{"id":13657904,"url":"https://github.com/google/csp-evaluator","last_synced_at":"2025-04-24T08:30:48.050Z","repository":{"id":12220893,"uuid":"70918855","full_name":"google/csp-evaluator","owner":"google","description":null,"archived":false,"fork":false,"pushed_at":"2025-02-20T00:41:24.000Z","size":200,"stargazers_count":352,"open_issues_count":18,"forks_count":47,"subscribers_count":13,"default_branch":"master","last_synced_at":"2025-04-17T15:27:59.469Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://csp-evaluator.withgoogle.com","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/google.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS","dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-10-14T14:41:41.000Z","updated_at":"2025-04-05T08:20:56.000Z","dependencies_parsed_at":"2023-12-23T16:35:12.640Z","dependency_job_id":"e00fb526-b3c6-4cb0-aabe-809803143dcd","html_url":"https://github.com/google/csp-evaluator","commit_stats":{"total_commits":31,"total_committers":10,"mean_commits":3.1,"dds":0.5806451612903225,"last_synced_commit":"b15f90e795b38d60e18fcdceaafc00ba335e4503"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fcsp-evaluator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fcsp-evaluator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fcsp-evaluator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fcsp-evaluator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/google","download_url":"https://codeload.github.com/google/csp-evaluator/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250329882,"owners_count":21412897,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-02T05:00:53.053Z","updated_at":"2025-04-24T08:30:45.965Z","avatar_url":"https://github.com/google.png","language":"TypeScript","readme":"# CSP Evaluator Core Library\n\n## Introduction\n\n--------------------------------------------------------------------------------\n\nPlease note: this is not an official Google product.\n\nCSP Evaluator allows developers and security experts to check if a Content\nSecurity Policy ([CSP](https://csp.withgoogle.com/docs/index.html)) serves as a\nstrong mitigation against\n[cross-site scripting attacks](https://www.google.com/about/appsecurity/learning/xss/).\nIt assists with the process of reviewing CSP policies, and helps identify subtle\nCSP bypasses which undermine the value of a policy. CSP Evaluator checks are\nbased on a [large-scale study](https://research.google.com/pubs/pub45542.html)\nand are aimed to help developers to harden their CSP and improve the security of\ntheir applications. This tool is provided only for the convenience of developers\nand Google provides no guarantees or warranties for this tool.\n\nCSP Evaluator comes with a built-in list of common CSP allowlist bypasses which\nreduce the security of a policy. This list only contains popular bypasses and is\nby no means complete.\n\nThe CSP Evaluator library + frontend is deployed here:\nhttps://csp-evaluator.withgoogle.com/\n\n## Installing\n\nThis library is published to `https://www.npmjs.com/package/csp_evaluator`. You\ncan install it via:\n\n```bash\nnpm install csp_evaluator\n```\n\n## Building\n\nTo build, run:\n\n```bash\nnpm install \u0026\u0026 tsc --build\n```\n\n## Testing\n\nTo run unit tests, run:\n\n```bash\nnpm install \u0026\u0026 npm test\n```\n\n## Example Usage\n\n```javascript\nimport {CspEvaluator} from \"csp_evaluator/dist/evaluator.js\";\nimport {CspParser} from \"csp_evaluator/dist/parser.js\";\n\nconst parsed = new CspParser(\"script-src https://google.com\").csp;\nconsole.log(new CspEvaluator(parsed).evaluate());\n```\n","funding_links":[],"categories":["JavaScript (71)","TypeScript"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogle%2Fcsp-evaluator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgoogle%2Fcsp-evaluator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogle%2Fcsp-evaluator/lists"}