csp-doctor

v0.1.1npm· JavaScript

Lint a Content-Security-Policy for XSS holes — locally, no website. Flags 'unsafe-inline', 'unsafe-eval', wildcards, missing object-src/base-uri/frame-ancestors, and allowlisted hosts known to bypass CSP (JSONP/AngularJS) — nonce/hash/strict-dynamic aware

The verdict

Maintained. Maintained, actively maintained.

Live from the npm registry · derived rules, not AI

How it scores

MaintenanceHealthy

PopularityUnknown

SecurityClean

LicensePermissive

DepsLean

Maintenance

Last published this month.

Popularity

Download count unavailable.

Security

No known advisories for this version (OSV).

License

MIT

Dependencies

2 direct dependencies

Recent releases

0.1.1this month
0.1.0this month