npm - @slashgear/gdpr-cookie-scanner - Versions diffs - 3.6.0 → 3.7.0 - Mend

@slashgear/gdpr-cookie-scanner 3.6.0 → 3.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (113) hide show

package/CHANGELOG.md +44 -0
package/CLAUDE.md +12 -1
package/NEXT_STEPS.md +37 -3
package/README.md +23 -0
package/dist/analyzers/colour.d.ts +36 -0
package/dist/analyzers/colour.d.ts.map +1 -0
package/dist/analyzers/colour.js +75 -0
package/dist/analyzers/colour.js.map +1 -0
package/dist/analyzers/compliance.d.ts.map +1 -1
package/dist/analyzers/compliance.js +24 -6
package/dist/analyzers/compliance.js.map +1 -1
package/dist/analyzers/tcf-decoder.d.ts +9 -0
package/dist/analyzers/tcf-decoder.d.ts.map +1 -0
package/dist/analyzers/tcf-decoder.js +123 -0
package/dist/analyzers/tcf-decoder.js.map +1 -0
package/dist/analyzers/wording.d.ts +1 -0
package/dist/analyzers/wording.d.ts.map +1 -1
package/dist/analyzers/wording.js +39 -0
package/dist/analyzers/wording.js.map +1 -1
package/dist/report/generator.d.ts +1 -0
package/dist/report/generator.d.ts.map +1 -1
package/dist/report/generator.js +71 -1
package/dist/report/generator.js.map +1 -1
package/dist/report/html.d.ts.map +1 -1
package/dist/report/html.js +123 -0
package/dist/report/html.js.map +1 -1
package/dist/scanner/consent-modal.d.ts.map +1 -1
package/dist/scanner/consent-modal.js +4 -2
package/dist/scanner/consent-modal.js.map +1 -1
package/dist/scanner/index.d.ts.map +1 -1
package/dist/scanner/index.js +4 -0
package/dist/scanner/index.js.map +1 -1
package/dist/scanner/tcf.d.ts +9 -0
package/dist/scanner/tcf.d.ts.map +1 -0
package/dist/scanner/tcf.js +72 -0
package/dist/scanner/tcf.js.map +1 -0
package/dist/types.d.ts +26 -0
package/dist/types.d.ts.map +1 -1
package/docs/index.html +37 -49
package/docs/reports/www.arte.tv/after-accept.png +0 -0
package/docs/reports/www.arte.tv/after-reject.png +0 -0
package/docs/reports/www.arte.tv/gdpr-report-arte.tv-2026-02-24.html +997 -0
package/docs/reports/www.deezer.com/after-accept.png +0 -0
package/docs/reports/www.deezer.com/after-reject.png +0 -0
package/docs/reports/www.deezer.com/gdpr-report-deezer.com-2026-02-22.html +1667 -0
package/docs/reports/www.impots.gouv.fr/after-accept.png +0 -0
package/docs/reports/www.impots.gouv.fr/after-reject.png +0 -0
package/docs/reports/www.impots.gouv.fr/gdpr-report-impots.gouv.fr-2026-02-22.html +751 -0
package/docs/reports/www.leboncoin.fr/after-accept.png +0 -0
package/docs/reports/www.leboncoin.fr/after-reject.png +0 -0
package/docs/reports/www.leboncoin.fr/gdpr-report-leboncoin.fr-2026-02-22.html +764 -0
package/docs/reports/www.netflix.com/after-accept.png +0 -0
package/docs/reports/www.netflix.com/after-reject.png +0 -0
package/docs/reports/www.netflix.com/gdpr-report-netflix.com-2026-02-23.html +1050 -0
package/docs/reports/www.radiofrance.fr/after-accept.png +0 -0
package/docs/reports/www.radiofrance.fr/after-reject.png +0 -0
package/docs/reports/www.radiofrance.fr/gdpr-report-radiofrance.fr-2026-02-24.html +1145 -0
package/package.json +1 -1
package/src/analyzers/colour.ts +89 -0
package/src/analyzers/compliance.ts +35 -10
package/src/analyzers/tcf-decoder.ts +130 -0
package/src/analyzers/wording.ts +44 -0
package/src/report/generator.ts +83 -1
package/src/report/html.ts +146 -0
package/src/scanner/consent-modal.ts +3 -1
package/src/scanner/index.ts +5 -0
package/src/scanner/tcf.ts +80 -0
package/src/types.ts +29 -0
package/tests/analyzers/colour.test.ts +187 -0
package/tests/analyzers/compliance.test.ts +102 -0
package/tests/analyzers/tcf-decoder.test.ts +292 -0
package/tests/analyzers/wording.test.ts +38 -0
package/tests/scanner/button-classification.test.ts +32 -0
package/docs/reports/github.com/after-accept.png +0 -0
package/docs/reports/github.com/after-reject.png +0 -0
package/docs/reports/github.com/gdpr-checklist-github.com-2026-02-22.md +0 -44
package/docs/reports/github.com/gdpr-cookies-github.com-2026-02-22.md +0 -29
package/docs/reports/github.com/gdpr-report-github.com-2026-02-22.md +0 -102
package/docs/reports/github.com/gdpr-report-github.com-2026-02-22.pdf +0 -0
package/docs/reports/gitlab.com/after-accept.png +0 -0
package/docs/reports/gitlab.com/after-reject.png +0 -0
package/docs/reports/gitlab.com/gdpr-checklist-gitlab.com-2026-02-22.md +0 -44
package/docs/reports/gitlab.com/gdpr-cookies-gitlab.com-2026-02-22.md +0 -55
package/docs/reports/gitlab.com/gdpr-report-gitlab.com-2026-02-22.md +0 -200
package/docs/reports/gitlab.com/gdpr-report-gitlab.com-2026-02-22.pdf +0 -0
package/docs/reports/gitlab.com/modal-initial.png +0 -0
package/docs/reports/npmjs.com/after-accept.png +0 -0
package/docs/reports/npmjs.com/after-reject.png +0 -0
package/docs/reports/npmjs.com/gdpr-checklist-npmjs.com-2026-02-22.md +0 -44
package/docs/reports/npmjs.com/gdpr-cookies-npmjs.com-2026-02-22.md +0 -25
package/docs/reports/npmjs.com/gdpr-report-npmjs.com-2026-02-22.md +0 -88
package/docs/reports/npmjs.com/gdpr-report-npmjs.com-2026-02-22.pdf +0 -0
package/docs/reports/reddit.com/after-accept.png +0 -0
package/docs/reports/reddit.com/after-reject.png +0 -0
package/docs/reports/reddit.com/gdpr-checklist-reddit.com-2026-02-22.md +0 -44
package/docs/reports/reddit.com/gdpr-cookies-reddit.com-2026-02-22.md +0 -33
package/docs/reports/reddit.com/gdpr-report-reddit.com-2026-02-22.md +0 -148
package/docs/reports/reddit.com/gdpr-report-reddit.com-2026-02-22.pdf +0 -0
package/docs/reports/reddit.com/modal-initial.png +0 -0
package/docs/reports/stackoverflow.com/after-accept.png +0 -0
package/docs/reports/stackoverflow.com/after-reject.png +0 -0
package/docs/reports/stackoverflow.com/gdpr-checklist-stackoverflow.com-2026-02-22.md +0 -44
package/docs/reports/stackoverflow.com/gdpr-cookies-stackoverflow.com-2026-02-22.md +0 -67
package/docs/reports/stackoverflow.com/gdpr-report-stackoverflow.com-2026-02-22.md +0 -206
package/docs/reports/stackoverflow.com/gdpr-report-stackoverflow.com-2026-02-22.pdf +0 -0
package/docs/reports/stackoverflow.com/modal-initial.png +0 -0
package/docs/reports/www.afp.com/after-accept.png +0 -0
package/docs/reports/www.afp.com/after-reject.png +0 -0
package/docs/reports/www.afp.com/gdpr-checklist-afp.com-2026-02-22.md +0 -44
package/docs/reports/www.afp.com/gdpr-cookies-afp.com-2026-02-22.md +0 -42
package/docs/reports/www.afp.com/gdpr-report-afp.com-2026-02-22.md +0 -202
package/docs/reports/www.afp.com/gdpr-report-afp.com-2026-02-22.pdf +0 -0
package/docs/reports/www.afp.com/modal-initial.png +0 -0

package/docs/reports/gitlab.com/gdpr-cookies-gitlab.com-2026-02-22.md DELETED Viewed

@@ -1,55 +0,0 @@
-# Cookie Inventory — gitlab.com
-> **Scan date:** 22/02/2026, 19:20:20
-> **Scanned URL:** https://gitlab.com
-> **Unique cookies detected:** 32
-## Instructions
-This table lists all cookies detected during the scan, across all phases.
-The **Description / Purpose** column is to be filled in by the DPO or technical owner.
-- **Before consent** — cookie present from page load, before any interaction
-- **After acceptance** — cookie set or persisting after clicking "Accept all"
-- **After rejection** — cookie present after clicking "Reject all"
-## Cookie table
-| Cookie                       | Domain            | Category    | Phases                                            | Expiry    | Consent required | Description / Purpose |
-| ---------------------------- | ----------------- | ----------- | ------------------------------------------------- | --------- | ---------------- | --------------------- |
-| `_ga`                        | .gitlab.com       | Analytics   | after acceptance                                  | 13 months | ⚠️ Yes           | <!-- fill in -->      |
-| `_ga_ENFH3X7M5Y`             | .gitlab.com       | Analytics   | after acceptance                                  | 13 months | ⚠️ Yes           | <!-- fill in -->      |
-| `_ga_EVTFNG2S5Z`             | .gitlab.com       | Analytics   | after acceptance                                  | 13 months | ⚠️ Yes           | <!-- fill in -->      |
-| `_fbp`                       | .gitlab.com       | Advertising | after acceptance                                  | 3 months  | ⚠️ Yes           | <!-- fill in -->      |
-| `IDE`                        | .doubleclick.net  | Advertising | after acceptance                                  | 13 months | ⚠️ Yes           | <!-- fill in -->      |
-| `__cf_bm`                    | .gitlab.com       | Unknown     | before consent, after acceptance, after rejection | < 1 day   | ✅ No            | <!-- fill in -->      |
-| `_biz_flagsA`                | .gitlab.com       | Unknown     | after acceptance                                  | 12 months | ✅ No            | <!-- fill in -->      |
-| `_biz_nA`                    | .gitlab.com       | Unknown     | after acceptance                                  | 12 months | ✅ No            | <!-- fill in -->      |
-| `_biz_pendingA`              | .gitlab.com       | Unknown     | after acceptance                                  | 12 months | ✅ No            | <!-- fill in -->      |
-| `_biz_uid`                   | .gitlab.com       | Unknown     | after acceptance                                  | 12 months | ✅ No            | <!-- fill in -->      |
-| `_BUID`                      | .bizible.com      | Unknown     | after acceptance                                  | 12 months | ✅ No            | <!-- fill in -->      |
-| `_cfuvid`                    | .gitlab.com       | Unknown     | before consent, after acceptance, after rejection | Session   | ✅ No            | <!-- fill in -->      |
-| `_dcid`                      | .gitlab.com       | Unknown     | after acceptance                                  | 13 months | ✅ No            | <!-- fill in -->      |
-| `_gcl_au`                    | .gitlab.com       | Unknown     | after acceptance                                  | 3 months  | ✅ No            | <!-- fill in -->      |
-| `_gtmeec`                    | .gitlab.com       | Unknown     | after acceptance                                  | 3 months  | ✅ No            | <!-- fill in -->      |
-| `_sp_id.6b85`                | .gitlab.com       | Unknown     | after acceptance                                  | 13 months | ✅ No            | <!-- fill in -->      |
-| `_sp_ses.6b85`               | .gitlab.com       | Unknown     | after acceptance                                  | < 1 day   | ✅ No            | <!-- fill in -->      |
-| `FPAU`                       | .gitlab.com       | Unknown     | after acceptance                                  | 3 months  | ⚠️ Yes           | <!-- fill in -->      |
-| `FPGSID`                     | .gitlab.com       | Unknown     | after acceptance                                  | < 1 day   | ✅ No            | <!-- fill in -->      |
-| `mutiny.optIn`               | .gitlab.com       | Unknown     | after acceptance                                  | 13 months | ✅ No            | <!-- fill in -->      |
-| `mutiny.optIn`               | .about.gitlab.com | Unknown     | after acceptance                                  | 13 months | ✅ No            | <!-- fill in -->      |
-| `mutiny.optOut`              | .gitlab.com       | Unknown     | after acceptance                                  | 13 months | ✅ No            | <!-- fill in -->      |
-| `mutiny.optOut`              | .about.gitlab.com | Unknown     | after acceptance                                  | 13 months | ✅ No            | <!-- fill in -->      |
-| `mutiny.user.session`        | .gitlab.com       | Unknown     | after acceptance                                  | < 1 day   | ✅ No            | <!-- fill in -->      |
-| `mutiny.user.session`        | .about.gitlab.com | Unknown     | after acceptance                                  | < 1 day   | ✅ No            | <!-- fill in -->      |
-| `mutiny.user.session_number` | .gitlab.com       | Unknown     | after acceptance                                  | < 1 day   | ✅ No            | <!-- fill in -->      |
-| `mutiny.user.session_number` | .about.gitlab.com | Unknown     | after acceptance                                  | < 1 day   | ✅ No            | <!-- fill in -->      |
-| `mutiny.user.token`          | .gitlab.com       | Unknown     | after acceptance                                  | 13 months | ✅ No            | <!-- fill in -->      |
-| `mutiny.user.token`          | .about.gitlab.com | Unknown     | after acceptance                                  | 13 months | ✅ No            | <!-- fill in -->      |
-| `OptanonAlertBoxClosed`      | .gitlab.com       | Unknown     | after acceptance, after rejection                 | 12 months | ✅ No            | <!-- fill in -->      |
-| `OptanonConsent`             | .gitlab.com       | Unknown     | before consent, after acceptance, after rejection | 12 months | ✅ No            | <!-- fill in -->      |
-| `sa-userid`                  | .gitlab.com       | Unknown     | after acceptance                                  | 12 months | ✅ No            | <!-- fill in -->      |
----
-_Automatically generated by gdpr-cookie-scanner. Categories marked "Unknown" could not be identified automatically and should be verified manually._

package/docs/reports/gitlab.com/gdpr-report-gitlab.com-2026-02-22.md DELETED Viewed

@@ -1,200 +0,0 @@
-# GDPR Compliance Report — gitlab.com
-> **Scan date:** 22/02/2026, 19:20:20
-> **Scanned URL:** https://gitlab.com
-> **Scan duration:** 15.9s
-> **Tool:** gdpr-cookie-scanner v0.1.0
-## Global Compliance Score
-### 🔴 50/100 — Grade D
-| Criterion        | Score      | Progress   | Status |
-| ---------------- | ---------- | ---------- | ------ |
-| Consent validity | 10/25      | ████░░░░░░ | ❌     |
-| Easy refusal     | 25/25      | ██████████ | ✅     |
-| Transparency     | 0/25       | ░░░░░░░░░░ | ❌     |
-| Cookie behavior  | 15/25      | ██████░░░░ | ⚠️     |
-| **TOTAL**        | **50/100** |            | **D**  |
-## Executive Summary
-✅ Consent modal detected (`#onetrust-banner-sdk`).
-✅ No non-essential cookie set before interaction.
-✅ Non-essential cookies are correctly removed after rejection.
-❌ **11 tracker request(s)** fired before consent.
-**1 critical issue(s)** and **5 warning(s)** identified.
-## 1. Consent Modal
-**CSS selector:** `#onetrust-banner-sdk`
-**Granular controls:** ❌ No
-**Layer count:** 1
-**Privacy policy link:** ⚠️ Not found in the modal
-### Detected buttons
-| Button     | Text               | Visible | Font size | Contrast ratio |
-| ---------- | ------------------ | ------- | --------- | -------------- |
-| ❓ Unknown | Cookies Settings   | ✅      | 13.008px  | 5.26:1         |
-| 🔴 Reject  | Reject All         | ✅      | 13.008px  | 18.24:1        |
-| 🟢 Accept  | Accept All Cookies | ✅      | 13.008px  | 18.24:1        |
-### Comparative analysis: Accept / Reject
-✅ Accept / Reject button sizes are comparable.
-### Screenshot
-![Consent modal](modal-initial.png)
-### Modal text excerpt
-> This website uses cookiesWe use cookies to make our websites and services operate correctly, to understand how visitors engage with us and to improve our product and marketing efforts. See our cookie policy for more information.Cookie PolicyCookies Settings Reject All Accept All Cookies
-## 2. Dark Patterns and Detected Issues
-### ❌ Critical issues
-**11 tracker request(s) fired before any consent**
-> Google Tag Manager, Google AdSense, Tracking Pixel
-### ⚠️ Warnings
-**Missing required information: "purposes"**
-> The consent text does not mention purposes
-**Missing required information: "third-parties"**
-> The consent text does not mention third-parties
-**Missing required information: "withdrawal"**
-> The consent text does not mention withdrawal
-**No privacy policy link found in the consent modal**
-> GDPR Art. 13 requires the privacy policy to be accessible from the consent interface
-**No privacy policy link found on the page**
-> A privacy policy must be accessible from every page (GDPR Art. 13)
-## 3. Cookies Set Before Any Interaction
-| Name             | Domain      | Category | Expiry    | Consent required |
-| ---------------- | ----------- | -------- | --------- | ---------------- |
-| `__cf_bm`        | .gitlab.com | unknown  | < 1 day   | ✅ No            |
-| `_cfuvid`        | .gitlab.com | unknown  | Session   | ✅ No            |
-| `OptanonConsent` | .gitlab.com | unknown  | 12 months | ✅ No            |
-## 4. Cookies After Consent Rejection
-✅ No non-essential cookie detected after rejection.
-| Name                    | Domain      | Category | Expiry    | Consent required |
-| ----------------------- | ----------- | -------- | --------- | ---------------- |
-| `__cf_bm`               | .gitlab.com | unknown  | < 1 day   | ✅ No            |
-| `_cfuvid`               | .gitlab.com | unknown  | Session   | ✅ No            |
-| `OptanonAlertBoxClosed` | .gitlab.com | unknown  | 12 months | ✅ No            |
-| `OptanonConsent`        | .gitlab.com | unknown  | 12 months | ✅ No            |
-## 5. Cookies After Consent Acceptance
-| Name                         | Domain            | Category    | Expiry    | Consent required |
-| ---------------------------- | ----------------- | ----------- | --------- | ---------------- |
-| `__cf_bm`                    | .gitlab.com       | unknown     | < 1 day   | ✅ No            |
-| `_cfuvid`                    | .gitlab.com       | unknown     | Session   | ✅ No            |
-| `OptanonAlertBoxClosed`      | .gitlab.com       | unknown     | 12 months | ✅ No            |
-| `_gcl_au`                    | .gitlab.com       | unknown     | 3 months  | ✅ No            |
-| `_ga`                        | .gitlab.com       | analytics   | 13 months | ⚠️ Yes           |
-| `_ga_EVTFNG2S5Z`             | .gitlab.com       | analytics   | 13 months | ⚠️ Yes           |
-| `_ga_ENFH3X7M5Y`             | .gitlab.com       | analytics   | 13 months | ⚠️ Yes           |
-| `FPGSID`                     | .gitlab.com       | unknown     | < 1 day   | ✅ No            |
-| `FPAU`                       | .gitlab.com       | unknown     | 3 months  | ⚠️ Yes           |
-| `_sp_ses.6b85`               | .gitlab.com       | unknown     | < 1 day   | ✅ No            |
-| `_sp_id.6b85`                | .gitlab.com       | unknown     | 13 months | ✅ No            |
-| `_biz_uid`                   | .gitlab.com       | unknown     | 12 months | ✅ No            |
-| `_biz_nA`                    | .gitlab.com       | unknown     | 12 months | ✅ No            |
-| `mutiny.user.token`          | .gitlab.com       | unknown     | 13 months | ✅ No            |
-| `mutiny.user.token`          | .about.gitlab.com | unknown     | 13 months | ✅ No            |
-| `mutiny.user.session`        | .gitlab.com       | unknown     | < 1 day   | ✅ No            |
-| `mutiny.user.session`        | .about.gitlab.com | unknown     | < 1 day   | ✅ No            |
-| `_BUID`                      | .bizible.com      | unknown     | 12 months | ✅ No            |
-| `_biz_pendingA`              | .gitlab.com       | unknown     | 12 months | ✅ No            |
-| `mutiny.user.session_number` | .gitlab.com       | unknown     | < 1 day   | ✅ No            |
-| `mutiny.user.session_number` | .about.gitlab.com | unknown     | < 1 day   | ✅ No            |
-| `mutiny.optOut`              | .gitlab.com       | unknown     | 13 months | ✅ No            |
-| `mutiny.optOut`              | .about.gitlab.com | unknown     | 13 months | ✅ No            |
-| `mutiny.optIn`               | .gitlab.com       | unknown     | 13 months | ✅ No            |
-| `mutiny.optIn`               | .about.gitlab.com | unknown     | 13 months | ✅ No            |
-| `_fbp`                       | .gitlab.com       | advertising | 3 months  | ⚠️ Yes           |
-| `_gtmeec`                    | .gitlab.com       | unknown     | 3 months  | ✅ No            |
-| `IDE`                        | .doubleclick.net  | advertising | 13 months | ⚠️ Yes           |
-| `_biz_flagsA`                | .gitlab.com       | unknown     | 12 months | ✅ No            |
-| `_dcid`                      | .gitlab.com       | unknown     | 13 months | ✅ No            |
-| `sa-userid`                  | .gitlab.com       | unknown     | 12 months | ✅ No            |
-| `OptanonConsent`             | .gitlab.com       | unknown     | 12 months | ✅ No            |
-## 6. Network Requests — Detected Trackers
-### Before interaction (11 tracker(s))
-| Tracker            | Category    | URL                                                            | Type     |
-| ------------------ | ----------- | -------------------------------------------------------------- | -------- |
-| Google Tag Manager | analytics   | `https://www.googletagmanager.com/gtm.js?id=GTM-NJXWQL`        | script   |
-| Google Tag Manager | analytics   | `https://www.googletagmanager.com/gtag/js?id=AW-1097398738...` | script   |
-| Google Tag Manager | analytics   | `https://www.googletagmanager.com/gtag/js?id=G-ENFH3X7M5Y&...` | script   |
-| Google Tag Manager | analytics   | `https://www.googletagmanager.com/gtag/js?id=G-EVTFNG2S5Z&...` | script   |
-| Google AdSense     | advertising | `https://pagead2.googlesyndication.com/pagead/conversion/1...` | fetch    |
-| Tracking Pixel     | pixel       | `https://analytics.gitlab.com/g/collect?v=2&tid=G-ENFH3X7M...` | fetch    |
-| Tracking Pixel     | pixel       | `https://analytics.gitlab.com/g/collect?v=2&tid=G-EVTFNG2S...` | fetch    |
-| Google AdSense     | advertising | `https://pagead2.googlesyndication.com/ccm/collect?frm=0&e...` | fetch    |
-| Google AdSense     | advertising | `https://pagead2.googlesyndication.com/ccm/collect?frm=0&e...` | fetch    |
-| Google AdSense     | advertising | `https://pagead2.googlesyndication.com/ccm/collect?frm=0&d...` | fetch    |
-| Google Tag Manager | analytics   | `https://www.googletagmanager.com/static/service_worker/62...` | document |
-### After acceptance (25 tracker(s))
-| Tracker            | Category    | URL                                                            | Type     |
-| ------------------ | ----------- | -------------------------------------------------------------- | -------- |
-| Google Tag Manager | analytics   | `https://www.googletagmanager.com/gtm.js?id=GTM-NJXWQL`        | script   |
-| Google Tag Manager | analytics   | `https://www.googletagmanager.com/gtag/js?id=AW-1097398738...` | script   |
-| Google Tag Manager | analytics   | `https://www.googletagmanager.com/gtag/js?id=G-ENFH3X7M5Y&...` | script   |
-| Google Tag Manager | analytics   | `https://www.googletagmanager.com/gtag/js?id=G-EVTFNG2S5Z&...` | script   |
-| Tracking Pixel     | pixel       | `https://analytics.gitlab.com/g/collect?v=2&tid=G-EVTFNG2S...` | fetch    |
-| Google AdSense     | advertising | `https://pagead2.googlesyndication.com/pagead/conversion/1...` | fetch    |
-| Tracking Pixel     | pixel       | `https://analytics.gitlab.com/g/collect?v=2&tid=G-ENFH3X7M...` | fetch    |
-| Google Tag Manager | analytics   | `https://www.googletagmanager.com/static/service_worker/62...` | document |
-| Google AdSense     | advertising | `https://pagead2.googlesyndication.com/ccm/collect?frm=0&e...` | fetch    |
-| Google AdSense     | advertising | `https://pagead2.googlesyndication.com/ccm/collect?frm=0&e...` | fetch    |
-| Google AdSense     | advertising | `https://pagead2.googlesyndication.com/ccm/collect?frm=0&d...` | fetch    |
-| Tracking Pixel     | pixel       | `https://analytics.gitlab.com/g/collect?v=2&tid=G-EVTFNG2S...` | fetch    |
-| Google DoubleClick | advertising | `https://googleads.g.doubleclick.net/pagead/viewthroughcon...` | script   |
-| Google DoubleClick | advertising | `https://googleads.g.doubleclick.net/pagead/viewthroughcon...` | script   |
-| Google Ad Services | advertising | `https://www.googleadservices.com/pagead/conversion/109739...` | fetch    |
-| Tracking Pixel     | pixel       | `https://analytics.gitlab.com/g/collect?v=2&tid=G-ENFH3X7M...` | fetch    |
-| Tracking Pixel     | pixel       | `https://analytics.gitlab.com/g/collect?v=2&tid=G-EVTFNG2S...` | fetch    |
-| Tracking Pixel     | pixel       | `https://analytics.gitlab.com/g/collect?v=2&tid=G-ENFH3X7M...` | fetch    |
-| Tracking Pixel     | pixel       | `https://www.google.com/ccm/collect?frm=0&en=consent_updat...` | fetch    |
-| Tracking Pixel     | pixel       | `https://analytics.gitlab.com/data?v=2&event=page_view&dtd...` | image    |
-_... and 5 additional request(s)._
-## 7. Recommendations
-1. **Do not set any non-essential cookie before consent.** Gate the initialisation of third-party scripts on acceptance.
-1. **Complete the modal information**: purposes, identity of sub-processors, retention period, right to withdraw.
-## Legal References
-- **RGPD Art. 7** — Conditions for consent
-- **RGPD Recital 32** — Consent must result from an unambiguous positive action
-- **ePrivacy Directive 2002/58/EC** — Consent requirement for non-essential cookies
-- **CEPD Guidelines 05/2020** — Consent under the RGPD
-- **CEPD Guidelines 03/2022** — Dark patterns on platforms
-- **CNIL Recommendation 2022** — Rejection must be as easy as acceptance (same number of clicks)

package/docs/reports/gitlab.com/gdpr-report-gitlab.com-2026-02-22.pdf DELETED Viewed

Binary file

package/docs/reports/gitlab.com/modal-initial.png DELETED Viewed

Binary file

package/docs/reports/npmjs.com/after-accept.png DELETED Viewed

Binary file

package/docs/reports/npmjs.com/after-reject.png DELETED Viewed

Binary file

package/docs/reports/npmjs.com/gdpr-checklist-npmjs.com-2026-02-22.md DELETED Viewed

@@ -1,44 +0,0 @@
-# GDPR Compliance Checklist — npmjs.com
-> **Scan date:** 22/02/2026, 19:25:09
-> **Scanned URL:** https://npmjs.com
-> **Global score:** 25/100 — Grade **F**
-**5 rule(s) compliant** · **11 non-compliant** · **1 warning(s)**
-## Consent
-| Rule                               | Reference                                                                                                                                           | Status           | Detail                          |
-| ---------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | ------------------------------- |
-| Consent modal detected             | [GDPR Art. 7](https://gdpr-info.eu/art-7-gdpr/) · [ePrivacy Dir. Art. 5(3)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058) | ❌ Non-compliant | No consent banner detected      |
-| No pre-ticked checkboxes           | [GDPR Recital 32](https://gdpr-info.eu/recitals/no-32/)                                                                                             | ✅ Compliant     | No pre-ticked checkbox detected |
-| Accept button label is unambiguous | [GDPR Art. 4(11)](https://gdpr-info.eu/art-4-gdpr/)                                                                                                 | ✅ Compliant     | Modal not detected              |
-## Easy refusal
-| Rule                                             | Reference                                                                                                                                                      | Status           | Detail             |
-| ------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | ------------------ |
-| Reject button present at first layer             | [CNIL Recommendation 2022](https://www.cnil.fr/fr/cookies-et-autres-traceurs/regles/cookies)                                                                   | ❌ Non-compliant | Modal not detected |
-| Rejecting requires no more clicks than accepting | [CNIL Recommendation 2022](https://www.cnil.fr/fr/cookies-et-autres-traceurs/regles/cookies)                                                                   | ❌ Non-compliant | Modal not detected |
-| Size symmetry between Accept and Reject          | [EDPB Guidelines 03/2022](https://www.edpb.europa.eu/system/files/2022-03/edpb_03-2022_guidelines_on_dark_patterns_in_social_media_platform_interfaces_en.pdf) | ❌ Non-compliant | Modal not detected |
-| Font symmetry between Accept and Reject          | [EDPB Guidelines 03/2022](https://www.edpb.europa.eu/system/files/2022-03/edpb_03-2022_guidelines_on_dark_patterns_in_social_media_platform_interfaces_en.pdf) | ❌ Non-compliant | Modal not detected |
-## Transparency
-| Rule                                             | Reference                                                                                                                                       | Status           | Detail                                        |
-| ------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | --------------------------------------------- |
-| Granular controls available                      | [EDPB Guidelines 05/2020](https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-052020-consent-under-regulation-2016679_en) | ❌ Non-compliant | Modal not detected                            |
-| Processing purposes mentioned                    | [GDPR Art. 13-14](https://gdpr-info.eu/art-13-gdpr/)                                                                                            | ❌ Non-compliant | Modal not detected                            |
-| Sub-processors / third parties mentioned         | [GDPR Art. 13-14](https://gdpr-info.eu/art-13-gdpr/)                                                                                            | ❌ Non-compliant | Modal not detected                            |
-| Retention period mentioned                       | [GDPR Art. 13(2)(a)](https://gdpr-info.eu/art-13-gdpr/)                                                                                         | ❌ Non-compliant | Modal not detected                            |
-| Right to withdraw consent mentioned              | [GDPR Art. 7(3)](https://gdpr-info.eu/art-7-gdpr/)                                                                                              | ❌ Non-compliant | Modal not detected                            |
-| Privacy policy link present in the consent modal | [GDPR Art. 13](https://gdpr-info.eu/art-13-gdpr/)                                                                                               | ❌ Non-compliant | Modal not detected                            |
-| Privacy policy accessible from the main page     | [GDPR Art. 13](https://gdpr-info.eu/art-13-gdpr/)                                                                                               | ⚠️ Warning       | No privacy policy link found on the main page |
-## Cookie behavior
-| Rule                                          | Reference                                                                                                                                           | Status       | Detail                                             |
-| --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------- |
-| No non-essential cookie before consent        | [GDPR Art. 7](https://gdpr-info.eu/art-7-gdpr/) · [ePrivacy Dir. Art. 5(3)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058) | ✅ Compliant | No non-essential cookie set before interaction     |
-| Non-essential cookies removed after rejection | [GDPR Art. 7](https://gdpr-info.eu/art-7-gdpr/) · [CNIL Recommendation 2022](https://www.cnil.fr/fr/cookies-et-autres-traceurs/regles/cookies)      | ✅ Compliant | No non-essential cookie persisting after rejection |
-| No network tracker before consent             | [GDPR Art. 7](https://gdpr-info.eu/art-7-gdpr/) · [ePrivacy Dir. Art. 5(3)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058) | ✅ Compliant | No tracker request fired before interaction        |

package/docs/reports/npmjs.com/gdpr-cookies-npmjs.com-2026-02-22.md DELETED Viewed

@@ -1,25 +0,0 @@
-# Cookie Inventory — npmjs.com
-> **Scan date:** 22/02/2026, 19:25:09
-> **Scanned URL:** https://npmjs.com
-> **Unique cookies detected:** 2
-## Instructions
-This table lists all cookies detected during the scan, across all phases.
-The **Description / Purpose** column is to be filled in by the DPO or technical owner.
-- **Before consent** — cookie present from page load, before any interaction
-- **After acceptance** — cookie set or persisting after clicking "Accept all"
-- **After rejection** — cookie present after clicking "Reject all"
-## Cookie table
-| Cookie    | Domain     | Category | Phases         | Expiry  | Consent required | Description / Purpose |
-| --------- | ---------- | -------- | -------------- | ------- | ---------------- | --------------------- |
-| `__cf_bm` | .npmjs.com | Unknown  | before consent | < 1 day | ✅ No            | <!-- fill in -->      |
-| `_cfuvid` | .npmjs.com | Unknown  | before consent | Session | ✅ No            | <!-- fill in -->      |
----
-_Automatically generated by gdpr-cookie-scanner. Categories marked "Unknown" could not be identified automatically and should be verified manually._

package/docs/reports/npmjs.com/gdpr-report-npmjs.com-2026-02-22.md DELETED Viewed

@@ -1,88 +0,0 @@
-# GDPR Compliance Report — npmjs.com
-> **Scan date:** 22/02/2026, 19:25:09
-> **Scanned URL:** https://npmjs.com
-> **Scan duration:** 7.1s
-> **Tool:** gdpr-cookie-scanner v0.1.0
-## Global Compliance Score
-### 🔴 25/100 — Grade F
-| Criterion        | Score      | Progress   | Status |
-| ---------------- | ---------- | ---------- | ------ |
-| Consent validity | 0/25       | ░░░░░░░░░░ | ❌     |
-| Easy refusal     | 0/25       | ░░░░░░░░░░ | ❌     |
-| Transparency     | 0/25       | ░░░░░░░░░░ | ❌     |
-| Cookie behavior  | 25/25      | ██████████ | ✅     |
-| **TOTAL**        | **25/100** |            | **F**  |
-## Executive Summary
-❌ **No consent modal detected.** The site sets cookies without requesting consent.
-✅ No non-essential cookie set before interaction.
-✅ Non-essential cookies are correctly removed after rejection.
-✅ No tracker requests before consent.
-**1 critical issue(s)** and **1 warning(s)** identified.
-## 1. Consent Modal
-_No consent modal detected on the page._
-## 2. Dark Patterns and Detected Issues
-### ❌ Critical issues
-**No cookie consent modal detected**
-> A consent mechanism is required before depositing non-essential cookies
-### ⚠️ Warnings
-**No privacy policy link found on the page**
-> A privacy policy must be accessible from every page (GDPR Art. 13)
-## 3. Cookies Set Before Any Interaction
-| Name      | Domain     | Category | Expiry  | Consent required |
-| --------- | ---------- | -------- | ------- | ---------------- |
-| `__cf_bm` | .npmjs.com | unknown  | < 1 day | ✅ No            |
-| `_cfuvid` | .npmjs.com | unknown  | Session | ✅ No            |
-## 4. Cookies After Consent Rejection
-✅ No non-essential cookie detected after rejection.
-_No cookies detected._
-## 5. Cookies After Consent Acceptance
-_No cookies detected._
-## 6. Network Requests — Detected Trackers
-_No known network tracker detected._
-## 7. Recommendations
-1. **Deploy a CMP solution** (e.g. Axeptio, Didomi, OneTrust, Cookiebot) that displays a consent modal before any non-essential cookie.
-1. **Add a "Reject all" button** at the first layer of the modal, requiring no more clicks than "Accept all" (CNIL 2022).
-1. **Complete the modal information**: purposes, identity of sub-processors, retention period, right to withdraw.
-## Scan Errors and Warnings
-- ⚠️ No reject button found — could not test rejection flow
-- ⚠️ No accept button found — could not test acceptance flow
-## Legal References
-- **RGPD Art. 7** — Conditions for consent
-- **RGPD Recital 32** — Consent must result from an unambiguous positive action
-- **ePrivacy Directive 2002/58/EC** — Consent requirement for non-essential cookies
-- **CEPD Guidelines 05/2020** — Consent under the RGPD
-- **CEPD Guidelines 03/2022** — Dark patterns on platforms
-- **CNIL Recommendation 2022** — Rejection must be as easy as acceptance (same number of clicks)

package/docs/reports/npmjs.com/gdpr-report-npmjs.com-2026-02-22.pdf DELETED Viewed

Binary file

package/docs/reports/reddit.com/after-accept.png DELETED Viewed

Binary file

package/docs/reports/reddit.com/after-reject.png DELETED Viewed

Binary file

package/docs/reports/reddit.com/gdpr-checklist-reddit.com-2026-02-22.md DELETED Viewed

@@ -1,44 +0,0 @@
-# GDPR Compliance Checklist — reddit.com
-> **Scan date:** 22/02/2026, 19:17:05
-> **Scanned URL:** https://reddit.com
-> **Global score:** 34/100 — Grade **F**
-**9 rule(s) compliant** · **3 non-compliant** · **5 warning(s)**
-## Consent
-| Rule                               | Reference                                                                                                                                           | Status       | Detail                                 |
-| ---------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------- |
-| Consent modal detected             | [GDPR Art. 7](https://gdpr-info.eu/art-7-gdpr/) · [ePrivacy Dir. Art. 5(3)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058) | ✅ Compliant | Detected (`[aria-label*='consent' i]`) |
-| No pre-ticked checkboxes           | [GDPR Recital 32](https://gdpr-info.eu/recitals/no-32/)                                                                                             | ✅ Compliant | No pre-ticked checkbox detected        |
-| Accept button label is unambiguous | [GDPR Art. 4(11)](https://gdpr-info.eu/art-4-gdpr/)                                                                                                 | ✅ Compliant | No Accept button detected              |
-## Easy refusal
-| Rule                                             | Reference                                                                                                                                                      | Status           | Detail                          |
-| ------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | ------------------------------- |
-| Reject button present at first layer             | [CNIL Recommendation 2022](https://www.cnil.fr/fr/cookies-et-autres-traceurs/regles/cookies)                                                                   | ❌ Non-compliant | No Reject button at first layer |
-| Rejecting requires no more clicks than accepting | [CNIL Recommendation 2022](https://www.cnil.fr/fr/cookies-et-autres-traceurs/regles/cookies)                                                                   | ✅ Compliant     | Cannot verify (missing buttons) |
-| Size symmetry between Accept and Reject          | [EDPB Guidelines 03/2022](https://www.edpb.europa.eu/system/files/2022-03/edpb_03-2022_guidelines_on_dark_patterns_in_social_media_platform_interfaces_en.pdf) | ✅ Compliant     | Button sizes are comparable     |
-| Font symmetry between Accept and Reject          | [EDPB Guidelines 03/2022](https://www.edpb.europa.eu/system/files/2022-03/edpb_03-2022_guidelines_on_dark_patterns_in_social_media_platform_interfaces_en.pdf) | ✅ Compliant     | Font sizes are comparable       |
-## Transparency
-| Rule                                             | Reference                                                                                                                                       | Status       | Detail                                                     |
-| ------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------- |
-| Granular controls available                      | [EDPB Guidelines 05/2020](https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-052020-consent-under-regulation-2016679_en) | ⚠️ Warning   | No granular controls (checkboxes or panel) detected        |
-| Processing purposes mentioned                    | [GDPR Art. 13-14](https://gdpr-info.eu/art-13-gdpr/)                                                                                            | ⚠️ Warning   | Information absent from the modal text                     |
-| Sub-processors / third parties mentioned         | [GDPR Art. 13-14](https://gdpr-info.eu/art-13-gdpr/)                                                                                            | ⚠️ Warning   | Information absent from the modal text                     |
-| Retention period mentioned                       | [GDPR Art. 13(2)(a)](https://gdpr-info.eu/art-13-gdpr/)                                                                                         | ⚠️ Warning   | Information absent from the modal text                     |
-| Right to withdraw consent mentioned              | [GDPR Art. 7(3)](https://gdpr-info.eu/art-7-gdpr/)                                                                                              | ⚠️ Warning   | Information absent from the modal text                     |
-| Privacy policy link present in the consent modal | [GDPR Art. 13](https://gdpr-info.eu/art-13-gdpr/)                                                                                               | ✅ Compliant | Link found: https://www.reddit.com/policies/privacy-policy |
-| Privacy policy accessible from the main page     | [GDPR Art. 13](https://gdpr-info.eu/art-13-gdpr/)                                                                                               | ✅ Compliant | Link found: https://www.reddit.com/policies/privacy-policy |
-## Cookie behavior
-| Rule                                          | Reference                                                                                                                                           | Status           | Detail                                                 |
-| --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | ------------------------------------------------------ |
-| No non-essential cookie before consent        | [GDPR Art. 7](https://gdpr-info.eu/art-7-gdpr/) · [ePrivacy Dir. Art. 5(3)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058) | ❌ Non-compliant | 2 illegal cookie(s): `loid` (unknown), `csv` (unknown) |
-| Non-essential cookies removed after rejection | [GDPR Art. 7](https://gdpr-info.eu/art-7-gdpr/) · [CNIL Recommendation 2022](https://www.cnil.fr/fr/cookies-et-autres-traceurs/regles/cookies)      | ✅ Compliant     | No non-essential cookie persisting after rejection     |
-| No network tracker before consent             | [GDPR Art. 7](https://gdpr-info.eu/art-7-gdpr/) · [ePrivacy Dir. Art. 5(3)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058) | ❌ Non-compliant | 3 tracker(s): Tracking Pixel (image)                   |

package/docs/reports/reddit.com/gdpr-cookies-reddit.com-2026-02-22.md DELETED Viewed

@@ -1,33 +0,0 @@
-# Cookie Inventory — reddit.com
-> **Scan date:** 22/02/2026, 19:17:05
-> **Scanned URL:** https://reddit.com
-> **Unique cookies detected:** 10
-## Instructions
-This table lists all cookies detected during the scan, across all phases.
-The **Description / Purpose** column is to be filled in by the DPO or technical owner.
-- **Before consent** — cookie present from page load, before any interaction
-- **After acceptance** — cookie set or persisting after clicking "Accept all"
-- **After rejection** — cookie present after clicking "Reject all"
-## Cookie table
-| Cookie                      | Domain                   | Category           | Phases         | Expiry    | Consent required | Description / Purpose |
-| --------------------------- | ------------------------ | ------------------ | -------------- | --------- | ---------------- | --------------------- |
-| `csrf_token`                | .reddit.com              | Strictly necessary | before consent | Session   | ✅ No            | <!-- fill in -->      |
-| `__cf_bm`                   | .emoji.redditmedia.com   | Unknown            | before consent | < 1 day   | ✅ No            | <!-- fill in -->      |
-| `__cf_bm`                   | .w3-reporting.reddit.com | Unknown            | before consent | < 1 day   | ✅ No            | <!-- fill in -->      |
-| `_GRECAPTCHA`               | www.google.com           | Unknown            | before consent | 6 months  | ✅ No            | <!-- fill in -->      |
-| `csv`                       | .reddit.com              | Unknown            | before consent | 13 months | ⚠️ Yes           | <!-- fill in -->      |
-| `edgebucket`                | .reddit.com              | Unknown            | before consent | 13 months | ✅ No            | <!-- fill in -->      |
-| `loid`                      | .reddit.com              | Unknown            | before consent | 13 months | ⚠️ Yes           | <!-- fill in -->      |
-| `reddit_translation_status` | www.reddit.com           | Unknown            | before consent | 12 months | ✅ No            | <!-- fill in -->      |
-| `session_tracker`           | .reddit.com              | Unknown            | before consent | Session   | ✅ No            | <!-- fill in -->      |
-| `token_v2`                  | .reddit.com              | Unknown            | before consent | 1 days    | ✅ No            | <!-- fill in -->      |
----
-_Automatically generated by gdpr-cookie-scanner. Categories marked "Unknown" could not be identified automatically and should be verified manually._