webpack-csp-html-linter
TypeScript icon, indicating that this package has built-in type declarations

1.0.5 • Public • Published

webpack-csp-html-linter

A Webpack plugin designed to analyze HTML and identify potential breaches of Content Security Policy (CSP) rules. The goal is to prevent CSP violations from infiltrating your codebase during the build process. This plugin is based on the csp-html-linter package.

Install

Using npm:

npm install webpack-csp-html-linter --save-dev

Basic Usage

By default this plugin is strict, to reduce the most common XSS attack vectors.

Create a webpack.config.js configuration file and import the plugin:

import CspHtmlLinterWebpackPlugin from 'webpack-csp-html-linter';

export default {
  entry: './index.js',
  output: {
    path: path.resolve('./dist'),
    filename: 'bundle.js',
  },
  plugins: [
    new CspHtmlLinterWebpackPlugin({
      include: ['src/**/*.html']
    })
  ]
};

Advanced Usage

Create a webpack.config.js configuration file and import the plugin:

import CspHtmlLinterWebpackPlugin from 'webpack-csp-html-linter';

export default {
  entry: './index.js',
  output: {
    path: path.resolve('./dist'),
    filename: 'bundle.js',
  },
  plugins: [
    new CspHtmlLinterWebpackPlugin({
      exclude:['node_modules', 'somefolder'],
      include:['src/**/*.html', 'src/**/*.js'],
      allowInlineStyles: true,
      allowInlineJs: true,
      allowStyleTagWithoutNonce: true,
      allowScriptTagWithoutNonce: true
    })
  ]
};

The configuration above will allow all violations.

Options

See csp-html-linter package for more details.

Package Sidebar

Install

npm i webpack-csp-html-linter

Weekly Downloads

0

Version

1.0.5

License

ISC

Unpacked Size

5.65 kB

Total Files

5

Last publish

Collaborators

  • ikari101