@localnerve/csp-hashes 0.1.3 → 0.1.4

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@localnerve/csp-hashes",
-  "version": "0.1.3",
-  "description": "Flexible library to handle CSP hashes at build time",
+  "version": "0.1.4",
+  "description": "Flexible library to generate CSP hashes",
   "main": "dist/index.js",
   "scripts": {
     "lint": "eslint .",
@@ -12,17 +12,17 @@
     "test:debug": "node --inspect-brk ./node_modules/.bin/jest"
   },
   "devDependencies": {
-    "@babel/cli": "^7.17.6",
-    "@babel/preset-env": "^7.16.11",
-    "@babel/register": "^7.17.7",
+    "@babel/cli": "^7.18.9",
+    "@babel/preset-env": "^7.18.9",
+    "@babel/register": "^7.18.9",
     "coveralls": "^3.1.1",
-    "eslint": "^8.11.0",
-    "jest": "^27.5.1",
+    "eslint": "^8.20.0",
+    "jest": "^28.1.3",
     "rimraf": "^3.0.2",
     "vinyl": "^2.2.1"
   },
   "dependencies": {
-    "cheerio": "^1.0.0-rc.3",
+    "cheerio": "^1.0.0-rc.12",
     "through2": "^4.0.2"
   },
   "repository": {
@@ -34,7 +34,17 @@
     "hashes",
     "gulp"
   ],
-  "author": "Alex Grant <alex@localnerve.com>",
+  "author": {
+    "name": "Alex Grant",
+    "email": "alex@localnerve.com",
+    "url": "https://localnerve.com"
+  },
+  "contributors": [
+    {
+      "name": "Alex Grant",
+      "email": "alex@localnerve.com"
+    }
+  ],
   "license": "MIT",
   "bugs": {
     "url": "https://github.com/localnerve/csp-hashes/issues"

package/readme.md

@@ -2,7 +2,7 @@
 
 > Flexible build library to generate script and style hashes for CSP headers or meta tags
 
-[![npm version](https://badge.fury.io/js/%40localnerve%2Fcsp-hashes.svg)](https://badge.fury.io/js/%40localnerve%2Fcsp-hashes)
+[![npm version](https://badge.fury.io/js/@localnerve%2Fcsp-hashes.svg)](https://badge.fury.io/js/@localnerve%2Fcsp-hashes)
 ![Verify](https://github.com/localnerve/csp-hashes/workflows/Verify/badge.svg)
 [![Coverage Status](https://coveralls.io/repos/github/localnerve/csp-hashes/badge.svg?branch=main)](https://coveralls.io/github/localnerve/csp-hashes?branch=main)
 
@@ -18,10 +18,13 @@
 + [MIT License](#license)
 
 ## Overview
-This library generates script and style inline element and attribute hashes. It is for use in the generation of HTTP content security policy (CSP) headers or to replace/update Meta tags as a website build step.
+This Nodejs library generates script and style inline element and attribute hashes. It is for use in the generation of HTTP content security policy (CSP) headers or to replace/update Meta tags as a website build step. Ready for use with [Gulp](https://github.com/gulpjs/gulp).
+
+## Prerequisites
++ NodeJS 14+
 
 ## API
-This library exports a single function that takes options and returns a transform stream in object mode that operates on [Vinyl](https://github.com/gulpjs/vinyl) objects in [Gulp](https://github.com/gulpjs/gulp). The only required option is a [`callback`](#callback-function) function.
+This library exports a single function that takes options and returns a transform stream in object mode. The transform stream operates on [Vinyl](https://github.com/gulpjs/vinyl) objects or a compatible file object with `path` and `contents` properties. The only required option is a [`callback`](#callback-function) function.
 
 ```
 Stream hashstream ({
@@ -71,6 +74,7 @@ The callback hashes object contains all of the inline element and attribute hash
   }
 }
 ```
+
 The object structure allows you to direct the hashes to any CSP header directive layout you might use. You can use `script-src` or `style-src` alone and concatenate the element and attribute hashes together into one list using the `all` getter property, or you can use `script-src-attr` and `style-src-attr` separately, whatever is a more secure/optimal policy for your situation.  
 **NOTE**  
 The `hashes` object structure is always the same. If there are no elements or attributes of script or style in the current file, the arrays are just empty (not null).
@@ -82,6 +86,7 @@ In this example, a build step gets the hashes for every html file under the `dis
 
 ```javascript
 import gulp from 'gulp';
+import path from 'path';
 import hashstream from '@localnerve/csp-hashes';
 import { cspHeaderRules } from './host-header-rules';
 
@@ -90,8 +95,8 @@ export function cspHeaders (settings) {
 
   return gulp.src(`${dist}/**/*.html`)
     .pipe(hashstream({
-      callback: (path, hashes) => {
-        const webPath = path.replace(dist, '');
+      callback: (p, hashes) => {
+        const webPath = p.replace(path.resolve(dist), '');
         cspHeaderRules.updateHashes(webPath, 'script-src', hashes.script.elements.join(' '));
         cspHeaderRules.updateHashes(webPath, 'script-src-attr', hashes.script.attributes.join(' '));
         cspHeaderRules.updateHashes(webPath, 'style-src', hashes.style.elements.join(' '));

package/.eslintignore

@@ -1,5 +0,0 @@
-__tests__/lib
-coverage
-dist
-private
-tmp

package/.eslintrc.json

@@ -1,22 +0,0 @@
-{
-  "root": true,
-  "env": {
-    "node": true,
-    "es2020": true
-  },
-  "parserOptions": {
-    "sourceType": "module",
-    "ecmaVersion": 2020
-  },
-  "extends": [
-    "eslint:recommended"
-  ],
-  "rules": {
-    "indent": [2, 2, {
-      "SwitchCase": 1,
-      "MemberExpression": 1
-    }],
-    "quotes": [2, "single"],
-    "dot-notation": [2, {"allowKeywords": true}]
-  }
-}

package/.github/workflows/verify.yml

@@ -1,32 +0,0 @@
-name: Verify
-on:
-  push:
-    branches: [ main ]
-  pull_request:
-    branches: [ main ]
-
-jobs:
-  verify:
-
-    runs-on: ubuntu-latest
-
-    strategy:
-      matrix:
-        node-version: [14.x, 16.x]
-        # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
-
-    steps:
-    - uses: actions/checkout@v3
-    - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v3.0.0
-      with:
-        node-version: ${{ matrix.node-version }}
-    - run: npm ci
-    - name: Run Lint and Test
-      run: npm run lint && npm test
-    - name: Coverage Upload
-      if: ${{ success() }}
-      uses: coverallsapp/github-action@master
-      with:
-        github-token: ${{ secrets.GITHUB_TOKEN }}
-        path-to-lcov: ./coverage/lcov.info

package/.vscode/launch.json

@@ -1,14 +0,0 @@
-{
-  // Use IntelliSense to learn about possible attributes.
-  // Hover to view descriptions of existing attributes.
-  // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
-  "version": "0.2.0",
-  "configurations": [
-    {
-      "type": "node",
-      "request": "attach",
-      "name": "Attach to Tests",
-      "port": 9229
-    }
-  ]
-}

package/__tests__/fixtures/multiple-scripts-attr.html

@@ -1,17 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-  <script>
-    console.log("foo");
-
-
-  </script>
-</head>
-<body>
-  <script>"hello world"</script>
-  <div class="decoy"></div>
-  <button onclick="alert(0);"></button>
-  <a href="javascript:void(0)">link</a>
-  <div data-attr="decoy"></div>
-</body>
-</html>

package/__tests__/fixtures/multiple-scripts-attr.sha256

@@ -1,7 +0,0 @@
-# element hashes
-sha256-rExzpKR08DmzriumM64x74bd6TG79uFw0RlSMdXFzO4=
-sha256-nd7+RDWyHZAUOeVG1UoUoXWjSTuf2PvzjZ6m08v3CCY=
-# attribute hashes
-sha256-d3ii1Pel57UO62xosCMNgTaZJhJa87Gd/X6e7UdlEU8=
-sha256-97l24HYIWEdSIQ8PoMHzpxiGCZuyBDXtN19RPKFsOgk=
-#

package/__tests__/fixtures/multiple-scripts-attr.sha384

@@ -1,7 +0,0 @@
-# element hashes
-sha384-O60SQD+smnMjcJ8RHL7sAbSOyPUWgRHBovbIAphGqPN98/Iu8mtniAogp4wIsOhW
-sha384-WmpTK6zbDiu5hx1ojbwG5VsNrqhW+OahJWEgoWt05o63pvZvCdwNIanHJLoyr3SD
-# attribute hashes
-sha384-bukTLq2o+W5IQrLDTC6PHPqfJ4hmAZxNVytFjb4OuGCjwVgz4fWKrwLEuGwMGN3+
-sha384-Hs4TMINoOqtUudRVK7cWbO9tOQB1sxVWZcY9wrHsnyMIvr0urtjvW2Tl48Td9XHX
-#

package/__tests__/fixtures/multiple-scripts-attr.sha512

@@ -1,7 +0,0 @@
-# element hashes
-sha512-MqQ+zvBvxknlz+ZyHsCJfMSsAwYLwpr4REOSr7Q6QhvkqbJFvjlbN6mHacwH7sS6GkbgoC5j+DWFzWh6coeP0g==
-sha512-qAJOafTHO8uHcv2M4vRRoaHnkd7h/xuiv+DkboPHj8WwHNcevfKTc4Wt0OqnaGuRpeKnxLXBv4VByLKSvuGZqQ==
-# attribute hashes
-sha512-d9VZk4RVMuB9zbaCdtPmoi0jg3Q/ENmcbczKvg9eF1Km6v4jO658wc17JPo2V9eP59CGLG1Qtnj9KBA3pvFFdw==
-sha512-95nit2a0nErfKAcXliTb4gREVstYj5n71nrjGBiyu9LTOQ0tLgNNIAYImzWBYUP5H7MjJz//7XfNfirAJKoyuA==
-#

package/__tests__/fixtures/multiple-scripts-styles-script.sha256

@@ -1,7 +0,0 @@
-# element hashes
-sha256-rExzpKR08DmzriumM64x74bd6TG79uFw0RlSMdXFzO4=
-sha256-nd7+RDWyHZAUOeVG1UoUoXWjSTuf2PvzjZ6m08v3CCY=
-# attribute hashes
-sha256-d3ii1Pel57UO62xosCMNgTaZJhJa87Gd/X6e7UdlEU8=
-sha256-97l24HYIWEdSIQ8PoMHzpxiGCZuyBDXtN19RPKFsOgk=
-#

package/__tests__/fixtures/multiple-scripts-styles-script.sha384

@@ -1,7 +0,0 @@
-# element hashes
-sha384-O60SQD+smnMjcJ8RHL7sAbSOyPUWgRHBovbIAphGqPN98/Iu8mtniAogp4wIsOhW
-sha384-WmpTK6zbDiu5hx1ojbwG5VsNrqhW+OahJWEgoWt05o63pvZvCdwNIanHJLoyr3SD
-# attribute hashes
-sha384-bukTLq2o+W5IQrLDTC6PHPqfJ4hmAZxNVytFjb4OuGCjwVgz4fWKrwLEuGwMGN3+
-sha384-Hs4TMINoOqtUudRVK7cWbO9tOQB1sxVWZcY9wrHsnyMIvr0urtjvW2Tl48Td9XHX
-#

package/__tests__/fixtures/multiple-scripts-styles-script.sha512

@@ -1,7 +0,0 @@
-# element hashes
-sha512-MqQ+zvBvxknlz+ZyHsCJfMSsAwYLwpr4REOSr7Q6QhvkqbJFvjlbN6mHacwH7sS6GkbgoC5j+DWFzWh6coeP0g==
-sha512-qAJOafTHO8uHcv2M4vRRoaHnkd7h/xuiv+DkboPHj8WwHNcevfKTc4Wt0OqnaGuRpeKnxLXBv4VByLKSvuGZqQ==
-# attribute hashes
-sha512-d9VZk4RVMuB9zbaCdtPmoi0jg3Q/ENmcbczKvg9eF1Km6v4jO658wc17JPo2V9eP59CGLG1Qtnj9KBA3pvFFdw==
-sha512-95nit2a0nErfKAcXliTb4gREVstYj5n71nrjGBiyu9LTOQ0tLgNNIAYImzWBYUP5H7MjJz//7XfNfirAJKoyuA==
-#

package/__tests__/fixtures/multiple-scripts-styles-style.sha256

@@ -1,6 +0,0 @@
-# element hashes
-sha256-ZRXDQAaaiAOOtUbmDL5Ty2JR8Zf1AonXn6DCmchNhvk=
-sha256-n5JetA0VmZdQj4zgyixeiOgx9wfnK2oa9/zb8+xvZks=
-# attribute hashes
-sha256-iYwYhiMcsGmXCUzLEpEzZNz5dINrlkqf1sLbLhEcqGM=
-#

package/__tests__/fixtures/multiple-scripts-styles-style.sha384

@@ -1,6 +0,0 @@
-# element hashes
-sha384-fR76DAgrmWR4v7rpv4JBvCihgpwA2GRb4b6e4o+ThYYMJ4FQLX3l+EwzySAPxzbN
-sha384-vSmTBkQfDGIq3/4cHWOHpAwAHxMhwPY/5vxKe4XCcKVmQaAN0BYDoZeZu5n0qHjS
-# attribute hashes
-sha384-YHRSKUJbAwb1DUQ5EcSZ+IOjmjTr9Bcrv8E2oHbMS45tF1M/tNHACnjgCr6L+GXc
-#

package/__tests__/fixtures/multiple-scripts-styles-style.sha512

@@ -1,6 +0,0 @@
-# element hashes
-sha512-dtOFpumNJPKES8S72UuTAXS6daEMYQKpRpCzlFAto/DHdx7fH0KK8sO9LjLpOjVWrDXE4G+MtisGdWa19wieSg==
-sha512-mZQHDGDpL2tkHm3IWxwlZQUEwzH27l1bGvq4qo/9T/Ef52z0J2TGEEeOgp8INb/fGFHk4NjteTNwDTeuqb9rrw==
-# attribute hashes
-sha512-aOZs3PhtrZbzR6+CPKnKpStcJBq1Y4lw/+SwV5pKL52hpcq5pj+tTLv7x2uegYLFIqZ89KnfhRsrVSrQ3V3XDw==
-#

package/__tests__/fixtures/multiple-scripts-styles.html

@@ -1,20 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-  <script>
-    console.log("foo");
-
-
-  </script>
-  <style>* { display: none; }</style>
-</head>
-<body>
-  <style>div { background: red; }</style>
-  <script>"hello world"</script>
-  <div class="decoy"></div>
-  <button onclick="alert(0);"></button>
-  <a href="javascript:void(0)">link</a>
-  <div data-attr="decoy"></div>
-  <div style="position:relative;"></div>
-</body>
-</html>

package/__tests__/fixtures/multiple-scripts.html

@@ -1,13 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-  <script>
-    console.log("foo");
-
-
-  </script>
-</head>
-<body>
-  <script>"hello world"</script>
-</body>
-</html>

package/__tests__/fixtures/multiple-scripts.sha256

@@ -1,5 +0,0 @@
-# element hashes
-sha256-rExzpKR08DmzriumM64x74bd6TG79uFw0RlSMdXFzO4=
-sha256-nd7+RDWyHZAUOeVG1UoUoXWjSTuf2PvzjZ6m08v3CCY=
-# attribute hashes
-#

package/__tests__/fixtures/multiple-scripts.sha384

@@ -1,5 +0,0 @@
-# element hashes
-sha384-O60SQD+smnMjcJ8RHL7sAbSOyPUWgRHBovbIAphGqPN98/Iu8mtniAogp4wIsOhW
-sha384-WmpTK6zbDiu5hx1ojbwG5VsNrqhW+OahJWEgoWt05o63pvZvCdwNIanHJLoyr3SD
-# attribute hashes
-#

package/__tests__/fixtures/multiple-scripts.sha512

@@ -1,5 +0,0 @@
-# element hashes
-sha512-MqQ+zvBvxknlz+ZyHsCJfMSsAwYLwpr4REOSr7Q6QhvkqbJFvjlbN6mHacwH7sS6GkbgoC5j+DWFzWh6coeP0g==
-sha512-qAJOafTHO8uHcv2M4vRRoaHnkd7h/xuiv+DkboPHj8WwHNcevfKTc4Wt0OqnaGuRpeKnxLXBv4VByLKSvuGZqQ==
-# attribute hashes
-#

package/__tests__/fixtures/multiple-style-attr.html

@@ -1,12 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<style>* { display: none; }</style>
-</head>
-<body>
-  <style>div { background: red; }</style>
-  <div class="decoy"></div>
-  <div style="position:relative;"></div>
-  <div data-attr="decoy"></div>
-</body>
-</html>

package/__tests__/fixtures/multiple-style-attr.sha256

@@ -1,6 +0,0 @@
-# element hashes
-sha256-ZRXDQAaaiAOOtUbmDL5Ty2JR8Zf1AonXn6DCmchNhvk=
-sha256-n5JetA0VmZdQj4zgyixeiOgx9wfnK2oa9/zb8+xvZks=
-# attribute hashes
-sha256-iYwYhiMcsGmXCUzLEpEzZNz5dINrlkqf1sLbLhEcqGM=
-#

package/__tests__/fixtures/multiple-style-attr.sha384

@@ -1,6 +0,0 @@
-# element hashes
-sha384-fR76DAgrmWR4v7rpv4JBvCihgpwA2GRb4b6e4o+ThYYMJ4FQLX3l+EwzySAPxzbN
-sha384-vSmTBkQfDGIq3/4cHWOHpAwAHxMhwPY/5vxKe4XCcKVmQaAN0BYDoZeZu5n0qHjS
-# attribute hashes
-sha384-YHRSKUJbAwb1DUQ5EcSZ+IOjmjTr9Bcrv8E2oHbMS45tF1M/tNHACnjgCr6L+GXc
-#

package/__tests__/fixtures/multiple-style-attr.sha512

@@ -1,6 +0,0 @@
-# element hashes
-sha512-dtOFpumNJPKES8S72UuTAXS6daEMYQKpRpCzlFAto/DHdx7fH0KK8sO9LjLpOjVWrDXE4G+MtisGdWa19wieSg==
-sha512-mZQHDGDpL2tkHm3IWxwlZQUEwzH27l1bGvq4qo/9T/Ef52z0J2TGEEeOgp8INb/fGFHk4NjteTNwDTeuqb9rrw==
-# attribute hashes
-sha512-aOZs3PhtrZbzR6+CPKnKpStcJBq1Y4lw/+SwV5pKL52hpcq5pj+tTLv7x2uegYLFIqZ89KnfhRsrVSrQ3V3XDw==
-#

package/__tests__/fixtures/multiple-style.html

@@ -1,9 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<style>* { display: none; }</style>
-</head>
-<body>
-  <style>div { background: red; }</style>
-</body>
-</html>

package/__tests__/fixtures/multiple-style.sha256

@@ -1,5 +0,0 @@
-# element hashes
-sha256-ZRXDQAaaiAOOtUbmDL5Ty2JR8Zf1AonXn6DCmchNhvk=
-sha256-n5JetA0VmZdQj4zgyixeiOgx9wfnK2oa9/zb8+xvZks=
-# attribute hashes
-#

package/__tests__/fixtures/multiple-style.sha384

@@ -1,5 +0,0 @@
-# element hashes
-sha384-fR76DAgrmWR4v7rpv4JBvCihgpwA2GRb4b6e4o+ThYYMJ4FQLX3l+EwzySAPxzbN
-sha384-vSmTBkQfDGIq3/4cHWOHpAwAHxMhwPY/5vxKe4XCcKVmQaAN0BYDoZeZu5n0qHjS
-# attribute hashes
-#

package/__tests__/fixtures/multiple-style.sha512

@@ -1,5 +0,0 @@
-# element hashes
-sha512-dtOFpumNJPKES8S72UuTAXS6daEMYQKpRpCzlFAto/DHdx7fH0KK8sO9LjLpOjVWrDXE4G+MtisGdWa19wieSg==
-sha512-mZQHDGDpL2tkHm3IWxwlZQUEwzH27l1bGvq4qo/9T/Ef52z0J2TGEEeOgp8INb/fGFHk4NjteTNwDTeuqb9rrw==
-# attribute hashes
-#

package/__tests__/fixtures/script-src.html

@@ -1,7 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head></head>
-<body>
-  <script src="test.js"></script>
-</body>
-</html>

package/__tests__/fixtures/single-script.html

@@ -1,7 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head></head>
-<body>
-  <script>"hello world"</script>
-</body>
-</html>

package/__tests__/fixtures/single-script.sha256

@@ -1,4 +0,0 @@
-# element hashes
-sha256-nd7+RDWyHZAUOeVG1UoUoXWjSTuf2PvzjZ6m08v3CCY=
-# attribute hashes
-#

package/__tests__/fixtures/single-script.sha384

@@ -1,4 +0,0 @@
-# element hashes
-sha384-WmpTK6zbDiu5hx1ojbwG5VsNrqhW+OahJWEgoWt05o63pvZvCdwNIanHJLoyr3SD
-# attribute hashes
-#

package/__tests__/fixtures/single-script.sha512

@@ -1,4 +0,0 @@
-# element hashes
-sha512-qAJOafTHO8uHcv2M4vRRoaHnkd7h/xuiv+DkboPHj8WwHNcevfKTc4Wt0OqnaGuRpeKnxLXBv4VByLKSvuGZqQ==
-# attribute hashes
-#

package/__tests__/fixtures/single-style.html

@@ -1,8 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<style>* { display: none; }</style>
-</head>
-<body>
-</body>
-</html>

package/__tests__/fixtures/single-style.sha256

@@ -1,4 +0,0 @@
-# element hashes
-sha256-ZRXDQAaaiAOOtUbmDL5Ty2JR8Zf1AonXn6DCmchNhvk=
-# attribute hashes
-#

package/__tests__/fixtures/single-style.sha384

@@ -1,4 +0,0 @@
-# element hashes
-sha384-fR76DAgrmWR4v7rpv4JBvCihgpwA2GRb4b6e4o+ThYYMJ4FQLX3l+EwzySAPxzbN
-# attribute hashes
-#

package/__tests__/fixtures/single-style.sha512

@@ -1,4 +0,0 @@
-# element hashes
-sha512-dtOFpumNJPKES8S72UuTAXS6daEMYQKpRpCzlFAto/DHdx7fH0KK8sO9LjLpOjVWrDXE4G+MtisGdWa19wieSg==
-# attribute hashes
-#

package/__tests__/index.test.js

@@ -1,195 +0,0 @@
-/**
- * Test entry
- */
-/* eslint-env jest */
-const path = require('path');
-const fs = require('fs');
-const hashstream = require('./lib').default;
-const Vinyl = require('vinyl');
-
-require('@babel/register');
-
-function fixtures (glob) {
-  return path.join(__dirname, 'fixtures', glob);
-}
-
-function parseHashFixture (fixtureFilename) {
-  const result = {
-    elements: [],
-    attributes: [],
-    get all () {
-      return this.elements.concat(this.attributes);
-    }
-  };
-
-  try {
-    const re = /#\s*element hashes\s*(?<elements>[^#]+)#\s*attribute hashes\s*(?<attributes>[^#]+)\s*/im;
-    const m = fs.readFileSync(fixtureFilename, { encoding: 'utf8' }).match(re);
-    const elements = m?.groups?.elements;
-    const attributes = m?.groups?.attributes;
-    if (elements) {
-      result.elements.push(...elements.replace(/\s+/g, ' ').split(/\s+/).filter(h => h.length > 0));
-    }
-    if (attributes) {
-      result.attributes.push(...attributes.replace(/\s+/g, ' ').split(/\s+/).filter(h => h.length > 0));
-    }
-  }
-  catch (e) { /* ignore */ }
-
-  return result;
-}
-
-function onStreamError (err) {
-  throw new Error(err.message);
-}
-
-function onStreamFinish (expectedHashes, actualHashes, done) {
-  Object.keys(expectedHashes).forEach(what => {
-    expect(actualHashes[what].all.join(' ')).toEqual(expectedHashes[what].all.join(' '));
-    Object.keys(expectedHashes[what]).forEach(which => {
-      expect(actualHashes[what][which].length).toEqual(expectedHashes[what][which].length);
-      for (let i = 0; i < expectedHashes[what][which].length; ++i) {
-        expect(actualHashes[what][which][i]).toEqual(expectedHashes[what][which][i]);
-      }
-    });
-  });
-  done();
-}
-
-function run (name, algo, replace, {
-  hashFixtureScript = 'none',
-  hashFixtureStyle = 'none'
-} = {}, done) {
-  const srcFile = new Vinyl({
-    path: fixtures(`${name}.html`),
-    cwd: 'test/',
-    base: fixtures(''),
-    contents: fs.readFileSync(fixtures(`${name}.html`))
-  });
-
-  const scriptFixture = fixtures(`${hashFixtureScript}.${algo}`);
-  const styleFixture = fixtures(`${hashFixtureStyle}.${algo}`);
-  const expectedHashes = {
-    script: parseHashFixture(scriptFixture),
-    style: parseHashFixture(styleFixture)
-  };
-  const actualHashes = {
-    script: {
-      elements: [],
-      attributes: []
-    },
-    style: {
-      elements: [],
-      attributes: []
-    }
-  };
-  
-  const stream = hashstream({
-    algo,
-    replace,
-    callback: (path, hashes, contents) => {
-      expect(path).toEqual(fixtures(`${name}.html`));
-      if (replace) {
-        expect(contents).toEqual(srcFile.contents.toString());
-      }
-
-      Object.keys(hashes).forEach(what => {
-        Object.defineProperty(actualHashes[what], 'all', {
-          get: Object.getOwnPropertyDescriptor(hashes[what], 'all').get
-        });
-        Object.keys(hashes[what]).forEach(which => {
-          actualHashes[what][which].push(...hashes[what][which].map(x => x.replace(/'/g, '')));
-        });
-      });
-
-      return contents;
-    }
-  });
-
-  stream.on('error', onStreamError);
-  stream.on('finish', onStreamFinish.bind(null, expectedHashes, actualHashes, done));
-
-  stream.write(srcFile);
-  stream.end();
-}
-
-describe('should hash scripts correctly', () => {
-  const name = 'single-script';
-  const hashFixtureScript = name;
-  it('#sha256', done => { run(name, 'sha256', false, { hashFixtureScript }, done); });
-  it('#sha384', done => { run(name, 'sha384', false, { hashFixtureScript }, done); });
-  it('#sha512', done => { run(name, 'sha512', false, { hashFixtureScript }, done); });
-});
-
-describe('should hash styles correctly', () => {
-  const name = 'single-style';
-  const hashFixtureStyle = name;
-  it('#sha256', done => { run(name, 'sha256', false, { hashFixtureStyle }, done); });
-  it('#sha384', done => { run(name, 'sha384', false, { hashFixtureStyle }, done); });
-  it('#sha512', done => { run(name, 'sha512', false, { hashFixtureStyle }, done); });
-});
-
-describe('should hash multiple script tags', () => {
-  const name = 'multiple-scripts';
-  const hashFixtureScript = name;
-  it('#sha256', done => { run(name, 'sha256', false, { hashFixtureScript }, done); });
-  it('#sha384', done => { run(name, 'sha384', false, { hashFixtureScript }, done); });
-  it('#sha512', done => { run(name, 'sha512', false, { hashFixtureScript }, done); });
-});
-
-describe('should hash multiple style tags', () => {
-  const name = 'multiple-style';
-  const hashFixtureStyle = name;
-  it('#sha256', done => { run(name, 'sha256', false, { hashFixtureStyle }, done); });
-  it('#sha384', done => { run(name, 'sha384', false, { hashFixtureStyle }, done); });
-  it('#sha512', done => { run(name, 'sha512', false, { hashFixtureStyle }, done); });
-});
-
-describe('should ignore scripts with src attribute', () => {
-  const name = 'script-src';
-  const hashFixtureScript = name;
-  it('#sha256', done => { run(name, 'sha256', false, { hashFixtureScript }, done); });
-  it('#sha384', done => { run(name, 'sha384', false, { hashFixtureScript }, done); });
-  it('#sha512', done => { run(name, 'sha512', false, { hashFixtureScript }, done); });
-});
-
-it('should throw an exception on invalid algo', () => {
-  expect(() => hashstream({ algo: 'invalid' })).toThrow();
-});
-
-it('should throw an exception on invalid callbacks', () => {
-  expect(() => hashstream({})).toThrow();
-});
-
-describe('should hash multiple script tags and attributes', () => {
-  const name = 'multiple-scripts-attr';
-  const hashFixtureScript = name;
-  it('#sha256', done => { run(name, 'sha256', false, { hashFixtureScript }, done); });
-  it('#sha384', done => { run(name, 'sha384', false, { hashFixtureScript }, done); });
-  it('#sha512', done => { run(name, 'sha512', false, { hashFixtureScript }, done); });
-});
-
-describe('should hash multiple style tags and attributes', () => {
-  const name = 'multiple-style-attr';
-  const hashFixtureStyle = name;
-  it('#sha256', done => { run(name, 'sha256', false, { hashFixtureStyle }, done); });
-  it('#sha384', done => { run(name, 'sha384', false, { hashFixtureStyle }, done); });
-  it('#sha512', done => { run(name, 'sha512', false, { hashFixtureStyle }, done); });
-});
-
-describe('should hash multiple style tags and attributes (REPLACE OPTION)', () => {
-  const name = 'multiple-style-attr';
-  const hashFixtureStyle = name;
-  it('#sha256', done => { run(name, 'sha256', true, { hashFixtureStyle }, done); });
-  it('#sha384', done => { run(name, 'sha384', true, { hashFixtureStyle }, done); });
-  it('#sha512', done => { run(name, 'sha512', true, { hashFixtureStyle }, done); });
-});
-
-describe('should hash multiple scripts and styles, elements and attributes', () => {
-  const name = 'multiple-scripts-styles';
-  const hashFixtureScript = `${name}-script`;
-  const hashFixtureStyle = `${name}-style`;
-  it('#sha256', done => { run (name, 'sha256', false, { hashFixtureScript, hashFixtureStyle }, done); });
-  it('#sha384', done => { run (name, 'sha384', false, { hashFixtureScript, hashFixtureStyle }, done); });
-  it('#sha512', done => { run (name, 'sha512', false, { hashFixtureScript, hashFixtureStyle }, done); });
-});

package/babel.config.js

@@ -1,11 +0,0 @@
-module.exports = {
-  presets: [
-    [
-      '@babel/preset-env', {
-        targets: {
-          node: '16'
-        }
-      }
-    ]
-  ]
-};

package/index.js

@@ -1,11 +0,0 @@
-/**
- * CSP Hashes.
- * 
- * Return a Vinyl transform object stream to process html files for
- * generating the required CSP hashes for inline and attribute scripts, styles.
- * 
- * Copyright (c) 2022 Alex Grant (@localnerve), LocalNerve LLC
- * Licensed under the MIT license.
- */
-/* eslint-env node */
-export { default } from './lib/index';

package/jest.config.js

@@ -1,10 +0,0 @@
-module.exports = {
-  collectCoverage: true,
-  coverageDirectory: 'coverage',
-  verbose: true,
-  testEnvironment: 'node',
-  testPathIgnorePatterns: [
-    '/node_modules/',
-    '/tmp'
-  ]
-};

package/lib/index.js

@@ -1,113 +0,0 @@
-/**
- * CSP Hashes.
- * 
- * Return a Vinyl transform object stream to process html files for
- * generating the required CSP hashes for inline and attribute scripts, styles.
- * 
- * Copyright (c) 2022 Alex Grant (@localnerve), LocalNerve LLC
- * Licensed under the MIT license.
- */
-import cheerio from 'cheerio';
-import through2 from 'through2';
-import crypto from 'crypto';
-
-/**
- * Collect all CSP Hashes and fill the given `hashes` structure.
- *
- * @param {Function} hashFn - Creates and formats a csp hash
- * @param {Buffer} html - The html content
- * @param {Object} hashes - The hash structure to fill
- */
-function collectHashes (hashFn, html, hashes) {
-  const $ = cheerio.load(html);
-
-  Object.keys(hashes).forEach(what => {
-    hashes[what].elements = $(`${what}:not([src])`).map(
-      (i, el) => hashFn($(el).html())
-    ).toArray();
-  });
-
-  hashes.style.attributes.push(
-    ...$('[style]').map((i, el) => hashFn($(el).attr('style'))).toArray()
-  );
-
-  const eventHandlerRe = /^on/i;
-  const jsUrlRe = /^javascript:/i;
-
-  $('*').each(function (i, el) {
-    for (const attrName in el.attribs) {
-      if (eventHandlerRe.test(attrName)) {
-        hashes.script.attributes.push(
-          hashFn(el.attribs[attrName])
-        );
-      }
-      if (jsUrlRe.test(el.attribs[attrName])) {
-        hashes.script.attributes.push(
-          hashFn(el.attribs[attrName].split(jsUrlRe)[1])
-        );
-      }
-    }
-  });
-}
-
-/**
- * hashstream
- * Accepts the processing options and returns the Vinyl transform object stream.
- *
- * @param {Object} options
- * @param {Function} options.callback - Function to call to process the csp hashes.
- * @param {String} [options.algo] - hash algorithm, default sha256. Can be sha384, sha512.
- * @param {Boolean} [options.replace] - True if callback is used for meta html replacements, defaults to false.
- * @returns Transform object stream to process Vinyl objects.
- */
-export default function hashstream ({
-  algo = 'sha256',
-  replace = false,
-  callback = null
-} = {}) {
-
-  if (!/^sha(256|384|512)$/.test(algo)) {
-    throw new Error('algo option must be one of "sha256", "sha384", or "sha512" only.');
-  }
-
-  if (typeof callback !== 'function') {
-    throw new Error('callback option must be a valid function.');
-  }
-
-  const createHash = r => crypto.createHash(algo).update(r).digest('base64');
-  const formatHash = h => `'${algo}-${h}'`;
-  const makeCSPHash = s => formatHash(createHash(s));
-
-  return through2.obj((vinyl, enc, done) => {
-    const path = vinyl.path;
-    const content = vinyl.contents;
-
-    const hashes = {
-      script: {
-        elements: [],
-        attributes: [],
-        get all () {
-          return this.elements.concat(this.attributes);
-        }
-      },
-      style: {
-        elements: [],
-        attributes: [],
-        get all () {
-          return this.elements.concat(this.attributes);
-        }
-      }
-    };
-
-    collectHashes(makeCSPHash, content, hashes);
-
-    if (replace) {
-      const s = callback(path, hashes, content.toString());
-      vinyl.contents = Buffer.from(s, enc);
-    } else {
-      callback(path, hashes);
-    }
-
-    done(null, vinyl);
-  });
-}