{"id":22305709,"url":"https://github.com/muratgozel/csp-dev","last_synced_at":"2025-07-29T04:32:36.273Z","repository":{"id":46687429,"uuid":"265293357","full_name":"muratgozel/csp-dev","owner":"muratgozel","description":"Spec compliant content security policy builder and parser. 🚨","archived":false,"fork":false,"pushed_at":"2022-11-12T02:21:45.000Z","size":16,"stargazers_count":3,"open_issues_count":2,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-04-29T22:59:41.276Z","etag":null,"topics":["content-security-policy","csp","csp-builder","csp-parser"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/muratgozel.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null},"funding":{"github":null,"patreon":null,"open_collective":null,"ko_fi":"muratgozel","tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":null}},"created_at":"2020-05-19T15:56:09.000Z","updated_at":"2021-09-30T00:13:41.000Z","dependencies_parsed_at":"2023-01-22T00:19:43.076Z","dependency_job_id":null,"html_url":"https://github.com/muratgozel/csp-dev","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/muratgozel%2Fcsp-dev","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/muratgozel%2Fcsp-dev/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/muratgozel%2Fcsp-dev/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/muratgozel%2Fcsp-dev/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/muratgozel","download_url":"https://codeload.github.com/muratgozel/csp-dev/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":227981887,"owners_count":17850920,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["content-security-policy","csp","csp-builder","csp-parser"],"created_at":"2024-12-03T19:12:51.314Z","updated_at":"2024-12-03T19:12:51.969Z","avatar_url":"https://github.com/muratgozel.png","language":"JavaScript","funding_links":["https://ko-fi.com/muratgozel","https://ko-fi.com/F1F1RFO7"],"categories":[],"sub_categories":[],"readme":"# csp-dev\nSpec compliant content security policy builder and parser. 🚨\n\n![NPM](https://img.shields.io/npm/l/csp-dev)\n[![npm version](https://badge.fury.io/js/csp-dev.svg)](https://badge.fury.io/js/csp-dev)\n![npm bundle size](https://img.shields.io/bundlephobia/min/csp-dev)\n![npm](https://img.shields.io/npm/dy/csp-dev)\n\n## Install\n```sh\nnpm i -D csp-dev\n```\n\n## Use\n### Build Policy\n```js\nconst ContentSecurityPolicy = require('csp-dev')\n\nconst builder = new ContentSecurityPolicy()\nbuilder.newDirective('script-src', ['self', 'unsafe-inline', 'nonce-2726c7f26c', '*.test.com'])\nbuilder.newDirective('default-src', 'self')\nbuilder.newDirective('style-src', 'data:')\n\n// or by loading an object\n\nconst builder2 = new ContentSecurityPolicy()\nbuilder2.load({\n  'default-src': ['self'],\n  'script-src': [\n    'self', 'unsafe-inline', 'nonce-2726c7f26c', '*.test.com'\n  ],\n  'style-src': ['data:']\n})\n```\n### Parse Policy Data\n```js\nconst ContentSecurityPolicy = require('csp-dev')\n\nconst data = `\ndefault-src 'self';\nscript-src 'self' 'unsafe-inline' 'nonce-2726c7f26c' *.test.com;\nstyle-src data:\n`\nconst parser = new ContentSecurityPolicy(data)\n\nparser.valid() // true|false\n```\n### Share\nShare data as **json**, spec compliant csp **string** or **html** meta tag:\n```js\nparser.share('json')\n`\n{\n  'default-src': ['self'],\n  'script-src': [\n    'self', 'unsafe-inline', 'nonce-2726c7f26c', '*.test.com'\n  ],\n  'style-src': ['data:']\n}\n`\n\nparser.share('string')\n`\ndefault-src 'self'; script-src 'self' 'unsafe-inline' 'nonce-2726c7f26c' *.test.com; style-src data:\n`\n\nparser.share('html')\n`\n\u003cmeta http-equiv=\"Content-Security-Policy\" content=\"default-src 'self'; script-src 'self' 'unsafe-inline' 'nonce-2726c7f26c' *.test.com; style-src data:\"\u003e\n`\n```\n\n## Tests\nSee `spec` folder for tests. I'll expand the test suite as I update the library. You can run tests by `npm run test`\n\n## Notes\nThe reporting feature of csp hasn't been implemented. I haven't get fully understand but I think there is no accepted standart to it for now.\n\n---\n\nThanks for watching 🐬\n\n[![ko-fi](https://www.ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/F1F1RFO7)\n\n---\n\nVersion management of this repository done by [releaser](https://github.com/muratgozel/node-releaser) 🚀\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmuratgozel%2Fcsp-dev","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmuratgozel%2Fcsp-dev","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmuratgozel%2Fcsp-dev/lists"}