CSP Toolkit

This project was birthed from Vite Plugin CSP Guard and it actually houses generic CSP logic.

The Goal

This Toolkit package is a stepping stone in order to bring support to other frameworks, bundlers, etc. I'll be writing guides for each major framework and bundler out there.

Installation

npm install -D csp-toolkit

Usage

import { CSPPolicy } from "csp-toolkit" // A type to be used for your CSPPolicy object when declaring one

import { CSPKeys } from "csp-toolkit" // Import all typed CSP directives
 
// Import grouped typed CSP directives
import { FetchDirectives, DocumentDirectives, NavigationDirectives, ReportingDirectives, OtherDirectives, DeprecatedDirectives } from "csp-toolkit"

import { mergePolicies } from "csp-toolkit" // A function to merge 2 objects of type CSPPolicy

import { policyToString } from "csp-toolkit" // A function that returns a string from an object of type CSPPolicy

import { generateHash } from "csp-toolkit/node" // Generates a hash from a string, you can specify the algorithm

import { generateNonce } from "csp-toolkit/node" // Generates a nonce for you to use for node.js environments

import { generateNonce } from "csp-toolkit/edge" // Generates a nonce for you to use for edge environments

More docs and functions coming soon!

Last updated on March 25, 2025

Express