Gathering detailed insights and metrics for @scaleway/cookie-consent
Gathering detailed insights and metrics for @scaleway/cookie-consent
scaleway-lib is a set of NPM packages used at Scaleway
Installations
npm install @scaleway/cookie-consentDeveloper Guide
BETA
Typescript
Yes
Module System
ESM
Node Version
20.19.2
NPM Version
10.8.2
Releases
945
@scaleway/cookie-consent@2.0.11
@scaleway/cookie-consent@2.0.11
Updated on Jul 02, 2025
@scaleway/use-analytics@0.0.8
@scaleway/use-analytics@0.0.8
Updated on Jun 30, 2025
@scaleway/use-analytics@0.0.7
@scaleway/use-analytics@0.0.7
Updated on Jun 26, 2025
@scaleway/use-analytics@0.0.6
@scaleway/use-analytics@0.0.6
Updated on Jun 25, 2025
@scaleway/use-analytics@0.0.5
@scaleway/use-analytics@0.0.5
Updated on Jun 25, 2025
@scaleway/use-analytics@0.0.4
@scaleway/use-analytics@0.0.4
Updated on Jun 24, 2025
Languages
3
TypeScript
JavaScript
Python
TypeScript (91.6%)
JavaScript (8.08%)
Python (0.32%)
Developer
scaleway
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
29 Stars
3,062 Commits
11 Forks
11 Watchers
36 Branches
41 Contributors
Updated on Jul 11, 2025
Maintainers
9
Package Meta Information
Latest Version
2.0.11
Package Id
@scaleway/cookie-consent@2.0.11
Unpacked Size
29.55 kB
Size
7.29 kB
File Count
26
NPM Version
10.8.2
Node Version
20.19.2
Published on
Jul 02, 2025
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Peer Dependencies
2
Dev Dependencies
2
@scaleway/cookie-consent
This package is an helper to handle cookie consents with Segment integrations. It will handle the cookie consent for each categories.
This package does not contain design element to display a cookie consent modal, it only handle the storage and the init of cookie consent in a React provider.
QuickStart
In order to use it, first you need to provide a context at the top level of your application
1import { PropsWithChildren } from 'react' 2 3const MyApp = ({ children }: PropsWithChildren) => { 4 return ( 5 <CookieConsentProvider 6 isConsentRequired // Switch off consents if not defined (usefull for E2E testing) 7 essentialIntegrations={[]} // List of mandatory integrations 8 config={{ 9 segment, // Segment configuration used to get dynamically the integration used 10 }} 11 // not required 12 cookiePrefix="_scw_rgpd" // default value 13 consentMaxAge={13 * 30 * 24 * 60 * 60} // default value (appx 13 months) 14 consentAdvertisingMaxAge={6 * 30 * 24 * 60 * 60} // default value (appx 6 months) 15 cookiesOptions={{ sameSite: 'strict', secure: true, path: '/' }} // default value 16 > 17 {children} 18 </CookieConsentProvider> 19 ) 20}
Then in your cookie modal component you could simply use exposed hook to get and modify consents
1export function PanelConsent() { 2 const { saveConsent, categoriesConsent } = useCookieConsent() 3 4 const setAllConsents = ({ 5 categoriesConsent, 6 value, 7 }: { 8 categoriesConsent: Partial<Consent> 9 value: boolean 10 }) => 11 Object.keys(categoriesConsent).reduce( 12 (acc, category) => ({ ...acc, [category]: value }), 13 {}, 14 ) 15 16 const handleClick = (consentForAll: boolean) => () => { 17 saveConsent(setAllConsents({ categoriesConsent, value: consentForAll })) 18 } 19 20 const onAgreeAll = handleClick(true) 21 22 const onReject = handleClick(false) 23 24 return ( 25 <div className={styles.consent}> 26 <div>Do you accept consents ?</div> 27 <div> 28 <Button onClick={onAgreeAll} autoFocus> 29 Accept 30 </Button> 31 <Button onClick={onReject}>Decline</Button> 32 </div> 33 </div> 34 ) 35}
Segment Consent Middleware
As it's necessary now to have a consent management. https://segment.com/docs/privacy/consent-management/configure-consent-management/
you will have the possibility to add the SegmentConsentMiddleware, be aware that there is a dependency with SegmenttProvider.
User flow
1flowchart TD 2 Z[Application boot] -..-> A 3 subgraph "Cookie Consent booting" 4 A[First user navigation in app] --> B{isConsentRequired} 5 B --> |false| C[do nothing with cookies] 6 B --> |true| D[Fetch segment integrations configuration] 7 D --> E[Generate hash of integration and define required consent categories depending on integration] 8 E -..->F[Set needConsent to true] 9 end 10 subgraph "Consent storage" 11 F -..-> | | G[/User saveConsent with categories/] 12 G --> H[Hash of integration is stored in _scw_rgpd_hash cookie with storage of 6 months] 13 G --> I[_scw_rgpd_$category$ cookie is stored for each accepted cookie consent category, 6 months for ad consent, 13 month for others] 14 H & I --> J[needConsent is set to false] 15 end 16 subgraph "User come back on website in futur (within cookie duration)" 17 J -..-> K[Application boot] 18 K -..-> L[Check value fo cookies _scw_rgpd_hash and _scw_rgpd_$categorie$] 19 L --> M[Load in context accepted categories] 20 end 21 subgraph "User come back after 6 months" 22 J -...-> N[Application boot] 23 N -..-> O[Check value fo cookies _scw_rgpd_hash and _scw_rgpd_$categorie$] 24 O --> B 25 end
How to contribute ?
Prerequisites
$ cd packages/cookie-consent
Start
1$ pnpm build # Build the package 2$ pnpm watch # Build the package and watch for changes
No vulnerabilities found.
Reason
30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: MIT License: LICENSE.md:0
Reason
4 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-q5j8-9m9g-x2jh
Reason
Found 0/5 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/changesets-renovate.yml:1
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/pull_request_title.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/changesets-renovate.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/scaleway/scaleway-lib/changesets-renovate.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/changesets-renovate.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/scaleway/scaleway-lib/changesets-renovate.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/scaleway/scaleway-lib/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/scaleway/scaleway-lib/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/scaleway/scaleway-lib/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/scaleway/scaleway-lib/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/scaleway/scaleway-lib/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/scaleway/scaleway-lib/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/scaleway/scaleway-lib/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/scaleway/scaleway-lib/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/scaleway/scaleway-lib/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/scaleway/scaleway-lib/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/scaleway/scaleway-lib/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/scaleway/scaleway-lib/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/scaleway/scaleway-lib/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull_request_title.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/scaleway/scaleway-lib/pull_request_title.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pull_request_title.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/scaleway/scaleway-lib/pull_request_title.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull_request_title.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/scaleway/scaleway-lib/pull_request_title.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/scaleway/scaleway-lib/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/scaleway/scaleway-lib/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/scaleway/scaleway-lib/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/scaleway/scaleway-lib/release.yml/main?enable=pin
- Info: 0 out of 13 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 9 third-party GitHubAction dependencies pinned
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 29 are checked with a SAST tool
Score
4.4
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More