{"id":20514209,"url":"https://github.com/webreflection/csp","last_synced_at":"2026-02-15T07:33:50.365Z","repository":{"id":65993140,"uuid":"340394483","full_name":"WebReflection/csp","owner":"WebReflection","description":"Because Security Matters, and Web libraries, tools, and projects, should be more informative about their state.","archived":false,"fork":false,"pushed_at":"2021-12-30T09:59:38.000Z","size":161,"stargazers_count":15,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-01-16T09:43:14.218Z","etag":null,"topics":["badge","csp","security"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/WebReflection.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"security-matters.jpg","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2021-02-19T14:31:57.000Z","updated_at":"2022-05-25T07:28:48.000Z","dependencies_parsed_at":"2024-02-01T17:48:14.835Z","dependency_job_id":null,"html_url":"https://github.com/WebReflection/csp","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WebReflection%2Fcsp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WebReflection%2Fcsp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WebReflection%2Fcsp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WebReflection%2Fcsp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/WebReflection","download_url":"https://codeload.github.com/WebReflection/csp/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":242117718,"owners_count":20074438,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["badge","csp","security"],"created_at":"2024-11-15T21:15:17.658Z","updated_at":"2025-10-08T13:43:00.570Z","avatar_url":"https://github.com/WebReflection.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# CSP Badge ![CSP strict](./strict.svg) ![CSP friendly](./friendly.svg) ![CSP hostile](./hostile.svg)\n\n![Security Matters](./security-matters.jpg)\n\n\u003csup\u003e**Social Media Photo by [Franck](https://unsplash.com/@franckinjapan) on [Unsplash](https://unsplash.com/)**\u003c/sup\u003e\n\n---\n\nThis repository exists only to allow other repositories to add a *badge* about the [CSP](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) state of the module, library, or helper.\n\nThe offered *SVG* images are the following:\n\n  * ![CSP strict](./strict.svg) suitable for projects that *don't* use `eval` or `Function` or scripts served as `Blob`, hence don't ever need any particular *CSP* rule\n  * ![CSP friendly](./friendly.svg) suitable for projects that *might need* particular *CSP* rules to fully work as expected\n  * ![CSP hostile](./hostile.svg) for all projects humble enough to declare such project is *everything but secure*, and inform users about the risk they might have if such project is used in production\n\n---\n\n\n## ![CSP strict](./strict.svg) CSP strict\n\nThe project does *not* need any specific [CSP](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) configuration because it does *not* include, use, or inject, any *Function*, *eval*, or other workarounds to evaluate anything at all, hence the security is granted to be the best possible.\n\n---\n\n\n## ![CSP friendly](./friendly.svg) CSP friendly\n\nThe project *might* need some specific [CSP](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) configuration, because it could need to use *Function*, *eval*, or any other workaround to evaluate code at runtime, hence security needs to be considered, and best practices followed.\n\n---\n\n\n## ![CSP hostile](./hostile.svg) CSP hostile\n\nThe project shamelessly needs, use, or pollute the running software, with *Function*, *eval*, or any other workaround to evaluate code at runtime, so that even [CSP](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) might not be enough to grant a secure execution of the program.\n\n---\n\n\n### How to include\n\nIf your project would like to inform its users about its *CSP* compliancy, you can add one of these badges on top of your *GitHub*, *GitLab*, or any other service, so that it'll be instantly visible:\n\n**Markdown** - Basic\n```md\n![CSP strict](https://webreflection.github.io/csp/strict.svg)\n![CSP friendly](https://webreflection.github.io/csp/friendly.svg)\n![CSP hostile](https://webreflection.github.io/csp/hostile.svg)\n```\n\n**Markdown** - Informative\n```md\n[![CSP strict](https://webreflection.github.io/csp/strict.svg)](https://webreflection.github.io/csp/#-csp-strict)\n[![CSP friendly](https://webreflection.github.io/csp/friendly.svg)](https://webreflection.github.io/csp/#-csp-friendly)\n[![CSP hostile](https://webreflection.github.io/csp/hostile.svg)](https://webreflection.github.io/csp/#-csp-hostile)\n```\n\n**HTML** - Basic\n```html\n\u003cimg alt=\"CSP strict\" src=\"https://webreflection.github.io/csp/strict.svg\"\u003e\n\u003cimg alt=\"CSP friendly\" src=\"https://webreflection.github.io/csp/friendly.svg\"\u003e\n\u003cimg alt=\"CSP hostile\" src=\"https://webreflection.github.io/csp/hostile.svg\"\u003e\n```\n\n**HTML** - Informative\n```html\n\u003ca href=\"https://webreflection.github.io/csp/#-csp-strict\"\u003e\n  \u003cimg alt=\"CSP strict\" src=\"https://webreflection.github.io/csp/strict.svg\"\u003e\n\u003c/a\u003e\n\u003ca href=\"https://webreflection.github.io/csp/#-csp-friendly\"\u003e\n  \u003cimg alt=\"CSP friendly\" src=\"https://webreflection.github.io/csp/friendly.svg\"\u003e\n\u003c/a\u003e\n\u003ca href=\"https://webreflection.github.io/csp/#-csp-hostile\"\u003e\n  \u003cimg alt=\"CSP hostile\" src=\"https://webreflection.github.io/csp/hostile.svg\"\u003e\n\u003c/a\u003e\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwebreflection%2Fcsp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwebreflection%2Fcsp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwebreflection%2Fcsp/lists"}