Picture of the author

This site is an independent open-source project and is not affiliated with, endorsed by, or sponsored by npm, Inc. or GitHub, Inc. The name “npm” is a registered trademark of npm, Inc., used here solely to describe compatibility and reference publicly available npm package data.

📦 csp_evaluator

Evaluate Content Security Policies for a wide range of bypasses and weaknesses

Author

Lukas Weichselbaum

License

Apache-2.0

Unpacked Size

422.17 KB

Packed Size

76.82 KB

Last Activity

8 months ago

Wkly Downloads

322K

Unpacked Size

422.17 KB

Packed Size

76.82 KB

License

Apache-2.0

Author

Lukas Weichselbaum

Last Activity

8 months ago

Dependencies Overview

Dependencies (0)

There are not dependencies

Peer Dependencies (0)

There are not dependencies

Dev Dependencies (3)

@types/jasmine ^3.6.7 jasmine ^3.7.0 typescript ^4.2.3

Versions Overview

Last Version

1.1.5

Last Version Released

8 months ago

N. of Versions

14

Repository Overview

Default Branch

master

Is Archived?

NO

Is Disabled?

NO

Is Fork?

NO

Is Locked?

NO

Security Policy Enabled?

YES

Latest Commits

Last 10 commits in the repository

Merge pull request #73 from google/test_728826459 No public description

8 months ago

No public description FUTURE_COPYBARA_INTEGRATE_REVIEW=https://github.com/google/csp-evaluator/pull/70 from Rockerby:feature/i69-prefetch-src-deprecated 9656116cae40405ad6e4488861488cff5e29057c PiperOrigin-RevId: 728826459

8 months ago

Merge pull request #72 from adamraine/inline-speculation-rules Add inline-speculation-rules to known keywords

Lukas Weichselbaum

8 months ago

Add inline-speculation-rules to known keywords

8 months ago

Merge pull request #70 from Rockerby/feature/i69-prefetch-src-deprecated Add the prefetch-src as a deprecated directive

Lukas Weichselbaum

12 months ago

Add the prefetch-src as a deprecated directive

Richard Ockerby

12 months ago

Merge pull request #68 from google/test_651430286 No public description

Lukas Weichselbaum

over 1 year ago

No public description PiperOrigin-RevId: 651430286

over 1 year ago

Merge pull request #53 from lucasassisrosa:master PiperOrigin-RevId: 651399798

over 1 year ago

No public description PiperOrigin-RevId: 650314356

over 1 year ago

Top Contributors

The top contributors considering the last 100 commits & PRs

ddworken

lweichselbaum

0xiso

lucasassisrosa

smaury

Open PRs (3)

Currently active PR in the repository

Parsing comma separated CSPs + cleanup

almost 2 years ago

Add several JSONP endpoints

almost 2 years ago

Remove dev.virtualearth.net

over 2 years ago

Open Issues (15)

Currently active PR in the repository

*.googleapis.com warning could be simpler

11 months ago

script-src 'wasm-unsafe-eval' reported as invalid

over 1 year ago

`CspParser` wrongly split directive using `data:` source containing `;base64...`

over 1 year ago

Newrelic endpoint no longer exists

about 2 years ago

www.googletagmanager.com does not need unsafe-eval for CSP bypass

over 2 years ago

CSP evaluator doesn't support newest the newest CSP directives and keywords and breaks some policies

GalacticHypernova

over 2 years ago

Frame Ancestors are allowed to have non-leading wildcards

over 2 years ago

CSP extension for speculation rules

over 2 years ago

Hosted CSP Evaluator doesn't recognize 'wasm-unsafe-eval'

over 2 years ago

Don't recommend trusted-types if CSP blocks scripts

almost 4 years ago

Open Discussions (0)

Currently open discussions in the repository

There are not discussions to display