npm
Sign UpSign In

This package has been deprecated

Author message:

Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.

inline-csp-hash

1.1.16 • Public • Published

inline-csp-hash

Build and Test CI npm version

Plugin to generate hash for inline scripts and styles for CSP.

This plugin is insipred by hash-csp, and operates mostly the same way.

Installation

npm install inline-csp-hash --save

Usage

const gulp = require('gulp');
const hashstream = require('inline-csp-hash');

gulp.task('inline-hash', () => {
  return gulp.src('src/*.html')
    .pipe(hashstream({
      what: 'script',
      replace_cb: (s, hashes) => s.replace(/script-src 'self'[^;]*/, "script-src 'self' " + hashes.join(" "))
    }))
    .pipe(hashstream({
      what: 'style',
      replace_cb: (s, hashes) => s.replace(/style-src 'self'[^;]*/, "style-src 'self' " + hashes.join(" "))
    }))
    .pipe(gulp.dest('dist/'))
  ;
});

Options

  • what: script (default) or style: which tags to process (scripts and styles are processed separately because they are controlled by different CSP directives: script-src and style-src)
  • hash: sha256 (default), sha384, or sha512: hash algorithm to use. SHA family is the only one according to the specification
  • replace_cb: callback to inject gathered hashes into the source file

Tests

Have mocha installed and run npm test

Readme

Keywords

Package Sidebar

Install

npm i inline-csp-hash

Repository

github.com/sjinks/inline-csp-hash.it

Homepage

github.com/sjinks/inline-csp-hash.it#readme

Weekly Downloads

273

Version

1.1.16

License

MIT

Unpacked Size

4.57 kB

Total Files

4

Last publish

Collaborators

  • wwa
Try on RunKit
Report malware