Gathering detailed insights and metrics for hwp-csp-plugin
Gathering detailed insights and metrics for hwp-csp-plugin
Gathering detailed insights and metrics for hwp-csp-plugin
Gathering detailed insights and metrics for hwp-csp-plugin
npm install hwp-csp-plugin
Typescript
Module System
Node Version
NPM Version
63.6
Supply Chain
75.9
Quality
77
Maintenance
100
Vulnerability
99.6
License
TypeScript (91.28%)
HTML (7.06%)
JavaScript (1.66%)
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
MIT License
2 Stars
1,108 Commits
1 Forks
3 Watchers
1 Branches
3 Contributors
Updated on Jul 11, 2025
Latest Version
2.2.1
Package Id
hwp-csp-plugin@2.2.1
Unpacked Size
15.82 kB
Size
5.52 kB
File Count
6
NPM Version
10.8.2
Node Version
18.20.5
Published on
Dec 15, 2024
Cumulative downloads
Total Downloads
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
2
1
Plugin to add Content-Security-Policy to HTML files generated by html-webpack-plugin
It was heavily inspired by csp-html-webpack-plugin, but it operates a bit differently.
1npm i -D hwp-csp-plugin
1import { HwpCspPlugin } from 'hwp-csp-plugin'; 2 3// Webpack configuration object 4export default { 5 6 plugins: [ 7 new HtmlWebpackPlugin({ /* ... */ }), 8 new HwpCspPlugin(/* options */), 9 ], 10};
To configure the plugin, pass an object with the following keys to its constructor (all keys are optional):
enabled
(boolean
, defaults to true
): whether to enable the plugin;policy
(Record<string, string | string[]
>): Content Security Policy; keys are <directives>
, values are <values>
. Values can be a string ("'self' https:"
) or arrays (["'self'", 'https:']
)hashFunc
(one of sha256
, sha384
(default), sha512
): hash function to generate hashes of inline scripts / styles;hashEnabled
: can be either boolean
or an object with the following properties:
script
(boolean
, defaults to true
): whether to generate hashes of inline scripts;style
(boolean
, defaults to true
): whether to generate hashes of inline styles;addIntegrity
(boolean
, defaults to false
): whether to add integrity
attribute to inline scripts and styles (controlled by hashEnabled
option).html-webpack-plugin
< 4.x<meta http-equiv="Content-Security-Policy"/>
metatags. However, it could be possible to have multiple CSPs. This needs to be investigated, and if so, then this behavior should be configurable;unsafe-hashes
and script-src-attr
/ style-src-attr
.No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
license file detected
Details
Reason
SAST tool is run on all commits
Details
Reason
0 existing vulnerabilities detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
dependency not pinned by hash detected -- score normalized to 8
Details
Reason
Found 0/22 approved changesets -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
Reason
security policy file not detected
Details
Reason
branch protection not enabled on development/release branches
Details
Score
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More