@equinor/roma-nx-plugin
v6.2.0
Published
This library was generated with [Nx](https://nx.dev).
Readme
roma
This library was generated with Nx.
Building
Run nx build roma to build the library.
Running unit tests
Run nx test roma to execute the unit tests via Jest.
CSP check
The serve and build executors run a static Content-Security-Policy check that warns
when an app references an external resource that would be blocked in production by the
workbench CSP. It scans first-party modules for external http(s)/ws(s) URLs used in:
import/ dynamicimport()/ side-effect imports →script-srcfetch/WebSocket/EventSource→connect-src- CSS
url(...)→img-src(orfont-srcfor font files) - CSS
@import→style-src
Each URL's origin is compared against the relevant CSP directive (falling back to
default-src). Violations are logged as warnings — the check never fails the build.
Plain string-literal URLs (e.g. link hrefs) are intentionally ignored, since CSP fetch
directives do not block them.
Source of truth
The CSP is the one defined in apps/workbench/public/staticwebapp.config.json. Because
that file is not part of the published plugin, a snapshot is bundled at
src/executors/utils/csp/data/generated-csp.json. Refresh it whenever the workbench CSP
changes:
nx run roma:generate-cspThe check is disabled automatically (no warnings) if the bundled snapshot is missing or unparseable.
