{"id":19420103,"url":"https://github.com/einride/csp-evaluator-cli","last_synced_at":"2025-07-26T10:38:50.659Z","repository":{"id":255446308,"uuid":"851005674","full_name":"einride/csp-evaluator-cli","owner":"einride","description":"A command line tool to validate Content-Security-Policy rules","archived":false,"fork":false,"pushed_at":"2025-06-27T05:10:24.000Z","size":1191,"stargazers_count":4,"open_issues_count":2,"forks_count":0,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-06-27T06:21:23.278Z","etag":null,"topics":["cli","content-security-policy","einride"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/einride.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-09-02T08:50:40.000Z","updated_at":"2025-06-02T06:18:11.000Z","dependencies_parsed_at":"2024-09-05T01:49:59.227Z","dependency_job_id":"65aba9a4-da8f-4262-8f6a-46851376177a","html_url":"https://github.com/einride/csp-evaluator-cli","commit_stats":null,"previous_names":["einride/csp-evaluator-cli"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/einride/csp-evaluator-cli","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/einride%2Fcsp-evaluator-cli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/einride%2Fcsp-evaluator-cli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/einride%2Fcsp-evaluator-cli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/einride%2Fcsp-evaluator-cli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/einride","download_url":"https://codeload.github.com/einride/csp-evaluator-cli/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/einride%2Fcsp-evaluator-cli/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267150480,"owners_count":24043473,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-26T02:00:08.937Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","content-security-policy","einride"],"created_at":"2024-11-10T13:21:05.046Z","updated_at":"2025-07-26T10:38:50.623Z","avatar_url":"https://github.com/einride.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# csp-evaluator-cli\n\nA command line tool that wraps [csp-evaluator].\n\n## Installation\n\n```\n$ npm install -g @einride/csp-evaluator-cli\n```\n\n## Usage\n\nCLI interface strives to mimic [CSP Evaluator online tool]. It takes Content Security Policy as a string,\nand outputs findings based on that into stdout.\n\n### Output format\n\nThere are three supported output formats:\n\n1. **human** (default)\n\nMimics [CSP Evaluator online tool] output.\n\n```\n\u003e csp validate \"script-src https://google.com\"\n! Missing object-src allows the injection of plugins which can execute JavaScript. Can you set it to 'none'?\nscript-src:\n   ? https://google.com: No bypass found; make sure that this URL doesn't serve JSONP replies or Angular libraries.\n```\n\n2. **json**\n\nJSON is passed as is from [csp-evaluator] output.\n\n```\n\u003e csp validate --output-format=json \"script-src https://google.com\"\n[{\"type\":300,\"description\":\"Missing object-src allows the injection of plugins which can execute JavaScript. Can you set it to 'none'?\",\"severity\":10,\"directive\":\"object-src\"},{\"type\":305,\"description\":\"No bypass found; make sure that this URL doesn't serve JSONP replies or Angular libraries.\",\"severity\":50,\"directive\":\"script-src\",\"value\":\"https://google.com\"}]\n```\n\n3. **json-pretty**\n\nSame as **json**, but with indentations.\n\n```\n\u003e csp validate --output-format=json-pretty \"script-src https://google.com\"\n[\n    {\n        \"type\": 300,\n        \"description\": \"Missing object-src allows the injection of plugins which can execute JavaScript. Can you set it to 'none'?\",\n        \"severity\": 10,\n        \"directive\": \"object-src\"\n    },\n    {\n        \"type\": 305,\n        \"description\": \"No bypass found; make sure that this URL doesn't serve JSONP replies or Angular libraries.\",\n        \"severity\": 50,\n        \"directive\": \"script-src\",\n        \"value\": \"https://google.com\"\n    }\n]\n```\n\n### Exit codes\n\nExit code is always 0, except for a case when a policy contains syntax errors.\n\n```\n\u003e csp validate \"script https://google.com\"\n! Missing object-src allows the injection of plugins which can execute JavaScript. Can you set it to 'none'?\n! script-src directive is missing.\nx Directive \"script\" is not a known CSP directive.\n\u003e $?\n\u003e 1\n```\n\n### Input\n\n1. As an argument\n\n```\n\u003e csp validate \"script-src https://google.com\"\n```\n\n2. From stdin\n\n```\n\u003e echo \"script-src https://google.com\" | csp validate -\n```\n\n3. From a file\n\n```\n\u003e echo \"script-src https://google.com\" \u003e policy.txt\n\u003e csp validate policy.txt\n```\n\n## Contribute\n\nSee [Contributing Guide](./CONTRIBUTING.md).\n\n## Security Policy\n\nSee [Security Policy](./SECURITY.md).\n\n## License\n\n[MIT](./LICENSE)\n\n[csp evaluator online tool]: https://csp-evaluator.withgoogle.com/\n[csp-evaluator]: https://github.com/google/csp-evaluator\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feinride%2Fcsp-evaluator-cli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Feinride%2Fcsp-evaluator-cli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feinride%2Fcsp-evaluator-cli/lists"}