{"id":15392631,"url":"https://github.com/jackdbd/permissions-policy","last_synced_at":"2026-02-01T06:31:47.166Z","repository":{"id":236977856,"uuid":"793537877","full_name":"jackdbd/permissions-policy","owner":"jackdbd","description":"Permissions-Policy in JavaScript","archived":false,"fork":false,"pushed_at":"2025-01-21T23:49:22.000Z","size":294,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-10-03T08:58:38.327Z","etag":null,"topics":["http","http-header","permissions-policy","security-headers"],"latest_commit_sha":null,"homepage":"https://jackdbd.github.io/permissions-policy/","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jackdbd.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-04-29T12:11:56.000Z","updated_at":"2024-04-29T13:54:06.000Z","dependencies_parsed_at":"2025-06-21T01:43:53.047Z","dependency_job_id":"742d9726-4b02-4b04-bfef-d5c2ea5c29cb","html_url":"https://github.com/jackdbd/permissions-policy","commit_stats":null,"previous_names":["jackdbd/permissions-policy"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/jackdbd/permissions-policy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jackdbd%2Fpermissions-policy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jackdbd%2Fpermissions-policy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jackdbd%2Fpermissions-policy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jackdbd%2Fpermissions-policy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jackdbd","download_url":"https://codeload.github.com/jackdbd/permissions-policy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jackdbd%2Fpermissions-policy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28970525,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-01T05:48:53.985Z","status":"ssl_error","status_checked_at":"2026-02-01T05:47:55.855Z","response_time":56,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["http","http-header","permissions-policy","security-headers"],"created_at":"2024-10-01T15:15:25.701Z","updated_at":"2026-02-01T06:31:47.153Z","avatar_url":"https://github.com/jackdbd.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# permissions-policy\n\n[![npm package badge](https://badge.fury.io/js/@jackdbd%2Fpermissions-policy.svg)](https://badge.fury.io/js/@jackdbd%2Fpermissions-policy)\n[![install size badge](https://packagephobia.com/badge?p=@jackdbd/permissions-policy)](https://packagephobia.com/result?p=@jackdbd/permissions-policy)\n[![CI GitHub workflow badge](https://github.com/jackdbd/permissions-policy/actions/workflows/ci.yaml/badge.svg)](https://github.com/jackdbd/permissions-policy/actions/workflows/ci.yaml)\n[![CodeCov badge](https://codecov.io/gh/jackdbd/permissions-policy/graph/badge.svg?token=9jddzo5Dt3)](https://codecov.io/gh/jackdbd/permissions-policy)\n[![CodeFactor badge](https://www.codefactor.io/repository/github/jackdbd/permissions-policy/badge)](https://www.codefactor.io/repository/github/jackdbd/permissions-policy)\n[![Socket badge](https://socket.dev/api/badge/npm/package/@jackdbd/permissions-policy)](https://socket.dev/npm/package/@jackdbd/permissions-policy)\n[![Conventional Commits badge](https://img.shields.io/badge/Conventional%20Commits-1.0.0-%23FE5196?logo=conventionalcommits\u0026logoColor=white)](https://conventionalcommits.org)\n\nDefine your `Permissions-Policy` in JavaScript and let this library generate the header for you.\n\n- [Installation](#installation)\n- [About](#about)\n- [Docs](#docs)\n- [Usage](#usage)\n- [Configuration](#configuration)\n  - [Options](#options)\n  - [Features](#features)\n  - [Allowlist](#allowlist)\n- [Troubleshooting](#troubleshooting)\n- [Dependencies](#dependencies)\n- [License](#license)\n\n## Installation\n\n```sh\nnpm install @jackdbd/permissions-policy\n```\n\n**Note**: this library was tested on Node.js \u003e=18. It might work on other Node.js versions though.\n\n## About\n\nThis library allows you to define a [Permissions-Policy](https://w3c.github.io/webappsec-permissions-policy/) and a [Feature-Policy](https://developer.mozilla.org/en-US/docs/Web/API/FeaturePolicy) in JavaScript, and then it generates the corresponding headers for you.\n\n## Docs\n\n[Docs generated by TypeDoc](https://jackdbd.github.io/permissions-policy/permissions-policy/)\n\n\u003e :open_book: **API Docs**\n\u003e\n\u003e This project uses [API Extractor](https://api-extractor.com/) and [api-documenter markdown](https://api-extractor.com/pages/commands/api-documenter_markdown/) to generate a bunch of markdown files and a `.d.ts` rollup file containing all type definitions consolidated into a single file. I don't find this `.d.ts` rollup file particularly useful. On the other hand, the markdown files that api-documenter generates are quite handy when reviewing the public API of this project.\n\u003e\n\u003e *See [Generating API docs](https://api-extractor.com/pages/setup/generating_docs/) if you want to know more*.\n\n## Usage\n\nHere is how you can generate a `Permissions-Policy` header:\n\n```ts\nimport { permissionsPolicy } from '@jackdbd/permissions-policy'\n\nconst { error, value } = permissionsPolicy({\n  features: {\n    bluetooth: [],\n    camera: ['self'],\n    fullscreen: ['*'],\n    microphone: ['self', 'https://*.example.com']\n  },\n  reportingEndpoint: 'permissions_policy'\n})\n```\n\nSince at the moment [browser support for Permissions-Policy](https://caniuse.com/?search=Permissions-Policy) is [not as wide as for Feature-Policy](https://caniuse.com/?search=Feature-Policy), it's probably a good idea to generate `Feature-Policy` too. This library has you covered:\n\n```ts\nimport { featurePolicy } from '@jackdbd/permissions-policy'\n\nconst { error, value } = featurePolicy({\n  features: {\n    bluetooth: [],\n    camera: ['self'],\n    fullscreen: ['*'],\n    microphone: ['self', 'https://*.example.com']\n  }\n})\n```\n\n## Configuration\n\nRead these resources to understand how to configure the `Permissions-Policy` and the `Feature-Policy` HTTP response headers.\n\n- [A new security header: Feature Policy](https://scotthelme.co.uk/a-new-security-header-feature-policy/)\n- [Goodbye Feature Policy and hello Permissions Policy!](https://scotthelme.co.uk/goodbye-feature-policy-and-hello-permissions-policy/)\n- [Permissions Policy Explainer](https://github.com/w3c/webappsec-permissions-policy/blob/main/permissions-policy-explainer.md)\n- [Policy Controlled Features](https://github.com/w3c/webappsec-permissions-policy/blob/main/features.md)\n- [Controlling browser features with Permissions Policy](https://developer.chrome.com/en/docs/privacy-sandbox/permissions-policy/)\n\n### Options\n\n| Key | Default | Description |\n|---|---|---|\n| `features` | `{}` | Hash map for configuring `Permissions-Policy`. Each entry has a [directive](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy#directives) as the key, and an [allowlist](https://developer.mozilla.org/en-US/docs/Web/HTTP/Permissions_Policy#allowlists) as the value. |\n| `reportingEndpoint` | `undefined` | Endpoint for the [Reporting API](https://developer.mozilla.org/en-US/docs/Web/API/Reporting_API). Violations of `Permissions-Policy` (or `Permissions-Policy-Report-Only`) will be sent here. |\n\n### Features\n\nThis library defines 55 `Permissions-Policy` features:\n\n[accelerometer](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/accelerometer), [ambient-light-sensor](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/ambient-light-sensor), [attribution-reporting](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/attribution-reporting), [autoplay](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/autoplay), [battery](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/battery), [bluetooth](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/bluetooth), [browsing-topics](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/browsing-topics), [camera](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/camera), [ch-device-memory](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/ch-device-memory), [ch-downlink](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/ch-downlink), [ch-ect](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/ch-ect), [ch-rtt](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/ch-rtt), [ch-save-data](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/ch-save-data), [ch-ua-arch](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/ch-ua-arch), [ch-ua-bitness](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/ch-ua-bitness), [clipboard-read](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/clipboard-read), [clipboard-write](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/clipboard-write), [conversion-measurement](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/conversion-measurement), [cross-origin-isolated](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/cross-origin-isolated), [display-capture](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/display-capture), [document-domain](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/document-domain), [encrypted-media](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/encrypted-media), [execution-while-not-rendered](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/execution-while-not-rendered), [execution-while-out-of-viewport](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/execution-while-out-of-viewport), [focus-without-user-activation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/focus-without-user-activation), [fullscreen](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/fullscreen), [gamepad](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/gamepad), [geolocation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/geolocation), [gyroscope](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/gyroscope), [hid](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/hid), [idle-detection](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/idle-detection), [layout-animations](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/layout-animations), [legacy-image-formats](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/legacy-image-formats), [magnetometer](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/magnetometer), [microphone](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/microphone), [midi](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/midi), [navigation-override](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/navigation-override), [oversized-images](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/oversized-images), [payment](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/payment), [picture-in-picture](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/picture-in-picture), [publickey-credentials-get](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/publickey-credentials-get), [screen-wake-lock](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/screen-wake-lock), [serial](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/serial), [speaker-selection](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/speaker-selection), [sync-script](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/sync-script), [sync-xhr](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/sync-xhr), [trust-token-redemption](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/trust-token-redemption), [unload](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/unload), [unoptimized-images](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/unoptimized-images), [unsized-media](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/unsized-media), [usb](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/usb), [vertical-scroll](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/vertical-scroll), [web-share](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/web-share), [window-placement](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/window-placement), [xr-spatial-tracking](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/xr-spatial-tracking)\n\n### Allowlist\n\nAn [allowlist](https://developer.mozilla.org/en-US/docs/Web/HTTP/Permissions_Policy#allowlists) is a list containing specific origins or special values.\n\n## Troubleshooting\n\nThis library uses [debug](https://github.com/debug-js/debug) for logging.\nYou can control what's logged using the `DEBUG` environment variable.\n\nFor example, if you set your environment variables in a `.envrc` file, you can do:\n\n```sh\nexport DEBUG=permissions-policy\n```\n\nIf you are trying to configure `Permissions-Policy` or `Feature-Policy` with one or more features not implemented in this library, you can opt out of the schema validation by setting the environment variable `SKIP_VALIDATION` to `1`.\n\n```sh\nexport SKIP_VALIDATION=1\n```\n\n## Dependencies\n\n| Package | Version |\n|---|---|\n| [zod](https://www.npmjs.com/package/zod) | `^3.23.4` |\n| [zod-validation-error](https://www.npmjs.com/package/zod-validation-error) | `^3.2.0` |\n\n\u003e ⚠️ **Peer Dependencies**\n\u003e\n\u003e This package defines 1 peer dependency.\n\n| Peer | Version range |\n|---|---|\n| `debug` | `\u003e=4.0.0` |\n\n## License\n\n\u0026copy; 2024 [Giacomo Debidda](https://www.giacomodebidda.com/) // [MIT License](https://spdx.org/licenses/MIT.html)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjackdbd%2Fpermissions-policy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjackdbd%2Fpermissions-policy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjackdbd%2Fpermissions-policy/lists"}