npm - @slashgear/gdpr-cookie-scanner - Versions diffs - 3.7.0 → 3.8.0 - Mend

@slashgear/gdpr-cookie-scanner 3.7.0 → 3.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (70) hide show

package/.dockerignore CHANGED Viewed

@@ -7,6 +7,9 @@ dist/
 reports/
 gdpr-reports/
 tests/
+docs/
+website/node_modules/
+website/dist/
 *.md
 *.log
 .DS_Store

package/.gitattributes ADDED Viewed

	@@ -0,0 +1 @@
1	+ website/public/reports/*/.png filter=lfs diff=lfs merge=lfs -text

package/.github/workflows/website.yml ADDED Viewed

@@ -0,0 +1,80 @@
+name: Website
+on:
+  push:
+    branches: [main]
+    paths:
+      - "website/**"
+      - "pnpm-workspace.yaml"
+      - ".github/workflows/website.yml"
+env:
+  SCW_DEFAULT_REGION: fr-par
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    outputs:
+      image: ${{ steps.meta.outputs.image }}
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          lfs: true
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Compute image name
+        id: meta
+        run: |
+          echo "image=ghcr.io/$(echo '${{ github.repository }}' | tr '[:upper:]' '[:lower:]')-website" >> "$GITHUB_OUTPUT"
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: website/Dockerfile
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: |
+            ${{ steps.meta.outputs.image }}:latest
+            ${{ steps.meta.outputs.image }}:${{ github.sha }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+  deploy:
+    needs: build-and-push
+    runs-on: ubuntu-latest
+    environment: production
+    steps:
+      - name: Install Scaleway CLI
+        run: |
+          curl -fsSL https://raw.githubusercontent.com/scaleway/scaleway-cli/master/scripts/get.sh | sh
+      - name: Deploy to Scaleway Serverless Container
+        run: |
+          scw container container update ${{ secrets.SCW_CONTAINER_ID }} \
+            registry-image=${{ needs.build-and-push.outputs.image }}:${{ github.sha }} \
+            region=${{ env.SCW_DEFAULT_REGION }} \
+            redeploy=true
+        env:
+          SCW_ACCESS_KEY: ${{ secrets.SCW_ACCESS_KEY }}
+          SCW_SECRET_KEY: ${{ secrets.SCW_SECRET_KEY }}
+          SCW_DEFAULT_ORGANIZATION_ID: ${{ secrets.SCW_ORGANIZATION_ID }}
+          SCW_DEFAULT_PROJECT_ID: ${{ secrets.SCW_PROJECT_ID }}

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,13 @@
 # @slashgear/gdpr-cookie-scanner
+## 3.8.0
+### Minor Changes
+- 88d944f: Introduce pnpm workspace monorepo and `website` package.
+  Converts the repo to a pnpm workspace and adds a new private `website` package (`@slashgear/gdpr-website`) built with Hono on Node.js. The package exposes a Docker image (`ghcr.io/slashgear/gdpr-website`) intended for deployment as a Scaleway Serverless Container at `gdpr.slashgear.dev`. A dedicated GitHub Actions workflow (`website.yml`) builds and pushes the image on every push to `main` that touches `website/**`, then redeploys the container via the Scaleway CLI.
 ## 3.7.0
 ### Minor Changes

package/CONTRIBUTING.md CHANGED Viewed

@@ -2,20 +2,32 @@
 ## Prerequisites
-- Node.js ≥ 20
+- Node.js ≥ 24
 - pnpm
-- Playwright: `npx playwright install chromium`
+- Playwright: `pnpm exec playwright install chromium`
+## Repository structure
+This is a **pnpm workspace monorepo** with two packages:
+| Package                          | Path       | Description                                                                                                  |
+| -------------------------------- | ---------- | ------------------------------------------------------------------------------------------------------------ |
+| `@slashgear/gdpr-cookie-scanner` | `/` (root) | Published CLI tool                                                                                           |
+| `@slashgear/gdpr-website`        | `website/` | Hono web app — not published, deployed as a Docker image to [gdpr.slashgear.dev](https://gdpr.slashgear.dev) |
 ## Getting started
 ```bash
 git clone https://github.com/Slashgear/gdpr-report.git
 cd gdpr-report
-pnpm install
-pnpm build
+pnpm install          # installs all workspace packages
+pnpm build            # builds the CLI
 # Run the CLI locally
 node dist/cli.js scan https://example.com
+# Run the website locally (http://localhost:8080)
+pnpm website:dev
 ```
 ## Workflow
@@ -28,6 +40,7 @@ node dist/cli.js scan https://example.com
    pnpm lint
    pnpm typecheck
    pnpm build
+   pnpm website:typecheck
    ```
 4. Open a Pull Request targeting `main`
@@ -37,6 +50,21 @@ node dist/cli.js scan https://example.com
 - **Consent modal detection** — improve CMP detection in `src/scanner/consent-modal.ts`
 - **Compliance rules** — refine scoring rules in `src/analyzers/compliance.ts`
 - **Report** — improve report rendering in `src/report/generator.ts`
+- **Website** — Hono server and landing page in `website/src/` and `website/public/`
+## Website — live reports showcase
+The `website/public/reports/` directory contains pre-generated HTML reports (grades A–D only).
+After adding new reports, run:
+```bash
+pnpm build:showcase   # regenerates the report cards in website/public/index.html
+```
+The script reads `website/public/reports/` and injects sorted report cards between the
+`<!-- ── REPORTS_START ── -->` / `<!-- ── REPORTS_END ── -->` markers.
+Report screenshots (`.png`) are tracked via **Git LFS** — make sure `git lfs` is installed before cloning.
 ## Releasing

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@slashgear/gdpr-cookie-scanner",
-  "version": "3.7.0",
+  "version": "3.8.0",
   "description": "CLI tool to scan websites for GDPR cookie consent compliance",
   "keywords": [
     "compliance",
@@ -12,7 +12,7 @@
     "rgpd",
     "scanner"
   ],
-  "homepage": "https://github.com/Slashgear/gdpr-cookie-scanner#readme",
+  "homepage": "https://gdpr.slashgear.dev",
   "bugs": {
     "url": "https://github.com/Slashgear/gdpr-cookie-scanner/issues"
   },
@@ -68,6 +68,10 @@
     "changeset": "changeset",
     "update-trackers": "node --experimental-strip-types scripts/update-trackers.ts",
     "update-trackers:dry": "node --experimental-strip-types scripts/update-trackers.ts --dry-run",
-    "update:ocd": "node scripts/update-cookie-db.mjs"
+    "update:ocd": "node scripts/update-cookie-db.mjs",
+    "build:showcase": "node scripts/build-showcase.mjs && pnpm format",
+    "website:dev": "pnpm --filter @slashgear/gdpr-website dev",
+    "website:build": "pnpm --filter @slashgear/gdpr-website build",
+    "website:typecheck": "pnpm --filter @slashgear/gdpr-website typecheck"
   }
 }

package/pnpm-workspace.yaml ADDED Viewed

@@ -0,0 +1,3 @@
+packages:
+  - "."
+  - website

package/scripts/build-showcase.mjs ADDED Viewed

@@ -0,0 +1,113 @@
+/**
+ * Reads docs/reports/<host>/ directories, extracts grade/score/date from
+ * each HTML report, and regenerates the "Live Reports" cards in docs/index.html.
+ *
+ * Usage:  node scripts/build-showcase.mjs
+ * Or:     pnpm build:showcase
+ */
+import { readdir, readFile, writeFile } from "fs/promises";
+import { join, resolve } from "path";
+import { existsSync } from "fs";
+const WEBSITE_PUBLIC_DIR = resolve("website/public");
+const REPORTS_DIR = join(WEBSITE_PUBLIC_DIR, "reports");
+const INDEX_HTML = join(WEBSITE_PUBLIC_DIR, "index.html");
+const START_MARKER = "<!-- ── REPORTS_START ── -->";
+const END_MARKER = "<!-- ── REPORTS_END ── -->";
+async function extractMeta(hostDir) {
+  const files = await readdir(join(REPORTS_DIR, hostDir));
+  const htmlFile = files.find((f) => f.endsWith(".html"));
+  if (!htmlFile) return null;
+  const content = await readFile(join(REPORTS_DIR, hostDir, htmlFile), "utf8");
+  // oxfmt may split closing tags across lines — match opening tag content only
+  const grade = content.match(/"grade-badge"[^>]*>([A-F])<\/div>/)?.[1] ?? "?";
+  const score = content.match(/"score-num"[^>]*>(\d+)/)?.[1] ?? "?";
+  // Date from filename: gdpr-report-<host>-YYYY-MM-DD.html
+  const dateRaw = htmlFile.match(/(\d{4}-\d{2}-\d{2})\.html$/)?.[1];
+  const dateStr = dateRaw
+    ? new Date(dateRaw).toLocaleDateString("en-GB", {
+        day: "numeric",
+        month: "short",
+        year: "numeric",
+      })
+    : "";
+  const displayHost = hostDir.replace(/^www\./, "");
+  // Inject modal screenshot if PNG exists alongside the HTML but isn't referenced yet
+  const pngPath = join(REPORTS_DIR, hostDir, "modal-initial.png");
+  const htmlPath = join(REPORTS_DIR, hostDir, htmlFile);
+  if (existsSync(pngPath) && !content.includes("modal-initial.png")) {
+    const IMG = `<img src="modal-initial.png" alt="Consent modal screenshot" class="modal-screenshot" />`;
+    // Insert right after the section-body div that follows <h2>Consent modal</h2>
+    const patched = content.replace(
+      /(<h2>Consent modal<\/h2>[\s\S]*?<div class="section-body">)/,
+      `$1\n          ${IMG}`,
+    );
+    if (patched !== content) {
+      await writeFile(htmlPath, patched, "utf8");
+    }
+  }
+  return { grade, score: parseInt(score, 10) || 0, dateStr, displayHost, hostDir, htmlFile };
+}
+function buildCard({ grade, score, dateStr, displayHost, hostDir, htmlFile }) {
+  return `          <!-- ${displayHost} — ${score}/100 ${grade} -->
+          <div class="report-card">
+            <div class="report-header">
+              <div class="grade-badge grade-${grade}">${grade}</div>
+              <div class="report-meta">
+                <h3>${displayHost}</h3>
+                <span class="score">${score} / 100</span>
+              </div>
+            </div>
+            <p class="report-date">Scanned ${dateStr}</p>
+            <a class="btn btn-outline" href="reports/${hostDir}/${htmlFile}">
+              View report →
+            </a>
+          </div>`;
+}
+async function main() {
+  const hosts = (await readdir(REPORTS_DIR, { withFileTypes: true }))
+    .filter((d) => d.isDirectory())
+    .map((d) => d.name);
+  const reports = (await Promise.all(hosts.map(extractMeta))).filter(Boolean);
+  // Sort by score descending (best first)
+  reports.sort((a, b) => b.score - a.score);
+  const cards = reports.map(buildCard).join("\n\n");
+  let index = await readFile(INDEX_HTML, "utf8");
+  const startIdx = index.indexOf(START_MARKER);
+  const endIdx = index.indexOf(END_MARKER);
+  if (startIdx === -1 || endIdx === -1) {
+    throw new Error(`Markers not found in ${INDEX_HTML}. Add:\n  ${START_MARKER}\n  ${END_MARKER}`);
+  }
+  const newIndex =
+    index.slice(0, startIdx + START_MARKER.length) +
+    "\n" +
+    cards +
+    "\n          " +
+    index.slice(endIdx);
+  await writeFile(INDEX_HTML, newIndex, "utf8");
+  console.log(`✓ ${INDEX_HTML} updated with ${reports.length} report cards`);
+  reports.forEach((r) => console.log(`  ${r.grade} ${r.score}/100  ${r.displayHost}`));
+}
+main().catch((e) => {
+  console.error(e);
+  process.exit(1);
+});

package/website/Dockerfile ADDED Viewed

@@ -0,0 +1,55 @@
+# Build context: repo root (docker build -f website/Dockerfile .)
+# ── Stage 1: build ────────────────────────────────────────────────────────────
+FROM node:24-slim AS builder
+WORKDIR /app
+# Install compression tools (brotli, zstd, zopfli)
+RUN apt-get update && apt-get install -y --no-install-recommends brotli zstd zopfli \
+    && rm -rf /var/lib/apt/lists/*
+RUN npm install -g pnpm@latest
+# Copy workspace manifests for layer caching
+COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
+COPY website/package.json ./website/
+# Install website deps only (no playwright, no CLI deps)
+RUN pnpm install --frozen-lockfile --filter @slashgear/gdpr-website
+# Copy source and compile
+COPY website/tsconfig.json ./website/
+COPY website/src ./website/src
+RUN pnpm --filter @slashgear/gdpr-website build
+# Copy static assets and precompress them
+COPY website/public ./website/public
+RUN find /app/website/public -type f \( -name "*.html" -o -name "*.css" -o -name "*.js" -o -name "*.json" -o -name "*.svg" \) | \
+    while read f; do \
+      brotli --best -k "$f"; \
+      zstd --ultra -22 -k "$f"; \
+      zopfli --gzip "$f"; \
+    done
+# ── Stage 2: runtime ──────────────────────────────────────────────────────────
+FROM node:24-slim
+WORKDIR /app
+ENV NODE_ENV=production
+RUN npm install -g pnpm@latest
+COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
+COPY website/package.json ./website/
+RUN pnpm install --prod --frozen-lockfile --filter @slashgear/gdpr-website
+# Static assets with precompressed variants (.br, .zst, .gz)
+COPY --from=builder /app/website/public ./website/public
+# Compiled server
+COPY --from=builder /app/website/dist ./website/dist
+WORKDIR /app/website
+ENV PORT=8080
+EXPOSE 8080
+CMD ["node", "dist/index.js"]

package/website/node_modules/.bin/oxfmt ADDED Viewed

@@ -0,0 +1,21 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+case `uname` in
+    *CYGWIN*|*MINGW*|*MSYS*)
+        if command -v cygpath > /dev/null 2>&1; then
+            basedir=`cygpath -w "$basedir"`
+        fi
+    ;;
+esac
+if [ -z "$NODE_PATH" ]; then
+  export NODE_PATH="/home/runner/work/gdpr-cookie-scanner/gdpr-cookie-scanner/node_modules/.pnpm/oxfmt@0.34.0/node_modules/oxfmt/node_modules:/home/runner/work/gdpr-cookie-scanner/gdpr-cookie-scanner/node_modules/.pnpm/oxfmt@0.34.0/node_modules:/home/runner/work/gdpr-cookie-scanner/gdpr-cookie-scanner/node_modules/.pnpm/node_modules"
+else
+  export NODE_PATH="/home/runner/work/gdpr-cookie-scanner/gdpr-cookie-scanner/node_modules/.pnpm/oxfmt@0.34.0/node_modules/oxfmt/node_modules:/home/runner/work/gdpr-cookie-scanner/gdpr-cookie-scanner/node_modules/.pnpm/oxfmt@0.34.0/node_modules:/home/runner/work/gdpr-cookie-scanner/gdpr-cookie-scanner/node_modules/.pnpm/node_modules:$NODE_PATH"
+fi
+if [ -x "$basedir/node" ]; then
+  exec "$basedir/node"  "$basedir/../oxfmt/bin/oxfmt" "$@"
+else
+  exec node  "$basedir/../oxfmt/bin/oxfmt" "$@"
+fi

package/website/node_modules/.bin/oxlint ADDED Viewed

@@ -0,0 +1,21 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+case `uname` in
+    *CYGWIN*|*MINGW*|*MSYS*)
+        if command -v cygpath > /dev/null 2>&1; then
+            basedir=`cygpath -w "$basedir"`
+        fi
+    ;;
+esac
+if [ -z "$NODE_PATH" ]; then
+  export NODE_PATH="/home/runner/work/gdpr-cookie-scanner/gdpr-cookie-scanner/node_modules/.pnpm/oxlint@1.49.0/node_modules/oxlint/node_modules:/home/runner/work/gdpr-cookie-scanner/gdpr-cookie-scanner/node_modules/.pnpm/oxlint@1.49.0/node_modules:/home/runner/work/gdpr-cookie-scanner/gdpr-cookie-scanner/node_modules/.pnpm/node_modules"
+else
+  export NODE_PATH="/home/runner/work/gdpr-cookie-scanner/gdpr-cookie-scanner/node_modules/.pnpm/oxlint@1.49.0/node_modules/oxlint/node_modules:/home/runner/work/gdpr-cookie-scanner/gdpr-cookie-scanner/node_modules/.pnpm/oxlint@1.49.0/node_modules:/home/runner/work/gdpr-cookie-scanner/gdpr-cookie-scanner/node_modules/.pnpm/node_modules:$NODE_PATH"
+fi
+if [ -x "$basedir/node" ]; then
+  exec "$basedir/node"  "$basedir/../oxlint/bin/oxlint" "$@"
+else
+  exec node  "$basedir/../oxlint/bin/oxlint" "$@"
+fi

package/website/node_modules/.bin/tsc ADDED Viewed

@@ -0,0 +1,21 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+case `uname` in
+    *CYGWIN*|*MINGW*|*MSYS*)
+        if command -v cygpath > /dev/null 2>&1; then
+            basedir=`cygpath -w "$basedir"`
+        fi
+    ;;
+esac
+if [ -z "$NODE_PATH" ]; then
+  export NODE_PATH="/home/runner/work/gdpr-cookie-scanner/gdpr-cookie-scanner/node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/node_modules:/home/runner/work/gdpr-cookie-scanner/gdpr-cookie-scanner/node_modules/.pnpm/typescript@5.9.3/node_modules:/home/runner/work/gdpr-cookie-scanner/gdpr-cookie-scanner/node_modules/.pnpm/node_modules"
+else
+  export NODE_PATH="/home/runner/work/gdpr-cookie-scanner/gdpr-cookie-scanner/node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/node_modules:/home/runner/work/gdpr-cookie-scanner/gdpr-cookie-scanner/node_modules/.pnpm/typescript@5.9.3/node_modules:/home/runner/work/gdpr-cookie-scanner/gdpr-cookie-scanner/node_modules/.pnpm/node_modules:$NODE_PATH"
+fi
+if [ -x "$basedir/node" ]; then
+  exec "$basedir/node"  "$basedir/../typescript/bin/tsc" "$@"
+else
+  exec node  "$basedir/../typescript/bin/tsc" "$@"
+fi

package/website/node_modules/.bin/tsserver ADDED Viewed

@@ -0,0 +1,21 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+case `uname` in
+    *CYGWIN*|*MINGW*|*MSYS*)
+        if command -v cygpath > /dev/null 2>&1; then
+            basedir=`cygpath -w "$basedir"`
+        fi
+    ;;
+esac
+if [ -z "$NODE_PATH" ]; then
+  export NODE_PATH="/home/runner/work/gdpr-cookie-scanner/gdpr-cookie-scanner/node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/node_modules:/home/runner/work/gdpr-cookie-scanner/gdpr-cookie-scanner/node_modules/.pnpm/typescript@5.9.3/node_modules:/home/runner/work/gdpr-cookie-scanner/gdpr-cookie-scanner/node_modules/.pnpm/node_modules"
+else
+  export NODE_PATH="/home/runner/work/gdpr-cookie-scanner/gdpr-cookie-scanner/node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/node_modules:/home/runner/work/gdpr-cookie-scanner/gdpr-cookie-scanner/node_modules/.pnpm/typescript@5.9.3/node_modules:/home/runner/work/gdpr-cookie-scanner/gdpr-cookie-scanner/node_modules/.pnpm/node_modules:$NODE_PATH"
+fi
+if [ -x "$basedir/node" ]; then
+  exec "$basedir/node"  "$basedir/../typescript/bin/tsserver" "$@"
+else
+  exec node  "$basedir/../typescript/bin/tsserver" "$@"
+fi

package/website/node_modules/.bin/tsx ADDED Viewed

@@ -0,0 +1,21 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+case `uname` in
+    *CYGWIN*|*MINGW*|*MSYS*)
+        if command -v cygpath > /dev/null 2>&1; then
+            basedir=`cygpath -w "$basedir"`
+        fi
+    ;;
+esac
+if [ -z "$NODE_PATH" ]; then
+  export NODE_PATH="/home/runner/work/gdpr-cookie-scanner/gdpr-cookie-scanner/node_modules/.pnpm/tsx@4.21.0/node_modules/tsx/node_modules:/home/runner/work/gdpr-cookie-scanner/gdpr-cookie-scanner/node_modules/.pnpm/tsx@4.21.0/node_modules:/home/runner/work/gdpr-cookie-scanner/gdpr-cookie-scanner/node_modules/.pnpm/node_modules"
+else
+  export NODE_PATH="/home/runner/work/gdpr-cookie-scanner/gdpr-cookie-scanner/node_modules/.pnpm/tsx@4.21.0/node_modules/tsx/node_modules:/home/runner/work/gdpr-cookie-scanner/gdpr-cookie-scanner/node_modules/.pnpm/tsx@4.21.0/node_modules:/home/runner/work/gdpr-cookie-scanner/gdpr-cookie-scanner/node_modules/.pnpm/node_modules:$NODE_PATH"
+fi
+if [ -x "$basedir/node" ]; then
+  exec "$basedir/node"  "$basedir/../tsx/dist/cli.mjs" "$@"
+else
+  exec node  "$basedir/../tsx/dist/cli.mjs" "$@"
+fi

package/website/package.json ADDED Viewed

@@ -0,0 +1,29 @@
+{
+  "name": "@slashgear/gdpr-website",
+  "version": "0.1.0",
+  "private": true,
+  "description": "Web interface for gdpr-cookie-scanner",
+  "type": "module",
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsx src/index.ts",
+    "start": "node dist/index.js",
+    "typecheck": "tsc --noEmit",
+    "lint": "oxlint .",
+    "format": "oxfmt ."
+  },
+  "dependencies": {
+    "@hono/node-server": "^1.14.0",
+    "hono": "^4.7.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "oxfmt": "^0.34.0",
+    "oxlint": "^1.48.0",
+    "tsx": "^4.19.0",
+    "typescript": "^5.5.0"
+  },
+  "engines": {
+    "node": ">=24.0.0"
+  }
+}