{"id":16495028,"url":"https://github.com/undergroundwires/ez-consent","last_synced_at":"2026-03-02T07:32:09.972Z","repository":{"id":41482402,"uuid":"264767519","full_name":"undergroundwires/ez-consent","owner":"undergroundwires","description":"🍪 Minimal \u0026 vanilla JS only cookie consent banner with no dependencies with Google consent mode support","archived":false,"fork":false,"pushed_at":"2025-09-23T17:04:42.000Z","size":5075,"stargazers_count":19,"open_issues_count":1,"forks_count":3,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-09-29T01:01:49.485Z","etag":null,"topics":["compliance-as-code","consent-mode","cookie-banner","cookie-consent","cookie-consent-banner","cookie-law","gdpr","google-tag-manager","privacy"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/undergroundwires.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-05-17T22:20:04.000Z","updated_at":"2025-09-23T17:04:46.000Z","dependencies_parsed_at":"2025-01-23T22:18:47.152Z","dependency_job_id":"88afc57c-b51f-40b1-921a-7d8d5b4570f2","html_url":"https://github.com/undergroundwires/ez-consent","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/undergroundwires/ez-consent","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/undergroundwires%2Fez-consent","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/undergroundwires%2Fez-consent/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/undergroundwires%2Fez-consent/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/undergroundwires%2Fez-consent/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/undergroundwires","download_url":"https://codeload.github.com/undergroundwires/ez-consent/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/undergroundwires%2Fez-consent/sbom","scorecard":{"id":909313,"data":{"date":"2025-08-11","repo":{"name":"github.com/undergroundwires/ez-consent","commit":"5defc0a3afc1fbbe553ffc8b5ddc4f5977c76168"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.4,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/build-and-test.yaml:1","Warn: no topLevel permission defined: .github/workflows/bump-and-release.yaml:1","Warn: no topLevel permission defined: .github/workflows/publish.yaml:1","Warn: no topLevel permission defined: .github/workflows/quality-checks.yaml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":5,"reason":"dependency not pinned by hash detected -- score normalized to 5","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yaml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/undergroundwires/ez-consent/build-and-test.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yaml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/undergroundwires/ez-consent/build-and-test.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/bump-and-release.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/undergroundwires/ez-consent/bump-and-release.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yaml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/undergroundwires/ez-consent/publish.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yaml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/undergroundwires/ez-consent/publish.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yaml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/undergroundwires/ez-consent/publish.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yaml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/undergroundwires/ez-consent/publish.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yaml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/undergroundwires/ez-consent/publish.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/undergroundwires/ez-consent/publish.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/quality-checks.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/undergroundwires/ez-consent/quality-checks.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/quality-checks.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/undergroundwires/ez-consent/quality-checks.yaml/master?enable=pin","Info:   0 out of  10 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   3 out of   3 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":6,"reason":"4 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-xffm-g5w8-qvg7","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-cxrh-j4jr-qwg3"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-24T18:31:40.804Z","repository_id":41482402,"created_at":"2025-08-24T18:31:40.804Z","updated_at":"2025-08-24T18:31:40.804Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29995004,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-02T01:47:34.672Z","status":"online","status_checked_at":"2026-03-02T02:00:07.342Z","response_time":60,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["compliance-as-code","consent-mode","cookie-banner","cookie-consent","cookie-consent-banner","cookie-law","gdpr","google-tag-manager","privacy"],"created_at":"2024-10-11T14:27:10.594Z","updated_at":"2026-03-02T07:32:09.967Z","avatar_url":"https://github.com/undergroundwires.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ez-consent\n\n\u003e ![ez-consent logo](./img/logo.svg) A minimal, vanilla JavaScript cookie consent banner with no dependencies.\n\n\u003c!-- Package information --\u003e\n\n[![npm version](https://img.shields.io/npm/v/ez-consent)](https://www.npmjs.com/package/ez-consent)\n[![jsDelivr CDN statistics](https://data.jsdelivr.com/v1/package/npm/ez-consent/badge?style=rounded)](https://www.jsdelivr.com/package/npm/ez-consent)\n![Script size in bytes](https://img.shields.io/github/size/undergroundwires/ez-consent/dist%2Fez-consent.min.js)\n![GZipped script size in bytes](https://img.badgesize.io/undergroundwires/ez-consent/master/dist/ez-consent.min.js?compression=gzip)\n\n\u003c!-- [![](https://img.shields.io/npm/dm/ez-consent)](https://www.npmjs.com/package/ez-consent) --\u003e\n\n- Vanilla JavaScript only ✔️\n- It does not track you ✔️\n- Very lightweight with no dependencies ✔️\n- Single line to get started ✔️\n- Everything customizable, including language ✔️\n- Supports [Google consent mode](https://support.google.com/google-ads/answer/10000067?hl=en) ✔️\n\nExamples:\n\n- [Live example 1](https://privacylearn.com/?force-consent)\n- [Live example 2](https://erkinekici.com/?force-consent)\n- [CodePen examples](https://codepen.io/collection/XRjMGP)\n\n\u003c!-- Development status --\u003e\n\n[![Contributions welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/undergroundwires/ez-consent/issues)\n[![Publish workflow status](https://github.com/undergroundwires/ez-consent/workflows/Publish/badge.svg)](./.github/workflows/publish.yaml)\n[![Build and test workflow status](https://github.com/undergroundwires/ez-consent/workflows/Build%20\u0026%20test/badge.svg)](./.github/workflows/build-and-test.yaml)\n[![Bump and release workflow status](https://github.com/undergroundwires/ez-consent/workflows/Bump%20\u0026%20release/badge.svg)](./.github/workflows/bump-and-release.yaml)\n[![Quality checks workflow status](https://github.com/undergroundwires/ez-consent/workflows/Quality%20checks/badge.svg)](./.github/workflows/quality-checks.yaml)\n[![Auto-versioned by bump-everywhere](https://github.com/undergroundwires/bump-everywhere/blob/master/badge.svg?raw=true)](https://github.com/undergroundwires/bump-everywhere)\n\n## Usage\n\n### Quick Start: CDN\n\nThe simplest way to get started is to add it to your page:\n\n```html\n\u003clink\n  rel=\"stylesheet\"\n  href=\"https://cdn.jsdelivr.net/npm/ez-consent@^1/dist/themes/subtle-bottom-right.min.css\"\n/\u003e\n\u003cscript\n  type=\"text/javascript\"\n  src=\"https://cdn.jsdelivr.net/npm/ez-consent@^1/dist/ez-consent.min.js\"\n  defer\n  onload=\"\n        ez_consent.init({\n            privacy_url: '/privacy',\n            texts: {\n                buttons: {\n                    ok: 'OK',\n                    more: 'More',\n                },\n            },\n        });\n    \"\n\u003e\u003c/script\u003e\n```\n\nSee [Initialize the script](#2-initialize) for additional options and alternative ways.\n\n_[top↑](#ez-consent)_\n\n### Advanced Usage\n\n1. [Import](#1-import)\n2. [Initialize](#2-initialize)\n3. [Style](#3-style) (optional)\n\n#### 1. Import\n\nHere are some examples how you can install the script:\n\n- Using NPM: `npm install ez-consent --save`\n- Or using yarn: `yarn add ez-consent`\n- Using git submodule (not recommended):\n  - Go to the folder you wish to have the repository\n  - Run `git submodule add https://github.com/undergroundwires/safe-email`\n\nAdd it to your page:\n\n```html\n\u003cscript\n  type=\"text/javascript\"\n  src=\"/node_modules/ez-consent/dist/ez-consent.min.js\"\n\u003e\u003c/script\u003e\n```\n\nOr you can import `ez_consent` as a module:\n\n```html\n\u003cscript type=\"module\" defer\u003e\n  import { ez_consent } from './ez-consent/src/ez-consent.js'; // /node_modules/ez-consent/ez-consent.js ...\n  ez_consent.init();\n\u003c/script\u003e\n```\n\nOr import it via `webpack`, `gulp`, `rollup` etc.:\n\n```js\nimport { ez_consent } from './node_modules/ez-consent/src/ez-consent';\n```\n\n_[top↑](#ez-consent)_\n\n#### 2. Initialize\n\nWhen importing a script using the `\u003cscript\u003e` element, it's recommended to use the `onload` attribute to initialize it.\nThis approach allows you to use `defer` attribute, which improve webpage performance and user\nexperience by optimizing script loading. This can help your pages rank better in search engines.\n\n```html\n\u003cscript\n  type=\"text/javascript\"\n  src=\"/node_modules/ez-consent/dist/ez-consent.min.js\"\n  defer\n  onload=\"\n        ez_consent.init({\n            privacy_url: '/privacy',\n            texts: {\n                buttons: {\n                    ok: 'OK',\n                    more: 'More',\n                },\n            },\n        });\n    \"\n\u003e\u003c/script\u003e\n```\n\nOr, you can initialize later using this snippet:\n\n```js\nez_consent.init();\n```\n\nSee all options:\n\n```js\nez_consent.init({\n  is_always_visible: false, // Always shows banner on load, default: false\n  privacy_url: '/privacy', // URL that \"more\" button goes to, default: \"/privacy/\"\n  consent_duration: 'P10Y', // Consent duration (cookie expiry date), default: 10 years. ISO 8601 format, decimals are not supported.\n  enable_google_consent_mode: false, // Sends consent state to Google (enables Google consent mode)\n  more_button: {\n    target_attribute: '_blank', // Determines what the behavior of the 'more' button is, default: \"_blank\", opens the privacy page in a new tab\n    is_consenting: true, // Controls whether clicking the 'more' button automatically gives consent and removes the banner, default: true\n  },\n  texts: {\n    main: 'We use cookies', // The text that's shown on the banner, default: \"This website uses cookies \u0026 similar.\"\n    buttons: {\n      ok: 'ok', // OK button to hide the text, default: \"ok\"\n      more: 'more', // More/accept button that shows the privacy policy, default \"more\"\n    },\n  },\n  css_classes: {\n    // CSS class name overrides\n    container: 'container', // Main container element, default: \"cookie-consent\"\n    message_text: 'mainText', // Main message text container, default: \"cookie-consent__text\"\n    buttons: {\n      wrapper: 'buttonsWrapper', // Button container, default: \"cookie-consent__buttons\"\n      more: 'moreButton', // More info button, default: \"cookie-consent__button cookie-consent__button--more\"\n      ok: 'okButton', // More/accept button, default: \"cookie-consent__button cookie-consent__button--ok\"\n    },\n  },\n});\n```\n\nThe banner will be shown if the user has not yet agreed to read \u0026 understand the information.\nYou can force the banner to always show by including the `force-consent` query parameter in the URL.\nExample for `https://test.com/fest` page: `test.com/fest?force-consent`.\n\n_[top↑](#ez-consent)_\n\n#### 3. Style\n\n##### Existing Themes\n\nYou can choose one of the following existing themes to begin:\n\n###### box-bottom-left.css\n\n![box-bottom-left](./img/themes/box-bottom-left.png)\n\n[Source file](./src/themes/box-bottom-left.css) | [See it live](https://cloudarchitecture.io/?force-consent) | [Preview on CodePen](https://codepen.io/undergroundwires/pen/qBdzmyj)\n\n```html\n\u003clink\n  rel=\"stylesheet\"\n  href=\"https://cdn.jsdelivr.net/npm/ez-consent@^1/dist/themes/box-bottom-left.min.css\"\n/\u003e\n```\n\n###### subtle-bottom-right.css\n\n![subtle-bottom-right](./img/themes/subtle-bottom-right-light.png)\n![subtle-bottom-right-dark](./img/themes/subtle-bottom-right-dark.png)\n\n[Source file](./src/themes/subtle-bottom-right.css) | [See it live](https://erkinekici.com/?force-consent) | [Preview on CodePen](https://codepen.io/undergroundwires/pen/MWwMmqw)\n\n```html\n\u003clink\n  rel=\"stylesheet\"\n  href=\"https://cdn.jsdelivr.net/npm/ez-consent@1/dist/themes/subtle-bottom-right.min.css\"\n/\u003e\n```\n\n##### Custom Themes\n\nOr you can create your own theme \u0026 import it. Check example themes at [existing themes](./src/themes/). [The HTML](./src/ez-consent.js#L18) uses only a few classes using [BEM](https://getbem.com/naming/) naming convention.\n\nYou can also add your own class names using `css_classes` option, see [initialization](#2-initialize) for details.\n\nYou're welcome to contribute your theme to the project in [`./src/themes`](./src/themes/) folder by creating a pull request 👍.\n\n_[top↑](#ez-consent)_\n\n## Distributed files\n\nThe repository and deployed packages include a `dist/` folder that adds polyfills to the files and distributes them as:\n\n- minified (`.min.js`, `.min.css`) files for production usage\n- non-minified (`.js`, `.css`) files for debugging\n\n_[top↑](#ez-consent)_\n\n## GitOps\n\nCI/CD is fully automated for this repo using different Git events \u0026 GitHub actions.\n\n![ez-consent continuous integration and deployment flow](./img/gitops.drawio.png)\n\n_[top↑](#ez-consent)_\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fundergroundwires%2Fez-consent","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fundergroundwires%2Fez-consent","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fundergroundwires%2Fez-consent/lists"}