npm - @slashgear/gdpr-cookie-scanner - Versions diffs - 1.3.0 → 2.0.0 - Mend

@slashgear/gdpr-cookie-scanner 1.3.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (78) hide show

package/.dockerignore +13 -0
package/.github/workflows/ci.yml +8 -2
package/.github/workflows/docker.yml +49 -0
package/.github/workflows/pages.yml +40 -0
package/.github/workflows/release.yml +1 -1
package/.nvmrc +1 -0
package/CHANGELOG.md +87 -0
package/Dockerfile +36 -0
package/README.md +44 -63
package/dist/cli.js +21 -3
package/dist/cli.js.map +1 -1
package/dist/report/generator.d.ts +1 -4
package/dist/report/generator.d.ts.map +1 -1
package/dist/report/generator.js +45 -23
package/dist/report/generator.js.map +1 -1
package/dist/report/html.d.ts +3 -0
package/dist/report/html.d.ts.map +1 -0
package/dist/report/html.js +766 -0
package/dist/report/html.js.map +1 -0
package/dist/types.d.ts +2 -0
package/dist/types.d.ts.map +1 -1
package/docs/index.html +314 -0
package/docs/reports/github.com/after-accept.png +0 -0
package/docs/reports/github.com/after-reject.png +0 -0
package/docs/reports/github.com/gdpr-checklist-github.com-2026-02-22.md +44 -0
package/docs/reports/github.com/gdpr-cookies-github.com-2026-02-22.md +29 -0
package/docs/reports/github.com/gdpr-report-github.com-2026-02-22.md +102 -0
package/docs/reports/github.com/gdpr-report-github.com-2026-02-22.pdf +0 -0
package/docs/reports/gitlab.com/after-accept.png +0 -0
package/docs/reports/gitlab.com/after-reject.png +0 -0
package/docs/reports/gitlab.com/gdpr-checklist-gitlab.com-2026-02-22.md +44 -0
package/docs/reports/gitlab.com/gdpr-cookies-gitlab.com-2026-02-22.md +55 -0
package/docs/reports/gitlab.com/gdpr-report-gitlab.com-2026-02-22.md +200 -0
package/docs/reports/gitlab.com/gdpr-report-gitlab.com-2026-02-22.pdf +0 -0
package/docs/reports/gitlab.com/modal-initial.png +0 -0
package/docs/reports/npmjs.com/after-accept.png +0 -0
package/docs/reports/npmjs.com/after-reject.png +0 -0
package/docs/reports/npmjs.com/gdpr-checklist-npmjs.com-2026-02-22.md +44 -0
package/docs/reports/npmjs.com/gdpr-cookies-npmjs.com-2026-02-22.md +25 -0
package/docs/reports/npmjs.com/gdpr-report-npmjs.com-2026-02-22.md +88 -0
package/docs/reports/npmjs.com/gdpr-report-npmjs.com-2026-02-22.pdf +0 -0
package/docs/reports/reddit.com/after-accept.png +0 -0
package/docs/reports/reddit.com/after-reject.png +0 -0
package/docs/reports/reddit.com/gdpr-checklist-reddit.com-2026-02-22.md +44 -0
package/docs/reports/reddit.com/gdpr-cookies-reddit.com-2026-02-22.md +33 -0
package/docs/reports/reddit.com/gdpr-report-reddit.com-2026-02-22.md +148 -0
package/docs/reports/reddit.com/gdpr-report-reddit.com-2026-02-22.pdf +0 -0
package/docs/reports/reddit.com/modal-initial.png +0 -0
package/docs/reports/stackoverflow.com/after-accept.png +0 -0
package/docs/reports/stackoverflow.com/after-reject.png +0 -0
package/docs/reports/stackoverflow.com/gdpr-checklist-stackoverflow.com-2026-02-22.md +44 -0
package/docs/reports/stackoverflow.com/gdpr-cookies-stackoverflow.com-2026-02-22.md +67 -0
package/docs/reports/stackoverflow.com/gdpr-report-stackoverflow.com-2026-02-22.md +206 -0
package/docs/reports/stackoverflow.com/gdpr-report-stackoverflow.com-2026-02-22.pdf +0 -0
package/docs/reports/stackoverflow.com/modal-initial.png +0 -0
package/docs/reports/www.afp.com/after-accept.png +0 -0
package/docs/reports/www.afp.com/after-reject.png +0 -0
package/docs/reports/www.afp.com/gdpr-checklist-afp.com-2026-02-22.md +44 -0
package/docs/reports/www.afp.com/gdpr-cookies-afp.com-2026-02-22.md +42 -0
package/docs/reports/www.afp.com/gdpr-report-afp.com-2026-02-22.md +202 -0
package/docs/reports/www.afp.com/gdpr-report-afp.com-2026-02-22.pdf +0 -0
package/docs/reports/www.afp.com/modal-initial.png +0 -0
package/docs/style.css +439 -0
package/package.json +10 -7
package/src/cli.ts +28 -4
package/src/report/generator.ts +54 -29
package/src/report/html.ts +940 -0
package/src/types.ts +3 -0
package/tests/e2e/fixtures/compliant-site.html +80 -0
package/tests/e2e/fixtures/no-modal-site.html +17 -0
package/tests/e2e/fixtures/non-compliant-site.html +54 -0
package/tests/e2e/scanner.test.ts +135 -0
package/tests/helpers/test-server.ts +57 -0
package/tests/unit/compliance.test.ts +460 -0
package/tests/unit/cookie-classifier.test.ts +192 -0
package/tests/unit/network-classifier.test.ts +91 -0
package/tests/unit/wording.test.ts +162 -0
package/vitest.config.ts +9 -0

package/docs/reports/www.afp.com/gdpr-report-afp.com-2026-02-22.md ADDED Viewed

@@ -0,0 +1,202 @@
+# GDPR Compliance Report — www.afp.com
+> **Scan date:** 22/02/2026, 19:36:58
+> **Scanned URL:** https://www.afp.com/
+> **Scan duration:** 14.0s
+> **Tool:** gdpr-cookie-scanner v0.1.0
+## Global Compliance Score
+### 🔴 47/100 — Grade D
+| Criterion        | Score      | Progress   | Status |
+| ---------------- | ---------- | ---------- | ------ |
+| Consent validity | 20/25      | ████████░░ | ✅     |
+| Easy refusal     | 10/25      | ████░░░░░░ | ❌     |
+| Transparency     | 14/25      | ██████░░░░ | ⚠️     |
+| Cookie behavior  | 3/25       | █░░░░░░░░░ | ❌     |
+| **TOTAL**        | **47/100** |            | **D**  |
+## Executive Summary
+✅ Consent modal detected (`#onetrust-banner-sdk`).
+❌ **3 non-essential cookie(s)** set before any interaction (RGPD violation).
+❌ **3 non-essential cookie(s)** persisting after rejection (RGPD violation).
+❌ **13 tracker request(s)** fired before consent.
+**3 critical issue(s)** and **3 warning(s)** identified.
+## 1. Consent Modal
+**CSS selector:** `#onetrust-banner-sdk`
+**Granular controls:** ✅ Yes
+**Layer count:** 2
+**Privacy policy link:** ⚠️ Not found in the modal
+### Detected buttons
+| Button         | Text                       | Visible | Font size | Contrast ratio |
+| -------------- | -------------------------- | ------- | --------- | -------------- |
+| ⚙️ Preferences | Paramètres des cookies     | ✅      | 13.008px  | 5.2:1          |
+| ❓ Unknown     | Autoriser tous les cookies | ✅      | 13.008px  | 5.2:1          |
+| 🟢 Accept      | Continuer sans accepter    | ✅      | 11.04px   | 3.83:1         |
+### Screenshot
+![Consent modal](modal-initial.png)
+### Modal text excerpt
+> En cliquant sur « Autoriser tous les cookies », vous acceptez le stockage de cookies sur votre appareil pour améliorer la navigation sur le site, analyser son utilisation et contribuer à nos efforts de marketing. Paramètres des cookies Autoriser tous les cookiesContinuer sans accepter
+## 2. Dark Patterns and Detected Issues
+### ❌ Critical issues
+**No reject button on first layer**
+> CNIL (2022) requires reject to require no more clicks than accept
+**3 non-essential cookie(s) deposited before any interaction**
+> YSC (social), bcookie (advertising), li_gc (advertising)
+**13 tracker request(s) fired before any consent**
+> Google Tag Manager, LinkedIn Insight Tag, Microsoft Clarity, Tracking Pixel
+### ⚠️ Warnings
+**Missing required information: "third-parties"**
+> The consent text does not mention third-parties
+**Missing required information: "withdrawal"**
+> The consent text does not mention withdrawal
+**No privacy policy link found in the consent modal**
+> GDPR Art. 13 requires the privacy policy to be accessible from the consent interface
+## 3. Cookies Set Before Any Interaction
+| Name                                                | Domain        | Category    | Expiry    | Consent required |
+| --------------------------------------------------- | ------------- | ----------- | --------- | ---------------- |
+| `__Secure-YNID`                                     | .youtube.com  | unknown     | 6 months  | ✅ No            |
+| `YSC`                                               | .youtube.com  | social      | Session   | ⚠️ Yes           |
+| `__Secure-ROLLOUT_TOKEN`                            | .youtube.com  | unknown     | 6 months  | ✅ No            |
+| `VISITOR_INFO1_LIVE`                                | .youtube.com  | unknown     | 6 months  | ✅ No            |
+| `VISITOR_PRIVACY_METADATA`                          | .youtube.com  | unknown     | 6 months  | ✅ No            |
+| `_mkto_trk`                                         | .afp.com      | unknown     | 13 months | ✅ No            |
+| `_gcl_au`                                           | .afp.com      | unknown     | 3 months  | ✅ No            |
+| `gtmreferers`                                       | www.afp.com   | unknown     | 3 months  | ✅ No            |
+| `_pcid`                                             | .afp.com      | unknown     | 13 months | ✅ No            |
+| `_pctx`                                             | .afp.com      | unknown     | 13 months | ✅ No            |
+| `_pprv`                                             | .afp.com      | unknown     | 13 months | ✅ No            |
+| `OptanonConsent`                                    | .www.afp.com  | unknown     | 12 months | ✅ No            |
+| `__cf_bm`                                           | .page.afp.com | unknown     | < 1 day   | ✅ No            |
+| `bcookie`                                           | .linkedin.com | advertising | 12 months | ⚠️ Yes           |
+| `li_gc`                                             | .linkedin.com | advertising | 6 months  | ⚠️ Yes           |
+| `lidc`                                              | .linkedin.com | unknown     | 1 days    | ✅ No            |
+| `BIGipServer~VS65000-N117~lon08web-nginx-app_https` | page.afp.com  | unknown     | Session   | ✅ No            |
+## 4. Cookies After Consent Rejection
+✅ No non-essential cookie detected after rejection.
+_No cookies detected._
+## 5. Cookies After Consent Acceptance
+| Name                                                | Domain        | Category    | Expiry    | Consent required |
+| --------------------------------------------------- | ------------- | ----------- | --------- | ---------------- |
+| `AKA_A2`                                            | .afp.com      | unknown     | < 1 day   | ✅ No            |
+| `_mkto_trk`                                         | .afp.com      | unknown     | 13 months | ✅ No            |
+| `__Secure-YNID`                                     | .youtube.com  | unknown     | 6 months  | ✅ No            |
+| `YSC`                                               | .youtube.com  | social      | Session   | ⚠️ Yes           |
+| `VISITOR_INFO1_LIVE`                                | .youtube.com  | unknown     | 6 months  | ✅ No            |
+| `VISITOR_PRIVACY_METADATA`                          | .youtube.com  | unknown     | 6 months  | ✅ No            |
+| `__Secure-ROLLOUT_TOKEN`                            | .youtube.com  | unknown     | 6 months  | ✅ No            |
+| `_gcl_au`                                           | .afp.com      | unknown     | 3 months  | ✅ No            |
+| `gtmreferers`                                       | www.afp.com   | unknown     | 3 months  | ✅ No            |
+| `__cf_bm`                                           | .page.afp.com | unknown     | < 1 day   | ✅ No            |
+| `_pcid`                                             | .afp.com      | unknown     | 13 months | ✅ No            |
+| `_pctx`                                             | .afp.com      | unknown     | 13 months | ✅ No            |
+| `bcookie`                                           | .linkedin.com | advertising | 12 months | ⚠️ Yes           |
+| `li_gc`                                             | .linkedin.com | advertising | 6 months  | ⚠️ Yes           |
+| `lidc`                                              | .linkedin.com | unknown     | 1 days    | ✅ No            |
+| `BIGipServer~VS65000-N117~lon08web-nginx-app_https` | page.afp.com  | unknown     | Session   | ✅ No            |
+| `OptanonAlertBoxClosed`                             | .www.afp.com  | unknown     | 12 months | ✅ No            |
+| `OptanonConsent`                                    | .www.afp.com  | unknown     | 12 months | ✅ No            |
+| `_pprv`                                             | .afp.com      | unknown     | 13 months | ✅ No            |
+## 6. Network Requests — Detected Trackers
+### Before interaction (13 tracker(s))
+| Tracker              | Category    | URL                                                            | Type     |
+| -------------------- | ----------- | -------------------------------------------------------------- | -------- |
+| Google Tag Manager   | analytics   | `https://www.googletagmanager.com/gtm.js?id=GTM-T4C5DKK`       | script   |
+| Google Tag Manager   | analytics   | `https://www.googletagmanager.com/gtag/js?id=AW-1090164081...` | script   |
+| LinkedIn Insight Tag | advertising | `https://snap.licdn.com/li.lms-analytics/insight.min.js`       | script   |
+| Microsoft Clarity    | analytics   | `https://www.clarity.ms/tag/t3we3mu2lf?ref=gtm`                | script   |
+| Tracking Pixel       | pixel       | `https://www.google.com/ccm/collect?frm=0&en=page_view&dl=...` | fetch    |
+| Google Tag Manager   | analytics   | `https://www.googletagmanager.com/static/service_worker/62...` | document |
+| Tracking Pixel       | pixel       | `https://www.google.com/ccm/collect?frm=0&en=page_view&dl=...` | fetch    |
+| Tracking Pixel       | pixel       | `https://kxgqdwd.pa-cd.com/event?s=628508&idclient=mly3a95...` | ping     |
+| Tracking Pixel       | pixel       | `https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=347975...` | image    |
+| Microsoft Clarity    | analytics   | `https://scripts.clarity.ms/0.8.54/clarity.js`                 | script   |
+| Microsoft Clarity    | analytics   | `https://y.clarity.ms/collect`                                 | xhr      |
+| Tracking Pixel       | pixel       | `https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=34797...` | image    |
+| Microsoft Clarity    | analytics   | `https://y.clarity.ms/collect`                                 | xhr      |
+### After acceptance (26 tracker(s))
+| Tracker              | Category    | URL                                                            | Type     |
+| -------------------- | ----------- | -------------------------------------------------------------- | -------- |
+| Google Tag Manager   | analytics   | `https://www.googletagmanager.com/gtm.js?id=GTM-T4C5DKK`       | script   |
+| Google Tag Manager   | analytics   | `https://www.googletagmanager.com/gtag/js?id=AW-1090164081...` | script   |
+| LinkedIn Insight Tag | advertising | `https://snap.licdn.com/li.lms-analytics/insight.min.js`       | script   |
+| Microsoft Clarity    | analytics   | `https://www.clarity.ms/tag/t3we3mu2lf?ref=gtm`                | script   |
+| Google Tag Manager   | analytics   | `https://www.googletagmanager.com/a?id=GTM-T4C5DKK&v=3&t=t...` | image    |
+| Google Tag Manager   | analytics   | `https://www.googletagmanager.com/a?id=GTM-T4C5DKK&v=3&t=t...` | image    |
+| Tracking Pixel       | pixel       | `https://www.google.com/ccm/collect?frm=0&en=page_view&dl=...` | fetch    |
+| Google Tag Manager   | analytics   | `https://www.googletagmanager.com/a?id=GTM-T4C5DKK&v=3&t=t...` | image    |
+| Google Tag Manager   | analytics   | `https://www.googletagmanager.com/a?id=GTM-T4C5DKK&v=3&t=t...` | image    |
+| Google Tag Manager   | analytics   | `https://www.googletagmanager.com/a?id=GTM-T4C5DKK&v=3&t=t...` | image    |
+| Google Tag Manager   | analytics   | `https://www.googletagmanager.com/static/service_worker/62...` | document |
+| Tracking Pixel       | pixel       | `https://www.google.com/ccm/collect?frm=0&en=page_view&dl=...` | fetch    |
+| Google Tag Manager   | analytics   | `https://www.googletagmanager.com/a?ctid=GTM-T4C5DKK&t=s&s...` | image    |
+| Tracking Pixel       | pixel       | `https://kxgqdwd.pa-cd.com/event?s=628508&idclient=mly3ad9...` | ping     |
+| Tracking Pixel       | pixel       | `https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=347975...` | image    |
+| Microsoft Clarity    | analytics   | `https://scripts.clarity.ms/0.8.54/clarity.js`                 | script   |
+| Microsoft Clarity    | analytics   | `https://y.clarity.ms/collect`                                 | xhr      |
+| Tracking Pixel       | pixel       | `https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=34797...` | image    |
+| Google Tag Manager   | analytics   | `https://www.googletagmanager.com/a?id=GTM-T4C5DKK&v=3&t=t...` | image    |
+| Microsoft Clarity    | analytics   | `https://y.clarity.ms/collect`                                 | xhr      |
+_... and 6 additional request(s)._
+## 7. Recommendations
+1. **Add a "Reject all" button** at the first layer of the modal, requiring no more clicks than "Accept all" (CNIL 2022).
+1. **Do not set any non-essential cookie before consent.** Gate the initialisation of third-party scripts on acceptance.
+1. **Complete the modal information**: purposes, identity of sub-processors, retention period, right to withdraw.
+1. **Remove or block non-essential cookies** after rejection, and verify consent handling server-side.
+## Scan Errors and Warnings
+- ⚠️ No reject button found — could not test rejection flow
+## Legal References
+- **RGPD Art. 7** — Conditions for consent
+- **RGPD Recital 32** — Consent must result from an unambiguous positive action
+- **ePrivacy Directive 2002/58/EC** — Consent requirement for non-essential cookies
+- **CEPD Guidelines 05/2020** — Consent under the RGPD
+- **CEPD Guidelines 03/2022** — Dark patterns on platforms
+- **CNIL Recommendation 2022** — Rejection must be as easy as acceptance (same number of clicks)

package/docs/reports/www.afp.com/gdpr-report-afp.com-2026-02-22.pdf ADDED Viewed

Binary file

package/docs/reports/www.afp.com/modal-initial.png ADDED Viewed

Binary file

package/docs/style.css ADDED Viewed

@@ -0,0 +1,439 @@
+/* gdpr-cookie-scanner — landing page styles */
+:root {
+  --color-bg: #ffffff;
+  --color-surface: #f8fafc;
+  --color-border: #e2e8f0;
+  --color-text: #0f172a;
+  --color-text-muted: #64748b;
+  --color-primary: #3b82f6;
+  --color-primary-dark: #2563eb;
+  --color-code-bg: #1e293b;
+  --color-code-text: #e2e8f0;
+  --radius: 0.75rem;
+  --shadow: 0 1px 3px rgba(0, 0, 0, 0.08), 0 1px 2px rgba(0, 0, 0, 0.06);
+  --shadow-md: 0 4px 6px rgba(0, 0, 0, 0.07), 0 2px 4px rgba(0, 0, 0, 0.05);
+  --font: system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
+  --font-mono: ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, monospace;
+}
+@media (prefers-color-scheme: dark) {
+  :root {
+    --color-bg: #0f172a;
+    --color-surface: #1e293b;
+    --color-border: #334155;
+    --color-text: #f1f5f9;
+    --color-text-muted: #94a3b8;
+    --color-primary: #60a5fa;
+    --color-primary-dark: #3b82f6;
+    --color-code-bg: #0f172a;
+    --color-code-text: #e2e8f0;
+    --shadow: 0 1px 3px rgba(0, 0, 0, 0.3);
+    --shadow-md: 0 4px 6px rgba(0, 0, 0, 0.25);
+  }
+}
+*,
+*::before,
+*::after {
+  box-sizing: border-box;
+  margin: 0;
+  padding: 0;
+}
+html {
+  scroll-behavior: smooth;
+}
+body {
+  font-family: var(--font);
+  background: var(--color-bg);
+  color: var(--color-text);
+  line-height: 1.6;
+  font-size: 1rem;
+}
+a {
+  color: var(--color-primary);
+  text-decoration: none;
+}
+a:hover {
+  text-decoration: underline;
+}
+/* ── Layout ── */
+.container {
+  max-width: 1100px;
+  margin: 0 auto;
+  padding: 0 1.5rem;
+}
+section {
+  padding: 5rem 0;
+}
+section:nth-child(even) {
+  background: var(--color-surface);
+}
+/* ── Header ── */
+header {
+  position: sticky;
+  top: 0;
+  z-index: 100;
+  background: var(--color-bg);
+  border-bottom: 1px solid var(--color-border);
+  padding: 1rem 0;
+}
+header .container {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: 1rem;
+}
+.header-logo {
+  display: flex;
+  align-items: center;
+  gap: 0.5rem;
+  font-weight: 700;
+  font-size: 1.1rem;
+  color: var(--color-text);
+  text-decoration: none;
+}
+.header-logo .logo-icon {
+  font-size: 1.4rem;
+}
+.header-nav {
+  display: flex;
+  align-items: center;
+  gap: 1.5rem;
+  flex-wrap: wrap;
+}
+.header-nav a {
+  color: var(--color-text-muted);
+  font-size: 0.9rem;
+  font-weight: 500;
+  transition: color 0.15s;
+}
+.header-nav a:hover {
+  color: var(--color-primary);
+  text-decoration: none;
+}
+/* ── Hero ── */
+.hero {
+  padding: 6rem 0 5rem;
+  text-align: center;
+}
+.hero h1 {
+  font-size: clamp(2rem, 5vw, 3.25rem);
+  font-weight: 800;
+  line-height: 1.2;
+  letter-spacing: -0.02em;
+  margin-bottom: 1.25rem;
+}
+.hero h1 .accent {
+  color: var(--color-primary);
+}
+.hero-tagline {
+  font-size: clamp(1rem, 2.5vw, 1.25rem);
+  color: var(--color-text-muted);
+  max-width: 640px;
+  margin: 0 auto 2.5rem;
+}
+.install-block {
+  display: flex;
+  flex-direction: column;
+  gap: 0.75rem;
+  align-items: center;
+  margin-bottom: 2rem;
+}
+.code-line {
+  display: inline-flex;
+  align-items: center;
+  gap: 0.75rem;
+  background: var(--color-code-bg);
+  color: var(--color-code-text);
+  font-family: var(--font-mono);
+  font-size: 0.9rem;
+  padding: 0.6rem 1.2rem;
+  border-radius: 0.5rem;
+  white-space: nowrap;
+}
+.code-line .prompt {
+  color: #64748b;
+  user-select: none;
+}
+.hero-links {
+  display: flex;
+  gap: 1rem;
+  justify-content: center;
+  flex-wrap: wrap;
+}
+.btn {
+  display: inline-flex;
+  align-items: center;
+  gap: 0.4rem;
+  padding: 0.6rem 1.4rem;
+  border-radius: 0.5rem;
+  font-weight: 600;
+  font-size: 0.95rem;
+  transition:
+    opacity 0.15s,
+    transform 0.1s;
+  text-decoration: none;
+}
+.btn:hover {
+  opacity: 0.9;
+  transform: translateY(-1px);
+  text-decoration: none;
+}
+.btn-primary {
+  background: var(--color-primary);
+  color: #fff;
+}
+.btn-outline {
+  border: 1.5px solid var(--color-border);
+  color: var(--color-text);
+  background: transparent;
+}
+/* ── Features ── */
+.section-title {
+  font-size: clamp(1.5rem, 3vw, 2.25rem);
+  font-weight: 700;
+  text-align: center;
+  margin-bottom: 0.75rem;
+  letter-spacing: -0.01em;
+}
+.section-subtitle {
+  text-align: center;
+  color: var(--color-text-muted);
+  margin-bottom: 3rem;
+  font-size: 1.05rem;
+}
+.features-grid {
+  display: grid;
+  grid-template-columns: repeat(auto-fit, minmax(220px, 1fr));
+  gap: 1.5rem;
+}
+.feature-card {
+  background: var(--color-bg);
+  border: 1px solid var(--color-border);
+  border-radius: var(--radius);
+  padding: 1.75rem;
+  box-shadow: var(--shadow);
+}
+.feature-icon {
+  font-size: 2rem;
+  margin-bottom: 1rem;
+}
+.feature-card h3 {
+  font-size: 1.05rem;
+  font-weight: 700;
+  margin-bottom: 0.5rem;
+}
+.feature-card p {
+  color: var(--color-text-muted);
+  font-size: 0.9rem;
+  line-height: 1.6;
+}
+/* ── Live Reports ── */
+.reports-grid {
+  display: grid;
+  grid-template-columns: repeat(auto-fit, minmax(280px, 1fr));
+  gap: 1.5rem;
+}
+.report-card {
+  background: var(--color-bg);
+  border: 1px solid var(--color-border);
+  border-radius: var(--radius);
+  padding: 1.5rem;
+  box-shadow: var(--shadow);
+  display: flex;
+  flex-direction: column;
+  gap: 1rem;
+}
+.report-header {
+  display: flex;
+  align-items: center;
+  gap: 1rem;
+}
+.grade-badge {
+  width: 3rem;
+  height: 3rem;
+  border-radius: 0.5rem;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  font-size: 1.5rem;
+  font-weight: 800;
+  color: #fff;
+  flex-shrink: 0;
+}
+.grade-A {
+  background: #22c55e;
+}
+.grade-B {
+  background: #84cc16;
+}
+.grade-C {
+  background: #eab308;
+}
+.grade-D {
+  background: #f97316;
+}
+.grade-F {
+  background: #ef4444;
+}
+.report-meta h3 {
+  font-size: 1rem;
+  font-weight: 700;
+  margin-bottom: 0.15rem;
+}
+.report-meta .score {
+  font-size: 0.85rem;
+  color: var(--color-text-muted);
+}
+.report-date {
+  font-size: 0.8rem;
+  color: var(--color-text-muted);
+}
+.report-card .btn {
+  align-self: flex-start;
+  font-size: 0.85rem;
+  padding: 0.45rem 1rem;
+}
+/* ── How it works ── */
+.steps {
+  display: grid;
+  grid-template-columns: repeat(auto-fit, minmax(220px, 1fr));
+  gap: 1.5rem;
+  counter-reset: steps;
+}
+.step {
+  background: var(--color-bg);
+  border: 1px solid var(--color-border);
+  border-radius: var(--radius);
+  padding: 1.75rem;
+  box-shadow: var(--shadow);
+  position: relative;
+}
+.step-number {
+  width: 2.25rem;
+  height: 2.25rem;
+  background: var(--color-primary);
+  color: #fff;
+  border-radius: 50%;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  font-weight: 700;
+  font-size: 0.9rem;
+  margin-bottom: 1rem;
+}
+.step h3 {
+  font-size: 1rem;
+  font-weight: 700;
+  margin-bottom: 0.5rem;
+}
+.step p {
+  color: var(--color-text-muted);
+  font-size: 0.9rem;
+  line-height: 1.6;
+}
+/* ── Footer ── */
+footer {
+  border-top: 1px solid var(--color-border);
+  padding: 2.5rem 0;
+}
+footer .container {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  flex-wrap: wrap;
+  gap: 1rem;
+}
+.footer-copy {
+  font-size: 0.875rem;
+  color: var(--color-text-muted);
+}
+.footer-links {
+  display: flex;
+  gap: 1.25rem;
+  flex-wrap: wrap;
+}
+.footer-links a {
+  font-size: 0.875rem;
+  color: var(--color-text-muted);
+}
+.footer-links a:hover {
+  color: var(--color-primary);
+}
+/* ── Responsive tweaks ── */
+@media (max-width: 640px) {
+  .header-nav {
+    gap: 1rem;
+  }
+  section {
+    padding: 3.5rem 0;
+  }
+  .hero {
+    padding: 4rem 0 3rem;
+  }
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@slashgear/gdpr-cookie-scanner",
-  "version": "1.3.0",
+  "version": "2.0.0",
   "description": "CLI tool to scan websites for GDPR cookie consent compliance",
   "keywords": [
     "compliance",
@@ -12,15 +12,15 @@
     "rgpd",
     "scanner"
   ],
-  "homepage": "https://github.com/Slashgear/gdpr-report#readme",
+  "homepage": "https://github.com/Slashgear/gdpr-cookie-scanner#readme",
   "bugs": {
-    "url": "https://github.com/Slashgear/gdpr-report/issues"
+    "url": "https://github.com/Slashgear/gdpr-cookie-scanner/issues"
   },
   "license": "MIT",
   "author": "Antoine Caron (https://slashgear.github.io)",
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/Slashgear/gdpr-report.git"
+    "url": "git+https://github.com/Slashgear/gdpr-cookie-scanner.git"
   },
   "bin": {
     "gdpr-scan": "dist/cli.js"
@@ -41,12 +41,13 @@
   "devDependencies": {
     "@changesets/cli": "^2.29.8",
     "@types/node": "^22.0.0",
-    "oxfmt": "^0.33.0",
+    "oxfmt": "^0.34.0",
     "oxlint": "^1.48.0",
-    "typescript": "^5.5.0"
+    "typescript": "^5.5.0",
+    "vitest": "^4.0.18"
   },
   "engines": {
-    "node": ">=20.0.0"
+    "node": ">=24.0.0"
   },
   "scripts": {
     "build": "tsc",
@@ -57,6 +58,8 @@
     "format": "oxfmt .",
     "format:check": "oxfmt --check .",
     "typecheck": "tsc --noEmit",
+    "test": "vitest run",
+    "test:watch": "vitest",
     "changeset": "changeset"
   }
 }