposed CISA Mandate Would Require Critical Infrastructure to Report Ransom Payments Within 24 Hours
CISA has proposed a set of new rules that would require critical infrastructure to report cyber incidents and ransom payments.
get-nonce
Advanced tools
returns nonce
Weekly downloads
Readme
just returns a nonce (number used once). No batteries included in those 46 bytes of this library.
webpack
support via __webpack_nonce__
getNonce(): string|undefined
- returns the current nonce
setNonce(newValue)
- set's nonce valueWhy we need a library to access __webpack_nonce__
? Abstractions!
"I", as a library author, don't want to "predict" the platform "you" going to use.
"I", as well, want an easier way to test and control nonce
value.
Like - nonce
is supported out of the box only by webpack, what you are going to do?
This is why this "man-in-the-middle" was created.
Yep, think about left-pad
:)
To activate the feature set a webpack_nonce variable needs to be included in your entry script.
__webpack_nonce__ = uuid(); // for example
Without webpack
__webpack_nonce__
is actually just a global variable,
which makes it actually bundler independent,
however "other bundlers" are able to replicate it only setting it as a global variable
(as here in tests) which violates a "secure" nature of nonce
.
get-nonce
is not global.
react-style-singleton
<- react-remove-scroll
<- react-focus-on
MIT
FAQs
returns nonce
The npm package get-nonce receives a total of 3,012,987 weekly downloads. As such, get-nonce popularity was classified as popular.
We found that get-nonce demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CISA has proposed a set of new rules that would require critical infrastructure to report cyber incidents and ransom payments.
Security News
Redis is no longer OSS, breaking its explicit commitment to remain under the BSD 3-Clause License forever. This has angered contributors who are now working to fork the software.
Product
Socket AI now enables 'AI detected potential malware' alerts by default, ensuring users benefit from AI-powered state-of-the-art malware detection without needing to opt-in.