@slashgear/gdpr-cookie-scanner 3.2.2 → 3.4.0

package/.github/workflows/ci.yml

@@ -43,4 +43,23 @@ jobs:
         run: pnpm exec playwright install chromium --with-deps
 
       - name: Test
-        run: pnpm test
+        id: test
+        run: |
+          start=$(date +%s)
+          pnpm test
+          echo "duration=$(( $(date +%s) - start ))" >> "$GITHUB_OUTPUT"
+
+      - name: Record test suite duration
+        if: always()
+        run: |
+          duration="${{ steps.test.outputs.duration }}"
+          echo "## Test suite duration" >> "$GITHUB_STEP_SUMMARY"
+          echo "" >> "$GITHUB_STEP_SUMMARY"
+          echo "| Suite | Duration |" >> "$GITHUB_STEP_SUMMARY"
+          echo "| ----- | -------- |" >> "$GITHUB_STEP_SUMMARY"
+          echo "| unit + e2e | ${duration}s |" >> "$GITHUB_STEP_SUMMARY"
+          if [ "${duration:-0}" -gt 300 ]; then
+            echo "" >> "$GITHUB_STEP_SUMMARY"
+            echo "> [!WARNING]" >> "$GITHUB_STEP_SUMMARY"
+            echo "> Suite exceeded 300 s — possible performance regression." >> "$GITHUB_STEP_SUMMARY"
+          fi

package/.github/workflows/release.yml

@@ -21,7 +21,7 @@ jobs:
 
       - uses: actions/setup-node@v4
         with:
-          node-version: 22
+          node-version: 24
           cache: pnpm
           registry-url: https://registry.npmjs.org
 

package/CHANGELOG.md

@@ -1,5 +1,164 @@
 # @slashgear/gdpr-cookie-scanner
 
+## 3.4.0
+
+### Minor Changes
+
+- 39794dc: Crop consent modal screenshot to the element; make after-reject/accept screenshots opt-in.
+
+  Two behaviour changes:
+
+  **Modal screenshot is now always captured (cropped)**
+  The consent modal screenshot (`modal-initial.png`) is taken whenever a modal
+  is detected and `outputDir` is set, regardless of the `--screenshots` flag.
+  The screenshot is clipped to the bounding box of the modal element instead of
+  capturing the full viewport, giving a tighter, more readable image. If the
+  bounding box cannot be determined (rare), it falls back to the viewport
+  screenshot.
+
+  **`--no-screenshots` replaced by `--screenshots`**
+  Previously all three screenshots were enabled by default and `--no-screenshots`
+  opted out. Now only the modal screenshot is taken by default; passing
+  `--screenshots` additionally captures `after-reject.png` and `after-accept.png`
+  (full viewport, as before). The `screenshots` field in `ScanOptions` / the
+  programmatic API retains the same type (`boolean`) with updated semantics:
+  `false` (default) = modal only; `true` = modal + after-reject + after-accept.
+
+- 6a71a18: Add multi-language consent button detection (de, es, it, nl, pl, pt).
+
+  Previously, button classification only covered French and English, causing
+  false "no reject button" findings on sites served in other EU locales.
+
+  The fix has two parts:
+
+  1. **Locale-aware pattern map** — `ACCEPT_PATTERNS` / `REJECT_PATTERNS` /
+     `PREFERENCES_PATTERNS` are replaced by a `PATTERNS_BY_LOCALE` map keyed by
+     BCP 47 primary subtag, covering `en`, `fr`, `de`, `es`, `it`, `nl`, `pl`,
+     `pt`. Polish patterns use a negative lookbehind instead of `\b` because
+     several Polish words end in non-ASCII characters (ć, ę, ó) that fall
+     outside JS `\w`.
+
+  2. **`<html lang>` detection** — `detectConsentModal` now reads the page's
+     declared language from `document.documentElement.lang` and normalises it to
+     a primary subtag (e.g. `"de-DE"` → `"de"`). When the language is
+     recognised, only that locale's patterns plus English (universal fallback)
+     are tested. When the language is missing or unsupported, all available
+     patterns are tried — preserving the previous behaviour for unknown pages.
+
+  The public export `classifyButtonText(text, lang)` is added for testing and
+  programmatic use; 56 new unit tests cover every supported locale.
+
+### Patch Changes
+
+- ceed240: Add unit tests for `computeContrastRatio`, `parseRgb`, and `relativeLuminance`.
+
+  These three pure functions in `consent-modal.ts` were previously only exercised
+  indirectly through the E2E suite. The new test file
+  (`tests/scanner/contrast-ratio.test.ts`) covers the happy path, edge cases
+  (identical colours, fully transparent rgba, non-integer ratios), and documents
+  the known limitations — named colours (`white`, `black`) and hex values (`#fff`)
+  return `null` until the parser is extended.
+
+  The functions are now exported so they can be imported by the test suite without
+  moving them to a separate module.
+
+- df24a36: Fix consent modal detection for CMPs that start hidden (e.g. Axeptio).
+
+  `MODAL_SELECTORS` was a single flat list where every candidate was required to
+  pass `isVisible()`. CMPs such as Axeptio inject their overlay as `display:none`
+  during initialisation and reveal it via JS animation a few hundred milliseconds
+  later. The visibility check caused the scanner to skip `#axeptio_overlay` and
+  fall through to the first matching generic heuristic (e.g. `[id*='consent']`),
+  which could be a completely unrelated element.
+
+  The list is now split into two:
+
+  - **`CMP_SELECTORS`** — precise, platform-specific identifiers. DOM presence
+    alone is treated as a reliable signal. Once the element is found the scanner
+    waits up to 3 s for it to become visible (so button extraction sees an
+    interactive state) but proceeds regardless, preventing a slow CMP from
+    silently falling back to a wrong heuristic.
+  - **`HEURISTIC_SELECTORS`** — broad patterns that could match unrelated
+    elements. Visibility is still required to avoid false positives.
+
+- f9efe0b: Normalise button text whitespace before classification.
+
+  `classifyButtonType` previously received raw `textContent` that had only been
+  `.trim()`-ed. CMP HTML templates frequently embed `&nbsp;` (U+00A0), newlines,
+  or tabs inside button labels, causing pattern matching to silently fail.
+
+  A `normalizeText` helper now collapses any whitespace sequence (including
+  U+00A0 and all Unicode spaces covered by JS `\s`) into a single ASCII space
+  before the regex is tested. The normalisation is applied in two places:
+
+  - `classifyButtonText` (public export) — defensive normalisation of any caller-
+    provided string.
+  - `extractButtons` — the raw `el.textContent()` result is normalised before
+    being stored in `ConsentButton.text` and before classification, so the
+    report also shows the cleaned label.
+
+## 3.3.0
+
+### Minor Changes
+
+- 7c128b9: Add `--json-summary` flag to emit a machine-readable JSON line on stdout after the scan.
+
+  CI pipelines that use `--fail-on` previously had to parse the full report file to extract
+  score, grade, and issue details programmatically. With `--json-summary`, a single JSON line
+  is written to stdout at the end of every scan (pass or fail), containing the URL, score,
+  grade, pass/fail status, threshold, score breakdown, and issue list.
+
+  ```bash
+  gdpr-scan scan https://example.com --fail-on B --json-summary \
+    | grep '^{' | jq '{grade: .grade, passed: .passed}'
+  ```
+
+- faa6da8: Add `--strict` flag: treat unrecognised cookies and unknown third-party requests as requiring consent.
+
+  By default, cookies and network requests that do not match any known pattern are assumed
+  to be first-party and consent-free (conservative). This avoids false positives but lets
+  obfuscated or emerging tracking cookies slip through undetected.
+
+  With `--strict`, the classifier falls back to `requiresConsent: true` for anything
+  unrecognised, making the scan more aggressive. Use this when auditing sites where you
+  suspect custom tracking solutions not yet in the pattern database.
+
+  CLI: `gdpr-scan scan https://example.com --strict`
+
+  Programmatic API: `await scan(url, { strict: true })`
+
+- df30f31: Add `--viewport` option to scan with desktop, tablet, or mobile browser dimensions.
+
+  All scans previously used a fixed 1280×900 desktop viewport. Many consent banners
+  have different layouts on mobile (bottom sheets, full-screen overlays) that can only
+  be tested with the correct viewport and user-agent.
+
+  Three presets are available:
+
+  | Preset    | Dimensions | User-agent       |
+  | --------- | ---------- | ---------------- |
+  | `desktop` | 1280×900   | Chrome on macOS  |
+  | `tablet`  | 768×1024   | Safari on iPad   |
+  | `mobile`  | 390×844    | Safari on iPhone |
+
+  CLI: `gdpr-scan scan https://example.com --viewport mobile`
+
+  Programmatic API: `await scan(url, { viewport: 'mobile' })`
+
+  Default is `desktop` — no change to existing behaviour.
+
+### Patch Changes
+
+- 6eb4c3d: Add Fathom, Simple Analytics, Cabin, and Pirsch to the consent-exempt analytics list.
+
+  These tools are cookieless, collect no personal data, and do not cross-reference data
+  with other processing — meeting the CNIL conditions for analytics exempt from the
+  ePrivacy consent requirement. Only Plausible was previously listed; sites using any
+  of these four tools were incorrectly flagged as loading trackers before consent.
+
+  Domains added: `cdn.usefathom.com`, `scripts.simpleanalyticscdn.com`,
+  `api.simpleanalytics.io`, `scripts.withcabin.com`, `api.pirsch.io`.
+
 ## 3.2.2
 
 ### Patch Changes

package/NEXT_STEPS.md

@@ -14,25 +14,6 @@ Ideas and improvement areas for `gdpr-cookie-scanner`. Not a roadmap — pick wh
 
 ---
 
-## Language support
-
-Currently only French and English patterns are covered. A lot of EU sites served in other locales will get false "no reject button" results.
-
-Languages to add at minimum (ordered by EU population / GDPR enforcement activity):
-
-| Locale  | Reject examples          | Accept examples                  |
-| ------- | ------------------------ | -------------------------------- |
-| `de-DE` | Ablehnen, Alle ablehnen  | Alle akzeptieren, Zustimmen      |
-| `es-ES` | Rechazar, Rechazar todo  | Aceptar, Aceptar todo            |
-| `it-IT` | Rifiuta, Rifiuta tutto   | Accetta, Accetta tutto           |
-| `nl-NL` | Weigeren, Alles weigeren | Accepteren, Alles accepteren     |
-| `pl-PL` | Odrzuć, Odrzuć wszystkie | Zaakceptuj, Zaakceptuj wszystkie |
-| `pt-PT` | Rejeitar, Rejeitar tudo  | Aceitar, Aceitar tudo            |
-
-The patterns live in `src/scanner/consent-modal.ts`. A locale-aware pattern map keyed by BCP 47 tag would be cleaner than one giant regex.
-
----
-
 ## Dark pattern detection gaps
 
 Patterns that are explicitly listed in CNIL/EDPB guidelines but not yet detected:
@@ -53,8 +34,6 @@ Patterns that are explicitly listed in CNIL/EDPB guidelines but not yet detected
 
 - **Configurable wait times** — the `waitForTimeout(2000)` / `waitForTimeout(3000)` values in `scanner/index.ts` are hardcoded. Some pages need more time (heavy SPAs); others waste time. Expose them as `ScanOptions` fields with sensible defaults.
 
-- **Mobile viewport** — all scans use a 1280×900 desktop viewport. Many consent banners have different layouts on mobile (bottom sheets, full-screen overlays). A `--viewport mobile|tablet|desktop` option would let users test the responsive behaviour.
-
 - **Multi-page scanning** — run the scan across several URLs of the same domain (home page + one inner page) and merge results. Useful for detecting banners that only appear on the first visit, or trackers that fire on specific pages.
 
 - **Batch mode** — accept a list of URLs (file or `--url` repeated) and produce a summary report alongside individual reports. Useful for agencies auditing multiple client sites.
@@ -67,10 +46,6 @@ Patterns that are explicitly listed in CNIL/EDPB guidelines but not yet detected
 
 - **Tracker database size** — the hardcoded list (`src/classifiers/tracker-list.ts`) currently has ~55 entries. The monthly auto-update workflow merges Disconnect.me and DuckDuckGo Tracker Radar entries but the result needs review before merge. Consider auto-approving updates that only add entries (no removals or category changes).
 
-- **Cookieless analytics exemptions** — only Plausible is marked `consentRequired: false`. Fathom, Simple Analytics, Cabin, and Pirsch have the same privacy-by-design model and should be listed.
-
-- **Unknown first-party cookies default** — unknown cookies default to `requiresConsent: false` (conservative). This means new or obfuscated tracking cookies slip through. Consider a stricter mode (`--strict`) that flips the default to `requiresConsent: true` for unrecognised cookies.
-
 ---
 
 ## Report improvements
@@ -81,24 +56,14 @@ Patterns that are explicitly listed in CNIL/EDPB guidelines but not yet detected
 
 - **Historical comparison** — if a previous JSON report for the same hostname exists in the output directory, surface a diff (score delta, issues resolved/introduced). Useful for tracking progress over time.
 
-- **Structured exit summary** — when `--fail-on` causes an exit 1, emit a machine-readable summary to stdout (JSON lines) so CI systems can parse it without reading the full report file.
-
 ---
 
 ## Testing
 
 - **Report output tests** — no tests currently validate the content of generated Markdown, HTML, or JSON files. Add snapshot tests for at least the JSON output and spot-checks for key sections in HTML.
 
-- **Contrast ratio unit tests** — `computeContrastRatio` is pure logic but only exercised through E2E tests. Deserves a dedicated unit test file covering edge cases (identical colours, transparent backgrounds, named/hex inputs once supported).
-
-- **Locale-specific button pattern tests** — once multi-language patterns land, add a test case per locale to prevent regressions.
-
-- **Performance baseline** — the E2E suite takes ~2 minutes. As features grow, tracking suite duration in CI would help catch regressions early.
-
 ---
 
 ## Infrastructure
 
-- **Node version consistency** — CI runs Node 24 but the release workflow runs Node 22. Align to a single version across all workflows.
-
 - **Pre-built GitHub Action** — a dedicated `uses: slashgear/gdpr-cookie-scanner-action@v1` action would make the GitHub Actions integration one step instead of running the Docker container manually. The action wrapper would handle artifact upload and PR comments automatically.

package/README.md

@@ -63,15 +63,18 @@ gdpr-scan scan <url> [options]
 
 ### Options
 
-| Option                   | Default          | Description                                                                                                  |
-| ------------------------ | ---------------- | ------------------------------------------------------------------------------------------------------------ |
-| `-o, --output <dir>`     | `./gdpr-reports` | Output directory for the report                                                                              |
-| `-t, --timeout <ms>`     | `30000`          | Navigation timeout                                                                                           |
-| `-f, --format <formats>` | `html`           | Output formats: `md`, `html`, `json`, `pdf` (comma-separated)                                                |
-| `--fail-on <threshold>`  | `F`              | Exit with code 1 if grade is below this letter (`A`/`B`/`C`/`D`/`F`) or score is below this number (`0–100`) |
-| `--no-screenshots`       | —                | Disable screenshot capture                                                                                   |
-| `-l, --locale <locale>`  | `fr-FR`          | Browser locale                                                                                               |
-| `-v, --verbose`          | —                | Show full stack trace on error                                                                               |
+| Option                   | Default          | Description                                                                                                                       |
+| ------------------------ | ---------------- | --------------------------------------------------------------------------------------------------------------------------------- |
+| `-o, --output <dir>`     | `./gdpr-reports` | Output directory for the report                                                                                                   |
+| `-t, --timeout <ms>`     | `30000`          | Navigation timeout                                                                                                                |
+| `-f, --format <formats>` | `html`           | Output formats: `md`, `html`, `json`, `pdf` (comma-separated)                                                                     |
+| `--viewport <preset>`    | `desktop`        | Viewport preset: `desktop` (1280×900), `tablet` (768×1024), `mobile` (390×844)                                                    |
+| `--fail-on <threshold>`  | `F`              | Exit with code 1 if grade is below this letter (`A`/`B`/`C`/`D`/`F`) or score is below this number (`0–100`)                      |
+| `--json-summary`         | —                | Emit a machine-readable JSON line to stdout after the scan (parseable by `jq`)                                                    |
+| `--strict`               | —                | Treat unrecognised cookies and unknown third-party requests as requiring consent                                                  |
+| `--screenshots`          | —                | Also capture full-page screenshots after reject and accept interactions (the consent modal is always screenshotted when detected) |
+| `-l, --locale <locale>`  | `fr-FR`          | Browser locale                                                                                                                    |
+| `-v, --verbose`          | —                | Show full stack trace on error                                                                                                    |
 
 ### Examples
 
@@ -82,8 +85,8 @@ gdpr-scan scan https://example.com
 # With custom output directory
 gdpr-scan scan https://example.com -o ./reports
 
-# Scan in English, without screenshots
-gdpr-scan scan https://example.com --locale en-US --no-screenshots
+# Scan in English with full interaction screenshots (reject + accept)
+gdpr-scan scan https://example.com --locale en-US --screenshots
 
 # Generate a Markdown report instead
 gdpr-scan scan https://example.com -f md
@@ -91,6 +94,12 @@ gdpr-scan scan https://example.com -f md
 # Generate all formats at once
 gdpr-scan scan https://example.com -f md,html,json,pdf
 
+# Scan with a mobile viewport (390×844, iPhone UA)
+gdpr-scan scan https://example.com --viewport mobile
+
+# Scan with a tablet viewport (768×1024, iPad UA)
+gdpr-scan scan https://example.com --viewport tablet
+
 # Fail (exit 1) if the site is graded below B — useful in CI
 gdpr-scan scan https://example.com --fail-on B
 
@@ -159,6 +168,42 @@ gdpr-scan:
     - if: $CI_PIPELINE_SOURCE == "web"
 ```
 
+### Machine-readable output
+
+Add `--json-summary` to get a single JSON line on stdout after the scan — useful when
+you need to parse results in a script or post them to a webhook without reading the full
+report file.
+
+```bash
+gdpr-scan scan https://example.com --fail-on B --json-summary 2>/dev/null \
+  | grep '^{' | jq '{grade: .grade, score: .score, passed: .passed}'
+```
+
+The JSON line is always emitted (pass or fail) and contains:
+
+```jsonc
+{
+  "url": "https://example.com",
+  "scanDate": "2026-01-01T00:00:00.000Z",
+  "score": 62,
+  "grade": "C",
+  "passed": false,
+  "threshold": "B",
+  "breakdown": {
+    "consentValidity": 20,
+    "easyRefusal": 12,
+    "transparency": 15,
+    "cookieBehavior": 15,
+  },
+  "issues": {
+    "total": 4,
+    "critical": 2,
+    "items": [{ "type": "buried-reject", "severity": "critical", "description": "..." }],
+  },
+  "reportPaths": { "html": "./gdpr-reports/example.com/gdpr-report-example.com-2026-01-01.html" },
+}
+```
+
 ### Threshold reference
 
 | `--fail-on` value | Fails when grade is… | Fails when score is… |
@@ -198,9 +243,10 @@ All fields of `ScanResult` — cookies, network requests, modal analysis, compli
 const result = await scan("https://example.com", {
   locale: "fr-FR", // browser locale, also controls report language
   timeout: 60_000, // navigation timeout in ms (default: 30 000)
-  screenshots: true, // capture screenshots (requires outputDir)
+  screenshots: true, // also capture after-reject and after-accept screenshots (modal is always screenshotted)
   outputDir: "./reports", // where to save screenshots
   verbose: false, // log scanner phases to stdout
+  viewport: "mobile", // 'desktop' (default) | 'tablet' | 'mobile'
 });
 ```
 

package/dist/classifiers/cookie-classifier.d.ts

@@ -3,6 +3,6 @@ interface CookieClassification {
     category: CookieCategory;
     requiresConsent: boolean;
 }
-export declare function classifyCookie(name: string, domain: string, value: string): CookieClassification;
+export declare function classifyCookie(name: string, domain: string, value: string, strict?: boolean): CookieClassification;
 export {};
 //# sourceMappingURL=cookie-classifier.d.ts.map

package/dist/classifiers/cookie-classifier.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cookie-classifier.d.ts","sourceRoot":"","sources":["../../src/classifiers/cookie-classifier.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAElD,UAAU,oBAAoB;IAC5B,QAAQ,EAAE,cAAc,CAAC;IACzB,eAAe,EAAE,OAAO,CAAC;CAC1B;AA2GD,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,oBAAoB,CAahG"}
+{"version":3,"file":"cookie-classifier.d.ts","sourceRoot":"","sources":["../../src/classifiers/cookie-classifier.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAElD,UAAU,oBAAoB;IAC5B,QAAQ,EAAE,cAAc,CAAC;IACzB,eAAe,EAAE,OAAO,CAAC;CAC1B;AA2GD,wBAAgB,cAAc,CAC5B,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,MAAM,EACb,MAAM,UAAQ,GACb,oBAAoB,CActB"}

package/dist/classifiers/cookie-classifier.js

@@ -94,7 +94,7 @@ const COOKIE_PATTERNS = [
         requiresConsent: true,
     },
 ];
-export function classifyCookie(name, domain, value) {
+export function classifyCookie(name, domain, value, strict = false) {
     for (const { pattern, category, requiresConsent } of COOKIE_PATTERNS) {
         if (pattern.test(name)) {
             return { category, requiresConsent };
@@ -104,6 +104,7 @@ export function classifyCookie(name, domain, value) {
     if (name.length <= 4 && !value.includes("=")) {
         return { category: "unknown", requiresConsent: true };
     }
-    return { category: "unknown", requiresConsent: false };
+    // In strict mode, unrecognised cookies are assumed to require consent
+    return { category: "unknown", requiresConsent: strict };
 }
 //# sourceMappingURL=cookie-classifier.js.map

package/dist/classifiers/cookie-classifier.js.map

@@ -1 +1 @@
-{"version":3,"file":"cookie-classifier.js","sourceRoot":"","sources":["../../src/classifiers/cookie-classifier.ts"],"names":[],"mappings":"AAOA;;;GAGG;AACH,MAAM,eAAe,GAIhB;IACH,iEAAiE;IACjE;QACE,OAAO,EAAE,wDAAwD;QACjE,QAAQ,EAAE,oBAAoB;QAC9B,eAAe,EAAE,KAAK;KACvB;IACD,EAAE,OAAO,EAAE,sBAAsB,EAAE,QAAQ,EAAE,oBAAoB,EAAE,eAAe,EAAE,KAAK,EAAE;IAC3F;QACE,OAAO,EAAE,8CAA8C;QACvD,QAAQ,EAAE,oBAAoB;QAC9B,eAAe,EAAE,KAAK;KACvB;IACD;QACE,OAAO,EAAE,gDAAgD;QACzD,QAAQ,EAAE,oBAAoB;QAC9B,eAAe,EAAE,KAAK;KACvB;IACD;QACE,OAAO,EAAE,mCAAmC;QAC5C,QAAQ,EAAE,oBAAoB;QAC9B,eAAe,EAAE,KAAK;KACvB;IACD;QACE,OAAO,EAAE,4CAA4C;QACrD,QAAQ,EAAE,oBAAoB;QAC9B,eAAe,EAAE,KAAK;KACvB;IACD;QACE,OAAO,EAAE,+DAA+D;QACxE,QAAQ,EAAE,oBAAoB;QAC9B,eAAe,EAAE,KAAK;KACvB;IACD;QACE,OAAO,EAAE,0DAA0D;QACnE,QAAQ,EAAE,oBAAoB;QAC9B,eAAe,EAAE,KAAK;KACvB;IAED,kEAAkE;IAClE,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE;IACnE,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE;IACnE,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE;IACpE,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE;IACnE,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE;IACnE,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE;IACpE,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE,EAAE,eAAe;IACpF,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE;IAClE,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE,EAAE,YAAY;IACjF,EAAE,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE,EAAE,UAAU;IAC1F,EAAE,OAAO,EAAE,kBAAkB,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE,EAAE,SAAS;IACxF,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE;IAClE,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE;IACvE,EAAE,OAAO,EAAE,kBAAkB,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE;IAC7E,EAAE,OAAO,EAAE,yBAAyB,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE,EAAE,oBAAoB;IAE1G,kEAAkE;IAClE,EAAE,OAAO,EAAE,kBAAkB,EAAE,QAAQ,EAAE,aAAa,EAAE,eAAe,EAAE,IAAI,EAAE,EAAE,gBAAgB;IACjG;QACE,OAAO,EAAE,2CAA2C;QACpD,QAAQ,EAAE,aAAa;QACvB,eAAe,EAAE,IAAI;KACtB,EAAE,aAAa;IAChB;QACE,OAAO,EAAE,qCAAqC;QAC9C,QAAQ,EAAE,aAAa;QACvB,eAAe,EAAE,IAAI;KACtB,EAAE,YAAY;IACf,EAAE,OAAO,EAAE,mCAAmC,EAAE,QAAQ,EAAE,aAAa,EAAE,eAAe,EAAE,IAAI,EAAE,EAAE,WAAW;IAC7G;QACE,OAAO,EAAE,wDAAwD;QACjE,QAAQ,EAAE,aAAa;QACvB,eAAe,EAAE,IAAI;KACtB;IACD,EAAE,OAAO,EAAE,uBAAuB,EAAE,QAAQ,EAAE,aAAa,EAAE,eAAe,EAAE,IAAI,EAAE,EAAE,SAAS;IAC/F,EAAE,OAAO,EAAE,kBAAkB,EAAE,QAAQ,EAAE,aAAa,EAAE,eAAe,EAAE,IAAI,EAAE;IAC/E,EAAE,OAAO,EAAE,uBAAuB,EAAE,QAAQ,EAAE,aAAa,EAAE,eAAe,EAAE,IAAI,EAAE;IACpF,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,aAAa,EAAE,eAAe,EAAE,IAAI,EAAE,EAAE,SAAS;IAEjF,kEAAkE;IAClE,EAAE,OAAO,EAAE,eAAe,EAAE,QAAQ,EAAE,QAAQ,EAAE,eAAe,EAAE,IAAI,EAAE,EAAE,iBAAiB;IAC1F,EAAE,OAAO,EAAE,kBAAkB,EAAE,QAAQ,EAAE,QAAQ,EAAE,eAAe,EAAE,IAAI,EAAE,EAAE,UAAU;IACtF,EAAE,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,QAAQ,EAAE,eAAe,EAAE,IAAI,EAAE,EAAE,kCAAkC;IAE5G,kEAAkE;IAClE;QACE,OAAO,EAAE,sDAAsD;QAC/D,QAAQ,EAAE,iBAAiB;QAC3B,eAAe,EAAE,IAAI;KACtB;IACD;QACE,OAAO,EAAE,qCAAqC;QAC9C,QAAQ,EAAE,iBAAiB;QAC3B,eAAe,EAAE,IAAI;KACtB;CACF,CAAC;AAEF,MAAM,UAAU,cAAc,CAAC,IAAY,EAAE,MAAc,EAAE,KAAa;IACxE,KAAK,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,eAAe,EAAE,IAAI,eAAe,EAAE,CAAC;QACrE,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,OAAO,EAAE,QAAQ,EAAE,eAAe,EAAE,CAAC;QACvC,CAAC;IACH,CAAC;IAED,6DAA6D;IAC7D,IAAI,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC7C,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC;IACxD,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;AACzD,CAAC"}
+{"version":3,"file":"cookie-classifier.js","sourceRoot":"","sources":["../../src/classifiers/cookie-classifier.ts"],"names":[],"mappings":"AAOA;;;GAGG;AACH,MAAM,eAAe,GAIhB;IACH,iEAAiE;IACjE;QACE,OAAO,EAAE,wDAAwD;QACjE,QAAQ,EAAE,oBAAoB;QAC9B,eAAe,EAAE,KAAK;KACvB;IACD,EAAE,OAAO,EAAE,sBAAsB,EAAE,QAAQ,EAAE,oBAAoB,EAAE,eAAe,EAAE,KAAK,EAAE;IAC3F;QACE,OAAO,EAAE,8CAA8C;QACvD,QAAQ,EAAE,oBAAoB;QAC9B,eAAe,EAAE,KAAK;KACvB;IACD;QACE,OAAO,EAAE,gDAAgD;QACzD,QAAQ,EAAE,oBAAoB;QAC9B,eAAe,EAAE,KAAK;KACvB;IACD;QACE,OAAO,EAAE,mCAAmC;QAC5C,QAAQ,EAAE,oBAAoB;QAC9B,eAAe,EAAE,KAAK;KACvB;IACD;QACE,OAAO,EAAE,4CAA4C;QACrD,QAAQ,EAAE,oBAAoB;QAC9B,eAAe,EAAE,KAAK;KACvB;IACD;QACE,OAAO,EAAE,+DAA+D;QACxE,QAAQ,EAAE,oBAAoB;QAC9B,eAAe,EAAE,KAAK;KACvB;IACD;QACE,OAAO,EAAE,0DAA0D;QACnE,QAAQ,EAAE,oBAAoB;QAC9B,eAAe,EAAE,KAAK;KACvB;IAED,kEAAkE;IAClE,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE;IACnE,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE;IACnE,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE;IACpE,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE;IACnE,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE;IACnE,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE;IACpE,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE,EAAE,eAAe;IACpF,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE;IAClE,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE,EAAE,YAAY;IACjF,EAAE,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE,EAAE,UAAU;IAC1F,EAAE,OAAO,EAAE,kBAAkB,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE,EAAE,SAAS;IACxF,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE;IAClE,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE;IACvE,EAAE,OAAO,EAAE,kBAAkB,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE;IAC7E,EAAE,OAAO,EAAE,yBAAyB,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE,EAAE,oBAAoB;IAE1G,kEAAkE;IAClE,EAAE,OAAO,EAAE,kBAAkB,EAAE,QAAQ,EAAE,aAAa,EAAE,eAAe,EAAE,IAAI,EAAE,EAAE,gBAAgB;IACjG;QACE,OAAO,EAAE,2CAA2C;QACpD,QAAQ,EAAE,aAAa;QACvB,eAAe,EAAE,IAAI;KACtB,EAAE,aAAa;IAChB;QACE,OAAO,EAAE,qCAAqC;QAC9C,QAAQ,EAAE,aAAa;QACvB,eAAe,EAAE,IAAI;KACtB,EAAE,YAAY;IACf,EAAE,OAAO,EAAE,mCAAmC,EAAE,QAAQ,EAAE,aAAa,EAAE,eAAe,EAAE,IAAI,EAAE,EAAE,WAAW;IAC7G;QACE,OAAO,EAAE,wDAAwD;QACjE,QAAQ,EAAE,aAAa;QACvB,eAAe,EAAE,IAAI;KACtB;IACD,EAAE,OAAO,EAAE,uBAAuB,EAAE,QAAQ,EAAE,aAAa,EAAE,eAAe,EAAE,IAAI,EAAE,EAAE,SAAS;IAC/F,EAAE,OAAO,EAAE,kBAAkB,EAAE,QAAQ,EAAE,aAAa,EAAE,eAAe,EAAE,IAAI,EAAE;IAC/E,EAAE,OAAO,EAAE,uBAAuB,EAAE,QAAQ,EAAE,aAAa,EAAE,eAAe,EAAE,IAAI,EAAE;IACpF,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,aAAa,EAAE,eAAe,EAAE,IAAI,EAAE,EAAE,SAAS;IAEjF,kEAAkE;IAClE,EAAE,OAAO,EAAE,eAAe,EAAE,QAAQ,EAAE,QAAQ,EAAE,eAAe,EAAE,IAAI,EAAE,EAAE,iBAAiB;IAC1F,EAAE,OAAO,EAAE,kBAAkB,EAAE,QAAQ,EAAE,QAAQ,EAAE,eAAe,EAAE,IAAI,EAAE,EAAE,UAAU;IACtF,EAAE,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,QAAQ,EAAE,eAAe,EAAE,IAAI,EAAE,EAAE,kCAAkC;IAE5G,kEAAkE;IAClE;QACE,OAAO,EAAE,sDAAsD;QAC/D,QAAQ,EAAE,iBAAiB;QAC3B,eAAe,EAAE,IAAI;KACtB;IACD;QACE,OAAO,EAAE,qCAAqC;QAC9C,QAAQ,EAAE,iBAAiB;QAC3B,eAAe,EAAE,IAAI;KACtB;CACF,CAAC;AAEF,MAAM,UAAU,cAAc,CAC5B,IAAY,EACZ,MAAc,EACd,KAAa,EACb,MAAM,GAAG,KAAK;IAEd,KAAK,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,eAAe,EAAE,IAAI,eAAe,EAAE,CAAC;QACrE,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,OAAO,EAAE,QAAQ,EAAE,eAAe,EAAE,CAAC;QACvC,CAAC;IACH,CAAC;IAED,6DAA6D;IAC7D,IAAI,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC7C,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC;IACxD,CAAC;IAED,sEAAsE;IACtE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,EAAE,CAAC;AAC1D,CAAC"}

package/dist/classifiers/network-classifier.d.ts

@@ -5,6 +5,6 @@ interface NetworkClassification {
     trackerName: string | null;
     requiresConsent: boolean;
 }
-export declare function classifyNetworkRequest(url: string, resourceType: string): NetworkClassification;
+export declare function classifyNetworkRequest(url: string, resourceType: string, strict?: boolean): NetworkClassification;
 export {};
 //# sourceMappingURL=network-classifier.d.ts.map

package/dist/classifiers/network-classifier.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"network-classifier.d.ts","sourceRoot":"","sources":["../../src/classifiers/network-classifier.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,UAAU,qBAAqB;IAC7B,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,EAAE,eAAe,GAAG,IAAI,CAAC;IACxC,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,eAAe,EAAE,OAAO,CAAC;CAC1B;AAED,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,qBAAqB,CAoD/F"}
+{"version":3,"file":"network-classifier.d.ts","sourceRoot":"","sources":["../../src/classifiers/network-classifier.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,UAAU,qBAAqB;IAC7B,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,EAAE,eAAe,GAAG,IAAI,CAAC;IACxC,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,eAAe,EAAE,OAAO,CAAC;CAC1B;AAED,wBAAgB,sBAAsB,CACpC,GAAG,EAAE,MAAM,EACX,YAAY,EAAE,MAAM,EACpB,MAAM,UAAQ,GACb,qBAAqB,CAsDvB"}

package/dist/classifiers/network-classifier.js

@@ -1,5 +1,5 @@
 import { TRACKER_DB, PIXEL_PATTERNS } from "./tracker-list.js";
-export function classifyNetworkRequest(url, resourceType) {
+export function classifyNetworkRequest(url, resourceType, strict = false) {
     let hostname;
     try {
         hostname = new URL(url).hostname.replace(/^www\./, "");
@@ -41,11 +41,13 @@ export function classifyNetworkRequest(url, resourceType) {
             requiresConsent: true,
         };
     }
+    // In strict mode, unrecognised third-party requests are assumed to require consent
+    const isThirdParty = strict;
     return {
-        isThirdParty: false,
+        isThirdParty,
         trackerCategory: null,
         trackerName: null,
-        requiresConsent: false,
+        requiresConsent: strict,
     };
 }
 /**

package/dist/classifiers/network-classifier.js.map

@@ -1 +1 @@
-{"version":3,"file":"network-classifier.js","sourceRoot":"","sources":["../../src/classifiers/network-classifier.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAU/D,MAAM,UAAU,sBAAsB,CAAC,GAAW,EAAE,YAAoB;IACtE,IAAI,QAAgB,CAAC;IAErB,IAAI,CAAC;QACH,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,YAAY,EAAE,KAAK;YACnB,eAAe,EAAE,IAAI;YACrB,WAAW,EAAE,IAAI;YACjB,eAAe,EAAE,KAAK;SACvB,CAAC;IACJ,CAAC;IAED,uDAAuD;IACvD,KAAK,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;QACzD,IAAI,QAAQ,KAAK,MAAM,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,MAAM,EAAE,CAAC,EAAE,CAAC;YAC3D,OAAO;gBACL,YAAY,EAAE,IAAI;gBAClB,eAAe,EAAE,KAAK,CAAC,QAAQ;gBAC/B,WAAW,EAAE,KAAK,CAAC,IAAI;gBACvB,eAAe,EAAE,KAAK,CAAC,eAAe,KAAK,KAAK,IAAI,KAAK,CAAC,QAAQ,KAAK,KAAK;aAC7E,CAAC;QACJ,CAAC;IACH,CAAC;IAED,qCAAqC;IACrC,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;QAC5C,OAAO;YACL,YAAY,EAAE,IAAI;YAClB,eAAe,EAAE,OAAO;YACxB,WAAW,EAAE,gBAAgB;YAC7B,eAAe,EAAE,IAAI;SACtB,CAAC;IACJ,CAAC;IAED,2BAA2B;IAC3B,IAAI,YAAY,KAAK,OAAO,IAAI,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC;QACnD,OAAO;YACL,YAAY,EAAE,IAAI;YAClB,eAAe,EAAE,OAAO;YACxB,WAAW,EAAE,wBAAwB;YACrC,eAAe,EAAE,IAAI;SACtB,CAAC;IACJ,CAAC;IAED,OAAO;QACL,YAAY,EAAE,KAAK;QACnB,eAAe,EAAE,IAAI;QACrB,WAAW,EAAE,IAAI;QACjB,eAAe,EAAE,KAAK;KACvB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,GAAW;IAChC,MAAM,CAAC,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IAC5B,OAAO,CACL,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC1C,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC;QACf,4CAA4C,CAAC,IAAI,CAAC,GAAG,CAAC,CACvD,CAAC;AACJ,CAAC"}
+{"version":3,"file":"network-classifier.js","sourceRoot":"","sources":["../../src/classifiers/network-classifier.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAU/D,MAAM,UAAU,sBAAsB,CACpC,GAAW,EACX,YAAoB,EACpB,MAAM,GAAG,KAAK;IAEd,IAAI,QAAgB,CAAC;IAErB,IAAI,CAAC;QACH,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,YAAY,EAAE,KAAK;YACnB,eAAe,EAAE,IAAI;YACrB,WAAW,EAAE,IAAI;YACjB,eAAe,EAAE,KAAK;SACvB,CAAC;IACJ,CAAC;IAED,uDAAuD;IACvD,KAAK,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;QACzD,IAAI,QAAQ,KAAK,MAAM,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,MAAM,EAAE,CAAC,EAAE,CAAC;YAC3D,OAAO;gBACL,YAAY,EAAE,IAAI;gBAClB,eAAe,EAAE,KAAK,CAAC,QAAQ;gBAC/B,WAAW,EAAE,KAAK,CAAC,IAAI;gBACvB,eAAe,EAAE,KAAK,CAAC,eAAe,KAAK,KAAK,IAAI,KAAK,CAAC,QAAQ,KAAK,KAAK;aAC7E,CAAC;QACJ,CAAC;IACH,CAAC;IAED,qCAAqC;IACrC,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;QAC5C,OAAO;YACL,YAAY,EAAE,IAAI;YAClB,eAAe,EAAE,OAAO;YACxB,WAAW,EAAE,gBAAgB;YAC7B,eAAe,EAAE,IAAI;SACtB,CAAC;IACJ,CAAC;IAED,2BAA2B;IAC3B,IAAI,YAAY,KAAK,OAAO,IAAI,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC;QACnD,OAAO;YACL,YAAY,EAAE,IAAI;YAClB,eAAe,EAAE,OAAO;YACxB,WAAW,EAAE,wBAAwB;YACrC,eAAe,EAAE,IAAI;SACtB,CAAC;IACJ,CAAC;IAED,mFAAmF;IACnF,MAAM,YAAY,GAAG,MAAM,CAAC;IAC5B,OAAO;QACL,YAAY;QACZ,eAAe,EAAE,IAAI;QACrB,WAAW,EAAE,IAAI;QACjB,eAAe,EAAE,MAAM;KACxB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,GAAW;IAChC,MAAM,CAAC,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IAC5B,OAAO,CACL,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC1C,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC;QACf,4CAA4C,CAAC,IAAI,CAAC,GAAG,CAAC,CACvD,CAAC;AACJ,CAAC"}

package/dist/classifiers/tracker-list.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"tracker-list.d.ts","sourceRoot":"","sources":["../../src/classifiers/tracker-list.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,UAAU,YAAY;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,eAAe,CAAC;IAC1B,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED;;;GAGG;AACH,eAAO,MAAM,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,YAAY,CAuFnD,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,cAAc,EAAE,MAAM,EAQlC,CAAC"}
+{"version":3,"file":"tracker-list.d.ts","sourceRoot":"","sources":["../../src/classifiers/tracker-list.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,UAAU,YAAY;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,eAAe,CAAC;IAC1B,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED;;;GAGG;AACH,eAAO,MAAM,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,YAAY,CAmHnD,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,cAAc,EAAE,MAAM,EAQlC,CAAC"}

package/dist/classifiers/tracker-list.js

@@ -70,12 +70,40 @@ export const TRACKER_DB = {
     "optimizely.com": { name: "Optimizely", category: "analytics" },
     "vwo.com": { name: "VWO", category: "analytics" },
     "app.convert.com": { name: "Convert", category: "analytics" },
-    // ── Consent-exempt analytics (CNIL ePrivacy exemption) ───────
+    // ── Consent-exempt analytics ──────────────────────────────────
+    // These tools are cookieless, collect no personal data, and do not
+    // cross-reference with other processing — meeting the CNIL conditions
+    // for analytics tools exempt from the ePrivacy consent requirement.
     "plausible.io": {
         name: "Plausible Analytics",
         category: "analytics",
         consentRequired: false,
     },
+    "cdn.usefathom.com": {
+        name: "Fathom Analytics",
+        category: "analytics",
+        consentRequired: false,
+    },
+    "scripts.simpleanalyticscdn.com": {
+        name: "Simple Analytics",
+        category: "analytics",
+        consentRequired: false,
+    },
+    "api.simpleanalytics.io": {
+        name: "Simple Analytics",
+        category: "analytics",
+        consentRequired: false,
+    },
+    "scripts.withcabin.com": {
+        name: "Cabin Analytics",
+        category: "analytics",
+        consentRequired: false,
+    },
+    "api.pirsch.io": {
+        name: "Pirsch Analytics",
+        category: "analytics",
+        consentRequired: false,
+    },
 };
 /**
  * Patterns for detecting tracking pixels and beacons by URL shape.

package/dist/classifiers/tracker-list.js.map

@@ -1 +1 @@
-{"version":3,"file":"tracker-list.js","sourceRoot":"","sources":["../../src/classifiers/tracker-list.ts"],"names":[],"mappings":"AAQA;;;GAGG;AACH,MAAM,CAAC,MAAM,UAAU,GAAiC;IACtD,iEAAiE;IACjE,sBAAsB,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE,QAAQ,EAAE,WAAW,EAAE;IAC3E,sBAAsB,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE,QAAQ,EAAE,WAAW,EAAE;IAC3E,sBAAsB,EAAE,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,WAAW,EAAE;IAC7E,uBAAuB,EAAE,EAAE,IAAI,EAAE,qBAAqB,EAAE,QAAQ,EAAE,aAAa,EAAE;IACjF,uBAAuB,EAAE,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,aAAa,EAAE;IAC5E,iBAAiB,EAAE,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,aAAa,EAAE;IAC1E,sBAAsB,EAAE,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,aAAa,EAAE;IAC/E,gBAAgB,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,aAAa,EAAE;IACjE,sBAAsB,EAAE,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,aAAa,EAAE;IAC/E,+BAA+B,EAAE,EAAE,IAAI,EAAE,eAAe,EAAE,QAAQ,EAAE,aAAa,EAAE;IAEnF,iEAAiE;IACjE,sBAAsB,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACpE,oBAAoB,EAAE,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACxE,oBAAoB,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,aAAa,EAAE;IACrE,WAAW,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAEzD,iEAAiE;IACjE,cAAc,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,aAAa,EAAE;IAC7D,YAAY,EAAE,EAAE,IAAI,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE;IAClE,mBAAmB,EAAE,EAAE,IAAI,EAAE,eAAe,EAAE,QAAQ,EAAE,aAAa,EAAE;IACvE,uBAAuB,EAAE,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,WAAW,EAAE;IAE9E,iEAAiE;IACjE,YAAY,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE;IACvD,mBAAmB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE;IAE9D,gEAAgE;IAChE,gBAAgB,EAAE,EAAE,IAAI,EAAE,sBAAsB,EAAE,QAAQ,EAAE,aAAa,EAAE;IAC3E,uBAAuB,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAEjE,gEAAgE;IAChE,wBAAwB,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,aAAa,EAAE;IAC1E,uBAAuB,EAAE,EAAE,IAAI,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE;IAC7E,MAAM,EAAE,EAAE,IAAI,EAAE,uBAAuB,EAAE,QAAQ,EAAE,aAAa,EAAE;IAElE,gEAAgE;IAChE,sBAAsB,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE,QAAQ,EAAE,WAAW,EAAE;IAC3E,oBAAoB,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,aAAa,EAAE;IAErE,gEAAgE;IAChE,mBAAmB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,aAAa,EAAE;IAChE,iBAAiB,EAAE,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,aAAa,EAAE;IAC1E,mBAAmB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,aAAa,EAAE;IAEhE,gEAAgE;IAChE,gBAAgB,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE;IAC5D,iBAAiB,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE;IAC7D,oBAAoB,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE;IAClE,kBAAkB,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,WAAW,EAAE;IAE/D,iEAAiE;IACjE,oBAAoB,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,WAAW,EAAE;IACjE,oBAAoB,EAAE,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,WAAW,EAAE;IACxE,aAAa,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE;IACzD,mBAAmB,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE;IAC/D,WAAW,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE;IAErD,gEAAgE;IAChE,mBAAmB,EAAE,EAAE,IAAI,EAAE,eAAe,EAAE,QAAQ,EAAE,gBAAgB,EAAE;IAC1E,cAAc,EAAE,EAAE,IAAI,EAAE,mBAAmB,EAAE,QAAQ,EAAE,gBAAgB,EAAE;IAEzE,gEAAgE;IAChE,qBAAqB,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,aAAa,EAAE;IACtE,cAAc,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,aAAa,EAAE;IAC7D,oBAAoB,EAAE,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,aAAa,EAAE;IAC1E,WAAW,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,aAAa,EAAE;IACvD,iBAAiB,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,aAAa,EAAE;IACpE,eAAe,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE;IACpD,cAAc,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,aAAa,EAAE;IAC7D,aAAa,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,aAAa,EAAE;IAC3D,gBAAgB,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,aAAa,EAAE;IAChE,eAAe,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE;IAE7D,gEAAgE;IAChE,gBAAgB,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,WAAW,EAAE;IAC/D,SAAS,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,WAAW,EAAE;IACjD,iBAAiB,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE;IAE7D,gEAAgE;IAChE,cAAc,EAAE;QACd,IAAI,EAAE,qBAAqB;QAC3B,QAAQ,EAAE,WAAW;QACrB,eAAe,EAAE,KAAK;KACvB;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,cAAc,GAAa;IACtC,oCAAoC;IACpC,qCAAqC;IACrC,0CAA0C;IAC1C,kBAAkB;IAClB,gBAAgB;IAChB,yBAAyB;IACzB,wCAAwC;CACzC,CAAC"}
+{"version":3,"file":"tracker-list.js","sourceRoot":"","sources":["../../src/classifiers/tracker-list.ts"],"names":[],"mappings":"AAQA;;;GAGG;AACH,MAAM,CAAC,MAAM,UAAU,GAAiC;IACtD,iEAAiE;IACjE,sBAAsB,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE,QAAQ,EAAE,WAAW,EAAE;IAC3E,sBAAsB,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE,QAAQ,EAAE,WAAW,EAAE;IAC3E,sBAAsB,EAAE,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,WAAW,EAAE;IAC7E,uBAAuB,EAAE,EAAE,IAAI,EAAE,qBAAqB,EAAE,QAAQ,EAAE,aAAa,EAAE;IACjF,uBAAuB,EAAE,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,aAAa,EAAE;IAC5E,iBAAiB,EAAE,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,aAAa,EAAE;IAC1E,sBAAsB,EAAE,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,aAAa,EAAE;IAC/E,gBAAgB,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,aAAa,EAAE;IACjE,sBAAsB,EAAE,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,aAAa,EAAE;IAC/E,+BAA+B,EAAE,EAAE,IAAI,EAAE,eAAe,EAAE,QAAQ,EAAE,aAAa,EAAE;IAEnF,iEAAiE;IACjE,sBAAsB,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACpE,oBAAoB,EAAE,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACxE,oBAAoB,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,aAAa,EAAE;IACrE,WAAW,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAEzD,iEAAiE;IACjE,cAAc,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,aAAa,EAAE;IAC7D,YAAY,EAAE,EAAE,IAAI,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE;IAClE,mBAAmB,EAAE,EAAE,IAAI,EAAE,eAAe,EAAE,QAAQ,EAAE,aAAa,EAAE;IACvE,uBAAuB,EAAE,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,WAAW,EAAE;IAE9E,iEAAiE;IACjE,YAAY,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE;IACvD,mBAAmB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE;IAE9D,gEAAgE;IAChE,gBAAgB,EAAE,EAAE,IAAI,EAAE,sBAAsB,EAAE,QAAQ,EAAE,aAAa,EAAE;IAC3E,uBAAuB,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAEjE,gEAAgE;IAChE,wBAAwB,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,aAAa,EAAE;IAC1E,uBAAuB,EAAE,EAAE,IAAI,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE;IAC7E,MAAM,EAAE,EAAE,IAAI,EAAE,uBAAuB,EAAE,QAAQ,EAAE,aAAa,EAAE;IAElE,gEAAgE;IAChE,sBAAsB,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE,QAAQ,EAAE,WAAW,EAAE;IAC3E,oBAAoB,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,aAAa,EAAE;IAErE,gEAAgE;IAChE,mBAAmB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,aAAa,EAAE;IAChE,iBAAiB,EAAE,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,aAAa,EAAE;IAC1E,mBAAmB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,aAAa,EAAE;IAEhE,gEAAgE;IAChE,gBAAgB,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE;IAC5D,iBAAiB,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE;IAC7D,oBAAoB,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE;IAClE,kBAAkB,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,WAAW,EAAE;IAE/D,iEAAiE;IACjE,oBAAoB,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,WAAW,EAAE;IACjE,oBAAoB,EAAE,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,WAAW,EAAE;IACxE,aAAa,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE;IACzD,mBAAmB,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE;IAC/D,WAAW,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE;IAErD,gEAAgE;IAChE,mBAAmB,EAAE,EAAE,IAAI,EAAE,eAAe,EAAE,QAAQ,EAAE,gBAAgB,EAAE;IAC1E,cAAc,EAAE,EAAE,IAAI,EAAE,mBAAmB,EAAE,QAAQ,EAAE,gBAAgB,EAAE;IAEzE,gEAAgE;IAChE,qBAAqB,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,aAAa,EAAE;IACtE,cAAc,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,aAAa,EAAE;IAC7D,oBAAoB,EAAE,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,aAAa,EAAE;IAC1E,WAAW,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,aAAa,EAAE;IACvD,iBAAiB,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,aAAa,EAAE;IACpE,eAAe,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE;IACpD,cAAc,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,aAAa,EAAE;IAC7D,aAAa,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,aAAa,EAAE;IAC3D,gBAAgB,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,aAAa,EAAE;IAChE,eAAe,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE;IAE7D,gEAAgE;IAChE,gBAAgB,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,WAAW,EAAE;IAC/D,SAAS,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,WAAW,EAAE;IACjD,iBAAiB,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE;IAE7D,iEAAiE;IACjE,mEAAmE;IACnE,sEAAsE;IACtE,oEAAoE;IACpE,cAAc,EAAE;QACd,IAAI,EAAE,qBAAqB;QAC3B,QAAQ,EAAE,WAAW;QACrB,eAAe,EAAE,KAAK;KACvB;IACD,mBAAmB,EAAE;QACnB,IAAI,EAAE,kBAAkB;QACxB,QAAQ,EAAE,WAAW;QACrB,eAAe,EAAE,KAAK;KACvB;IACD,gCAAgC,EAAE;QAChC,IAAI,EAAE,kBAAkB;QACxB,QAAQ,EAAE,WAAW;QACrB,eAAe,EAAE,KAAK;KACvB;IACD,wBAAwB,EAAE;QACxB,IAAI,EAAE,kBAAkB;QACxB,QAAQ,EAAE,WAAW;QACrB,eAAe,EAAE,KAAK;KACvB;IACD,uBAAuB,EAAE;QACvB,IAAI,EAAE,iBAAiB;QACvB,QAAQ,EAAE,WAAW;QACrB,eAAe,EAAE,KAAK;KACvB;IACD,eAAe,EAAE;QACf,IAAI,EAAE,kBAAkB;QACxB,QAAQ,EAAE,WAAW;QACrB,eAAe,EAAE,KAAK;KACvB;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,cAAc,GAAa;IACtC,oCAAoC;IACpC,qCAAqC;IACrC,0CAA0C;IAC1C,kBAAkB;IAClB,gBAAgB;IAChB,yBAAyB;IACzB,wCAAwC;CACzC,CAAC"}

package/dist/cli.js

@@ -16,11 +16,14 @@ program
     .argument("<url>", "URL of the website to scan")
     .option("-o, --output <dir>", "Output directory for the report", "./gdpr-reports")
     .option("-t, --timeout <ms>", "Navigation timeout in milliseconds", "30000")
-    .option("--no-screenshots", "Disable screenshot capture")
+    .option("--screenshots", "Capture full-page screenshots after reject and accept interactions (the consent modal is always screenshotted when detected)")
     .option("-l, --locale <locale>", "Browser locale for language detection", "fr-FR")
     .option("-v, --verbose", "Show detailed output", false)
     .option("-f, --format <formats>", "Output formats: md, html, json, pdf (comma-separated)", "html")
+    .option("--viewport <preset>", "Viewport preset: desktop (1280×900), tablet (768×1024), mobile (390×844)", "desktop")
     .option("--fail-on <threshold>", "Exit with code 1 if grade is below this letter (A/B/C/D/F) or score is below this number", "F")
+    .option("--json-summary", "Emit a JSON summary line to stdout after the scan (machine-readable)", false)
+    .option("--strict", "Treat unrecognised cookies and unknown third-party requests as requiring consent", false)
     .action(async (url, opts) => {
     console.log();
     console.log(styleText(["bold", "blue"], "  GDPR Cookie Scanner"));
@@ -28,8 +31,15 @@ program
     const normalizedUrl = normalizeUrl(url);
     const hostname = new URL(normalizedUrl).hostname;
     const outputDir = join(resolve(opts.output), hostname);
-    console.log(styleText("gray", `  Target : ${url}`));
-    console.log(styleText("gray", `  Output : ${outputDir}`));
+    const validViewports = new Set(["desktop", "tablet", "mobile"]);
+    const viewport = opts.viewport.toLowerCase();
+    if (!validViewports.has(viewport)) {
+        console.error(styleText("red", "  Invalid --viewport value. Valid options: desktop, tablet, mobile"));
+        process.exit(2);
+    }
+    console.log(styleText("gray", `  Target   : ${url}`));
+    console.log(styleText("gray", `  Output   : ${outputDir}`));
+    console.log(styleText("gray", `  Viewport : ${viewport}`));
     console.log();
     const validFormats = new Set(["md", "html", "json", "pdf"]);
     const formats = opts.format
@@ -44,10 +54,12 @@ program
         url: normalizedUrl,
         outputDir,
         timeout: parseInt(opts.timeout, 10),
-        screenshots: opts.screenshots !== false,
+        screenshots: Boolean(opts.screenshots),
         locale: opts.locale,
         verbose: opts.verbose,
         formats,
+        viewport: viewport,
+        strict: opts.strict,
     };
     const spinner = createSpinner("Launching browser...").start();
     try {
@@ -89,6 +101,27 @@ program
             console.log(styleText("red", `  Failed threshold: score ${result.compliance.total}/100 (grade ${result.compliance.grade}) is below --fail-on ${threshold.toUpperCase()}`));
             console.log();
         }
+        if (opts.jsonSummary) {
+            process.stdout.write(JSON.stringify({
+                url: result.url,
+                scanDate: result.scanDate,
+                score: result.compliance.total,
+                grade: result.compliance.grade,
+                passed: !failed,
+                threshold: threshold.toUpperCase(),
+                breakdown: result.compliance.breakdown,
+                issues: {
+                    total: result.compliance.issues.length,
+                    critical: result.compliance.issues.filter((i) => i.severity === "critical").length,
+                    items: result.compliance.issues.map((i) => ({
+                        type: i.type,
+                        severity: i.severity,
+                        description: i.description,
+                    })),
+                },
+                reportPaths: paths,
+            }) + "\n");
+        }
         process.exit(failed ? 1 : 0);
     }
     catch (err) {