@slashgear/gdpr-cookie-scanner 3.7.0 → 3.8.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.dockerignore +3 -0
- package/.gitattributes +1 -0
- package/.github/workflows/website.yml +80 -0
- package/CHANGELOG.md +33 -0
- package/CONTRIBUTING.md +32 -4
- package/dist/report/generator.d.ts.map +1 -1
- package/dist/report/generator.js +9 -4
- package/dist/report/generator.js.map +1 -1
- package/dist/report/html.js +12 -3
- package/dist/report/html.js.map +1 -1
- package/dist/scanner/consent-modal.d.ts.map +1 -1
- package/dist/scanner/consent-modal.js +17 -5
- package/dist/scanner/consent-modal.js.map +1 -1
- package/dist/scanner/index.d.ts.map +1 -1
- package/dist/scanner/index.js +12 -2
- package/dist/scanner/index.js.map +1 -1
- package/package.json +7 -3
- package/pnpm-workspace.yaml +3 -0
- package/scripts/build-showcase.mjs +113 -0
- package/src/report/generator.ts +10 -4
- package/src/report/html.ts +13 -3
- package/src/scanner/consent-modal.ts +16 -5
- package/src/scanner/index.ts +12 -2
- package/tests/analyzers/compliance.test.ts +49 -0
- package/website/Dockerfile +55 -0
- package/website/node_modules/.bin/oxfmt +21 -0
- package/website/node_modules/.bin/oxlint +21 -0
- package/website/node_modules/.bin/tsc +21 -0
- package/website/node_modules/.bin/tsserver +21 -0
- package/website/node_modules/.bin/tsx +21 -0
- package/website/package.json +29 -0
- package/{docs → website/public}/index.html +70 -20
- package/website/public/reports/www.20minutes.fr/after-accept.png +3 -0
- package/website/public/reports/www.20minutes.fr/after-reject.png +3 -0
- package/{docs/reports/www.leboncoin.fr/gdpr-report-leboncoin.fr-2026-02-22.html → website/public/reports/www.20minutes.fr/gdpr-report-20minutes.fr-2026-02-22.html} +194 -51
- package/website/public/reports/www.20minutes.fr/modal-initial.png +3 -0
- package/website/public/reports/www.arte.tv/after-accept.png +3 -0
- package/website/public/reports/www.arte.tv/after-reject.png +3 -0
- package/{docs → website/public}/reports/www.arte.tv/gdpr-report-arte.tv-2026-02-24.html +1 -0
- package/website/public/reports/www.arte.tv/modal-initial.png +3 -0
- package/website/public/reports/www.backmarket.fr/after-accept.png +3 -0
- package/website/public/reports/www.backmarket.fr/after-reject.png +3 -0
- package/website/public/reports/www.backmarket.fr/gdpr-report-backmarket.fr-2026-02-24.html +1530 -0
- package/website/public/reports/www.backmarket.fr/modal-initial.png +3 -0
- package/website/public/reports/www.deezer.com/after-accept.png +3 -0
- package/website/public/reports/www.deezer.com/after-reject.png +3 -0
- package/{docs → website/public}/reports/www.deezer.com/gdpr-report-deezer.com-2026-02-22.html +1 -0
- package/website/public/reports/www.deezer.com/modal-initial.png +3 -0
- package/website/public/reports/www.france.tv/after-accept.png +3 -0
- package/website/public/reports/www.france.tv/after-reject.png +3 -0
- package/website/public/reports/www.france.tv/gdpr-report-france.tv-2026-02-23.html +977 -0
- package/website/public/reports/www.france.tv/modal-initial.png +3 -0
- package/website/public/reports/www.m6.fr/after-accept.png +3 -0
- package/website/public/reports/www.m6.fr/after-reject.png +3 -0
- package/website/public/reports/www.m6.fr/gdpr-report-m6.fr-2026-02-28.html +1862 -0
- package/website/public/reports/www.m6.fr/modal-initial.png +3 -0
- package/website/public/reports/www.netflix.com/after-accept.png +3 -0
- package/website/public/reports/www.netflix.com/after-reject.png +3 -0
- package/{docs → website/public}/reports/www.netflix.com/gdpr-report-netflix.com-2026-02-23.html +1 -0
- package/website/public/reports/www.netflix.com/modal-initial.png +3 -0
- package/website/public/reports/www.radiofrance.fr/after-accept.png +3 -0
- package/website/public/reports/www.radiofrance.fr/after-reject.png +3 -0
- package/{docs → website/public}/reports/www.radiofrance.fr/gdpr-report-radiofrance.fr-2026-02-24.html +1 -0
- package/website/public/reports/www.radiofrance.fr/modal-initial.png +3 -0
- package/website/public/reports/www.tf1.fr/after-accept.png +3 -0
- package/website/public/reports/www.tf1.fr/after-reject.png +3 -0
- package/website/public/reports/www.tf1.fr/gdpr-report-tf1.fr-2026-02-23.html +1512 -0
- package/website/public/reports/www.tf1.fr/modal-initial.png +3 -0
- package/website/src/index.ts +15 -0
- package/website/src/security.ts +26 -0
- package/website/tsconfig.json +14 -0
- package/.github/workflows/pages.yml +0 -40
- package/docs/reports/www.arte.tv/after-accept.png +0 -0
- package/docs/reports/www.arte.tv/after-reject.png +0 -0
- package/docs/reports/www.deezer.com/after-accept.png +0 -0
- package/docs/reports/www.deezer.com/after-reject.png +0 -0
- package/docs/reports/www.impots.gouv.fr/after-accept.png +0 -0
- package/docs/reports/www.impots.gouv.fr/after-reject.png +0 -0
- package/docs/reports/www.impots.gouv.fr/gdpr-report-impots.gouv.fr-2026-02-22.html +0 -751
- package/docs/reports/www.leboncoin.fr/after-accept.png +0 -0
- package/docs/reports/www.leboncoin.fr/after-reject.png +0 -0
- package/docs/reports/www.netflix.com/after-accept.png +0 -0
- package/docs/reports/www.netflix.com/after-reject.png +0 -0
- package/docs/reports/www.radiofrance.fr/after-accept.png +0 -0
- package/docs/reports/www.radiofrance.fr/after-reject.png +0 -0
- /package/{docs → website/public}/style.css +0 -0
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import { serve } from "@hono/node-server";
|
|
2
|
+
import { serveStatic } from "@hono/node-server/serve-static";
|
|
3
|
+
import { Hono } from "hono";
|
|
4
|
+
import { securityHeaders } from "./security.js";
|
|
5
|
+
|
|
6
|
+
const app = new Hono();
|
|
7
|
+
|
|
8
|
+
app.use("/*", securityHeaders);
|
|
9
|
+
app.use("/*", serveStatic({ root: "./public", precompressed: true }));
|
|
10
|
+
|
|
11
|
+
const port = Number(process.env.PORT) || 8080;
|
|
12
|
+
|
|
13
|
+
serve({ fetch: app.fetch, port }, (info) => {
|
|
14
|
+
console.log(`Server running on http://localhost:${info.port}`);
|
|
15
|
+
});
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
import type { MiddlewareHandler } from "hono";
|
|
2
|
+
|
|
3
|
+
const CSP = [
|
|
4
|
+
"default-src 'self'",
|
|
5
|
+
"script-src 'self'",
|
|
6
|
+
"style-src 'self' 'unsafe-inline'",
|
|
7
|
+
"img-src 'self' data: https:",
|
|
8
|
+
"font-src 'self'",
|
|
9
|
+
"connect-src 'self'",
|
|
10
|
+
"frame-ancestors 'none'",
|
|
11
|
+
"base-uri 'self'",
|
|
12
|
+
"form-action 'self'",
|
|
13
|
+
"upgrade-insecure-requests",
|
|
14
|
+
].join("; ");
|
|
15
|
+
|
|
16
|
+
export const securityHeaders: MiddlewareHandler = async (c, next) => {
|
|
17
|
+
await next();
|
|
18
|
+
c.header("X-Frame-Options", "DENY");
|
|
19
|
+
c.header("X-Content-Type-Options", "nosniff");
|
|
20
|
+
c.header("X-XSS-Protection", "1; mode=block");
|
|
21
|
+
c.header("Referrer-Policy", "strict-origin-when-cross-origin");
|
|
22
|
+
c.header("Permissions-Policy", "geolocation=(), microphone=(), camera=()");
|
|
23
|
+
if (process.env.NODE_ENV === "production") {
|
|
24
|
+
c.header("Content-Security-Policy", CSP);
|
|
25
|
+
}
|
|
26
|
+
};
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
{
|
|
2
|
+
"compilerOptions": {
|
|
3
|
+
"target": "ES2022",
|
|
4
|
+
"module": "NodeNext",
|
|
5
|
+
"moduleResolution": "NodeNext",
|
|
6
|
+
"outDir": "dist",
|
|
7
|
+
"rootDir": "src",
|
|
8
|
+
"strict": true,
|
|
9
|
+
"esModuleInterop": true,
|
|
10
|
+
"skipLibCheck": true
|
|
11
|
+
},
|
|
12
|
+
"include": ["src/**/*"],
|
|
13
|
+
"exclude": ["node_modules", "dist"]
|
|
14
|
+
}
|
|
@@ -1,40 +0,0 @@
|
|
|
1
|
-
name: Deploy GitHub Pages
|
|
2
|
-
|
|
3
|
-
on:
|
|
4
|
-
push:
|
|
5
|
-
branches:
|
|
6
|
-
- main
|
|
7
|
-
paths:
|
|
8
|
-
- "docs/**"
|
|
9
|
-
workflow_dispatch:
|
|
10
|
-
|
|
11
|
-
permissions:
|
|
12
|
-
contents: read
|
|
13
|
-
pages: write
|
|
14
|
-
id-token: write
|
|
15
|
-
|
|
16
|
-
concurrency:
|
|
17
|
-
group: pages
|
|
18
|
-
cancel-in-progress: false
|
|
19
|
-
|
|
20
|
-
jobs:
|
|
21
|
-
deploy:
|
|
22
|
-
environment:
|
|
23
|
-
name: github-pages
|
|
24
|
-
url: ${{ steps.deployment.outputs.page_url }}
|
|
25
|
-
runs-on: ubuntu-latest
|
|
26
|
-
steps:
|
|
27
|
-
- name: Checkout
|
|
28
|
-
uses: actions/checkout@v4
|
|
29
|
-
|
|
30
|
-
- name: Configure Pages
|
|
31
|
-
uses: actions/configure-pages@v4
|
|
32
|
-
|
|
33
|
-
- name: Upload artifact
|
|
34
|
-
uses: actions/upload-pages-artifact@v3
|
|
35
|
-
with:
|
|
36
|
-
path: docs/
|
|
37
|
-
|
|
38
|
-
- name: Deploy to GitHub Pages
|
|
39
|
-
id: deployment
|
|
40
|
-
uses: actions/deploy-pages@v4
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|