npm - csprefabricate - Versions diffs - 1.0.0 → 2.0.0 - Mend

csprefabricate 1.0.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,16 @@
 # Changelog
+## [2.0.0](https://github.com/JamesToohey/csprefabricate/compare/v1.0.0...v2.0.0) (2025-06-13)
+### ⚠ BREAKING CHANGES
+* issues when using csprefabricate with commonjs imports ([#31](https://github.com/JamesToohey/csprefabricate/issues/31))
+### Bug Fixes
+* issues when using csprefabricate with commonjs imports ([#31](https://github.com/JamesToohey/csprefabricate/issues/31)) ([76d57b6](https://github.com/JamesToohey/csprefabricate/commit/76d57b641813d10557069e0d5b119853212f4544))
 ## [1.0.0](https://github.com/JamesToohey/csprefabricate/compare/v0.4.0...v1.0.0) (2025-06-02)

package/dist/baseline.js CHANGED Viewed

@@ -1,4 +1,7 @@
-import { Directive } from "./types";
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GOOGLE_ANALYTICS_WITH_SIGNALS_CSP = exports.GOOGLE_ANALYTICS_CSP = exports.BASELINE_STRICT_CSP = void 0;
+const types_1 = require("./types");
 // List of supported domains for Google Signals from https://www.google.com/supported_domains
 const googleSupportedTLDs = [
     ".com",
@@ -189,39 +192,39 @@ const googleSupportedTLDs = [
     ".co.zw",
     ".cat",
 ];
-export const BASELINE_STRICT_CSP = {
-    [Directive.DEFAULT_SRC]: ["'self'"],
-    [Directive.SCRIPT_SRC]: ["'self'"],
-    [Directive.STYLE_SRC]: ["'self'"],
-    [Directive.IMG_SRC]: ["'self'"],
-    [Directive.OBJECT_SRC]: ["'none'"],
-    [Directive.BASE_URI]: ["'self'"],
-    [Directive.FORM_ACTION]: ["'self'"],
+exports.BASELINE_STRICT_CSP = {
+    [types_1.Directive.DEFAULT_SRC]: ["'self'"],
+    [types_1.Directive.SCRIPT_SRC]: ["'self'"],
+    [types_1.Directive.STYLE_SRC]: ["'self'"],
+    [types_1.Directive.IMG_SRC]: ["'self'"],
+    [types_1.Directive.OBJECT_SRC]: ["'none'"],
+    [types_1.Directive.BASE_URI]: ["'self'"],
+    [types_1.Directive.FORM_ACTION]: ["'self'"],
 };
 /**
  * Google Analytics Content Security Policy based on the official guidelines.
  * https://developers.google.com/tag-platform/security/guides/csp#google_analytics_4_google_analytics
  */
-export const GOOGLE_ANALYTICS_CSP = {
-    ...BASELINE_STRICT_CSP,
-    [Directive.DEFAULT_SRC]: ["'self'"],
-    [Directive.SCRIPT_SRC]: ["'self'", "*.googletagmanager.com"],
-    [Directive.IMG_SRC]: [
+exports.GOOGLE_ANALYTICS_CSP = {
+    ...exports.BASELINE_STRICT_CSP,
+    [types_1.Directive.DEFAULT_SRC]: ["'self'"],
+    [types_1.Directive.SCRIPT_SRC]: ["'self'", "*.googletagmanager.com"],
+    [types_1.Directive.IMG_SRC]: [
         "'self'",
         "https://*.google-analytics.com",
         "https://*.googletagmanager.com",
     ],
-    [Directive.CONNECT_SRC]: [
+    [types_1.Directive.CONNECT_SRC]: [
         "'self'",
         "https://*.google-analytics.com",
         "https://*.analytics.google.com",
         "https://*.googletagmanager.com",
     ],
 };
-export const GOOGLE_ANALYTICS_WITH_SIGNALS_CSP = {
-    ...BASELINE_STRICT_CSP,
-    ...GOOGLE_ANALYTICS_CSP,
-    [Directive.IMG_SRC]: [
+exports.GOOGLE_ANALYTICS_WITH_SIGNALS_CSP = {
+    ...exports.BASELINE_STRICT_CSP,
+    ...exports.GOOGLE_ANALYTICS_CSP,
+    [types_1.Directive.IMG_SRC]: [
         "'self'",
         "https://*.google-analytics.com",
         "https://*.googletagmanager.com",
@@ -229,7 +232,7 @@ export const GOOGLE_ANALYTICS_WITH_SIGNALS_CSP = {
         "https://*.google.com",
         { "https://*.google.": googleSupportedTLDs },
     ],
-    [Directive.CONNECT_SRC]: [
+    [types_1.Directive.CONNECT_SRC]: [
         "'self'",
         "https://*.google-analytics.com",
         "https://*.googletagmanager.com",
@@ -237,7 +240,7 @@ export const GOOGLE_ANALYTICS_WITH_SIGNALS_CSP = {
         "https://pagead2.googlesyndication.com",
         { "https://*.google": googleSupportedTLDs },
     ],
-    [Directive.FRAME_SRC]: [
+    [types_1.Directive.FRAME_SRC]: [
         "'self'",
         "https://td.doubleclick.net",
         "https://www.googletagmanager.com",

package/dist/helpers.js CHANGED Viewed

@@ -1,4 +1,8 @@
-import { Directive } from "./types";
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.formatRule = exports.isValidDirective = void 0;
+exports.warnOnCspIssues = warnOnCspIssues;
+const types_1 = require("./types");
 const DEFAULT_WARNINGS = {
     overlyPermissive: true,
     missingDirectives: true,
@@ -41,15 +45,15 @@ const specialRules = [
     "strict-dynamic",
     "unsafe-hashes",
 ];
-export function warnOnCspIssues(csp, overrides = {}) {
+function warnOnCspIssues(csp, overrides = {}) {
     const options = { ...DEFAULT_WARNINGS, ...overrides };
     // 1. Overly permissive: * in script-src, style-src, etc.
     if (options.overlyPermissive) {
         [
-            Directive.SCRIPT_SRC,
-            Directive.STYLE_SRC,
-            Directive.IMG_SRC,
-            Directive.CONNECT_SRC,
+            types_1.Directive.SCRIPT_SRC,
+            types_1.Directive.STYLE_SRC,
+            types_1.Directive.IMG_SRC,
+            types_1.Directive.CONNECT_SRC,
         ].forEach((directive) => {
             const rules = csp[directive];
             if (Array.isArray(rules) && rules.includes("*")) {
@@ -60,9 +64,9 @@ export function warnOnCspIssues(csp, overrides = {}) {
     // 2. Missing important directives
     if (options.missingDirectives) {
         [
-            Directive.OBJECT_SRC,
-            Directive.BASE_URI,
-            Directive.FORM_ACTION,
+            types_1.Directive.OBJECT_SRC,
+            types_1.Directive.BASE_URI,
+            types_1.Directive.FORM_ACTION,
         ].forEach((directive) => {
             if (!(directive in csp)) {
                 console.warn(`[CSPrefabricate] Missing recommended directive: ${directive}`);
@@ -71,7 +75,7 @@ export function warnOnCspIssues(csp, overrides = {}) {
     }
     // 3. Unsafe inline
     if (options.unsafeInline) {
-        [Directive.SCRIPT_SRC, Directive.STYLE_SRC].forEach((directive) => {
+        [types_1.Directive.SCRIPT_SRC, types_1.Directive.STYLE_SRC].forEach((directive) => {
             const rules = csp[directive];
             if (Array.isArray(rules) && rules.includes("'unsafe-inline'")) {
                 console.warn(`[CSPrefabricate] 'unsafe-inline' found in ${directive}`);
@@ -80,7 +84,7 @@ export function warnOnCspIssues(csp, overrides = {}) {
     }
     // 4. Missing nonce or hash in script-src if 'unsafe-inline' is present
     if (options.missingNonceOrHash) {
-        const rules = csp[Directive.SCRIPT_SRC];
+        const rules = csp[types_1.Directive.SCRIPT_SRC];
         if (Array.isArray(rules) && rules.includes("'unsafe-inline'")) {
             const hasNonceOrHash = rules.some((r) => typeof r === "string" &&
                 (r.startsWith("'nonce-") || r.startsWith("'sha")));
@@ -91,7 +95,7 @@ export function warnOnCspIssues(csp, overrides = {}) {
     }
     // 5. Permitting data: in img-src or media-src
     if (options.dataUri) {
-        [Directive.IMG_SRC, Directive.MEDIA_SRC].forEach((directive) => {
+        [types_1.Directive.IMG_SRC, types_1.Directive.MEDIA_SRC].forEach((directive) => {
             const rules = csp[directive];
             if (Array.isArray(rules) && rules.includes("data:")) {
                 console.warn(`[CSPrefabricate] 'data:' allowed in ${directive}`);
@@ -99,5 +103,7 @@ export function warnOnCspIssues(csp, overrides = {}) {
         });
     }
 }
-export const isValidDirective = (directive) => validDirectives.includes(directive);
-export const formatRule = (rule) => specialRules.includes(rule) ? `'${rule}'` : rule;
+const isValidDirective = (directive) => validDirectives.includes(directive);
+exports.isValidDirective = isValidDirective;
+const formatRule = (rule) => specialRules.includes(rule) ? `'${rule}'` : rule;
+exports.formatRule = formatRule;

package/dist/index.js CHANGED Viewed

@@ -1,5 +1,42 @@
-import { Directive } from "./types";
-import { create } from "./utils";
-import * as Baseline from "./baseline";
-export { Baseline };
-export { create, Directive };
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Directive = exports.create = exports.Baseline = void 0;
+const types_1 = require("./types");
+Object.defineProperty(exports, "Directive", { enumerable: true, get: function () { return types_1.Directive; } });
+const utils_1 = require("./utils");
+Object.defineProperty(exports, "create", { enumerable: true, get: function () { return utils_1.create; } });
+const Baseline = __importStar(require("./baseline"));
+exports.Baseline = Baseline;

package/dist/types.js CHANGED Viewed

@@ -1,3 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Directive = void 0;
 var Directive;
 (function (Directive) {
     Directive["DEFAULT_SRC"] = "default-src";
@@ -25,5 +28,4 @@ var Directive;
     Directive["TRUSTED_TYPES"] = "trusted-types";
     Directive["UPGRADE_INSECURE_REQUESTS"] = "upgrade-insecure-requests";
     Directive["BLOCK_ALL_MIXED_CONTENT"] = "block-all-mixed-content";
-})(Directive || (Directive = {}));
-export { Directive };
+})(Directive || (exports.Directive = Directive = {}));

package/dist/utils.js CHANGED Viewed

@@ -1,5 +1,8 @@
-import { formatRule, isValidDirective, warnOnCspIssues, } from "./helpers";
-export const processRules = (rules) => {
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.create = exports.processRules = void 0;
+const helpers_1 = require("./helpers");
+const processRules = (rules) => {
     // Flatten and deduplicate rules
     const seen = new Set();
     for (const rule of rules) {
@@ -11,23 +14,24 @@ export const processRules = (rules) => {
             }
         }
         else {
-            seen.add(formatRule(rule));
+            seen.add((0, helpers_1.formatRule)(rule));
         }
     }
     return Array.from(seen).join(" ");
 };
+exports.processRules = processRules;
 /**
  * Creates a CSP string from a ContentSecurityPolicy object.
  * Filters out invalid directives and formats the CSP string.
  * @param obj - The ContentSecurityPolicy object.
  * @returns The formatted CSP string.
  */
-export const create = (obj, warningOptions) => {
-    warnOnCspIssues(obj, warningOptions);
+const create = (obj, warningOptions) => {
+    (0, helpers_1.warnOnCspIssues)(obj, warningOptions);
     const entries = Object.entries(obj);
     const cspString = entries
         .filter(([directive, _rules]) => {
-        const isValid = isValidDirective(directive);
+        const isValid = (0, helpers_1.isValidDirective)(directive);
         if (!isValid) {
             console.warn(`[CSPrefabricate] "${directive}" is not a valid CSP directive and has been ignored.`);
         }
@@ -38,10 +42,11 @@ export const create = (obj, warningOptions) => {
             // Filter out non-string/object values at runtime
             const filtered = rules.filter((r) => typeof r === "string" ||
                 (typeof r === "object" && r !== null));
-            const processed = processRules(filtered);
+            const processed = (0, exports.processRules)(filtered);
             return processed ? `${directive} ${processed}` : `${directive}`;
         }
         return `${directive}`;
     });
     return cspString.length > 0 ? `${cspString.join("; ")};` : "";
 };
+exports.create = create;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "csprefabricate",
-    "version": "1.0.0",
+    "version": "2.0.0",
     "description": "Generate valid and secure Content Security Policies (CSP) with TypeScript.",
     "keywords": [
         "csp",
@@ -24,11 +24,11 @@
         "url": "https://github.com/jamestoohey"
     },
     "packageManager": "yarn@4.5.3",
-    "type": "module",
     "exports": {
         ".": {
             "types": "./dist/index.d.ts",
-            "import": "./dist/index.js"
+            "require": "./dist/index.js",
+            "default": "./dist/index.js"
         }
     },
     "main": "dist/index.js",