@power-seo/tracking

Consent-aware analytics script builders and GDPR consent management for TypeScript — GA4, Microsoft Clarity, PostHog, Plausible, and Fathom with a unified shouldLoad(consentState) API and React components.

@power-seo/tracking is a consent-aware analytics toolkit for TypeScript. Build typed script configs for five analytics platforms, manage GDPR consent state with a reactive store, and render consent-gated script tags and a cookie banner via drop-in React components. Every ScriptConfig exposes shouldLoad(consentState) — scripts never load without the correct consent category. The consent manager defaults to necessary: true and all other categories to false, satisfying GDPR opt-in requirements out of the box. Five typed API clients let you query GA4, Clarity, PostHog, Plausible, and Fathom data server-side for custom reporting and dashboards.

Zero runtime dependencies — pure TypeScript with an optional React 18+ peer dependency for the <AnalyticsScript> and <ConsentBanner> components.

Why @power-seo/tracking?

| | Without | With | | ----------------- | ---------------------------------------------- | --------------------------------------------------------- | | GDPR consent | ❌ Scripts load unconditionally in <head> | ✅ shouldLoad(consentState) gates every script | | Consent manager | ❌ Custom UI state per project | ✅ createConsentManager() with typed categories | | Multi-provider | ❌ Different init code per analytics platform | ✅ One API for GA4, Clarity, PostHog, Plausible, Fathom | | React integration | ❌ Manual <script> injection in layout | ✅ <AnalyticsScript> and <ConsentBanner> drop-in | | API data access | ❌ Platform-specific SDK research per provider | ✅ Typed clients for all 5 providers | | Performance | ❌ Scripts block LCP before user interaction | ✅ Lazy loading strategy prevents render blocking | | TypeScript | ❌ Loose config objects with no type checking | ✅ Typed ScriptConfig, ConsentState, ConsentManager |

Features

• Script builders for 5 platforms — buildGA4Script (2 script tags), buildClarityScript, buildPostHogScript, buildPlausibleScript, buildFathomScript
• Consent-aware loading — every ScriptConfig exposes shouldLoad(consentState) — scripts never load without the right consent category
• Consent manager — createConsentManager() returns a typed store with grant(), revoke(), grantAll(), revokeAll(), getState(), and onChange() subscription
• GDPR-friendly defaults — necessary consent is always true and cannot be revoked; analytics, marketing, preferences default to false
• React components — <AnalyticsScript> renders only consented scripts; <ConsentBanner> is a ready-to-use GDPR cookie banner
• GA4 Data API client — createGA4Client() queries reports, real-time data, and metadata
• Clarity API client — createClarityClient() fetches projects, session insights, and heatmap data
• PostHog API client — createPostHogClient() queries events, trends, funnels, and persons
• Plausible Stats API client — createPlausibleClient() fetches timeseries, breakdowns, and aggregate stats
• Fathom API client — createFathomClient() fetches sites, pageviews, and referrer data
• Framework-agnostic — script builders and consent manager work in Next.js, Remix, Vite, Vanilla JS, and Edge runtimes
• Full TypeScript support — typed config interfaces, consent state, and response shapes for every provider
• Tree-shakeable — import only the providers you use; zero dead code in your bundle

Comparison

| Feature | @next/third-parties | partytown | cookiebot | @power-seo/tracking | | ---------------------------- | :-----------------: | :-------: | :-------: | :-----------------: | | Typed script builders | ❌ | ❌ | ❌ | ✅ | | Consent-aware shouldLoad() | ❌ | ❌ | ✅ | ✅ | | Built-in consent manager | ❌ | ❌ | ✅ (paid) | ✅ | | Analytics API clients | ❌ | ❌ | ❌ | ✅ | | 5-provider support | ⚠️ | ⚠️ | ✅ | ✅ | | Zero runtime dependencies | ✅ | ✅ | ❌ | ✅ | | TypeScript-first | ❌ | ❌ | ❌ | ✅ | | React components | ⚠️ | ❌ | ✅ | ✅ |

Installation

npm install @power-seo/tracking

yarn add @power-seo/tracking

pnpm add @power-seo/tracking

For React components, React 18+ is required as a peer dependency.

Quick Start

import { createConsentManager, buildGA4Script, buildPlausibleScript } from '@power-seo/tracking';

// 1. Create consent manager — analytics off by default (GDPR opt-in)
const consent = createConsentManager({
  necessary: true,
  analytics: false,
  marketing: false,
  preferences: false,
});

// 2. Build script configs for your providers
const scripts = [
  ...buildGA4Script({ measurementId: 'G-XXXXXXX' }),
  buildPlausibleScript({ domain: 'example.com' }),
];

// 3. Only load scripts where consent matches
const toLoad = scripts.filter((s) => s.shouldLoad(consent.getState()));
// toLoad → [] until analytics consent is granted

// 4. Grant consent (e.g. after user clicks "Accept All")
consent.grantAll();
const nowToLoad = scripts.filter((s) => s.shouldLoad(consent.getState()));
// nowToLoad → [GA4Script1, GA4Script2, PlausibleScript]

Usage

Script Builders

import {
  buildGA4Script,
  buildClarityScript,
  buildPostHogScript,
  buildPlausibleScript,
  buildFathomScript,
} from '@power-seo/tracking';

const scripts = [
  ...buildGA4Script({ measurementId: 'G-XXXXXXX' }), // returns ScriptConfig[]
  buildClarityScript({ projectId: 'abc123' }),
  buildPostHogScript({ apiKey: 'phc_xxx', apiHost: 'https://app.posthog.com' }),
  buildPlausibleScript({ domain: 'example.com' }),
  buildFathomScript({ siteId: 'ABCDEFGH' }),
];

Consent Manager

import { createConsentManager } from '@power-seo/tracking';

const consent = createConsentManager({ necessary: true, analytics: false });

// Grant/revoke individual categories
consent.grant('analytics');
consent.revoke('marketing');

// Grant or revoke all non-necessary categories
consent.grantAll();
consent.revokeAll();

// Read current state
const state = consent.getState();
// { necessary: true, analytics: true, marketing: false, preferences: false }

// Subscribe to changes — returns unsubscribe function
const unsubscribe = consent.onChange((newState) => {
  console.log('Consent changed:', newState);
});

React — AnalyticsScript

'use client';

import { AnalyticsScript } from '@power-seo/tracking/react';
import { buildGA4Script, createConsentManager } from '@power-seo/tracking';

const consent = createConsentManager({ necessary: true, analytics: false });
const scripts = buildGA4Script({ measurementId: 'G-XXXXXXX' });

export default function Layout({ children }: { children: React.ReactNode }) {
  return (
    <html>
      <head>
        <AnalyticsScript scripts={scripts} consent={consent.getState()} />
      </head>
      <body>{children}</body>
    </html>
  );
}

React — ConsentBanner

'use client';

import { ConsentBanner } from '@power-seo/tracking/react';
import { createConsentManager } from '@power-seo/tracking';

const consent = createConsentManager({ necessary: true, analytics: false });

export function CookieBanner() {
  return <ConsentBanner manager={consent} privacyPolicyUrl="/privacy-policy" />;
}

Analytics API Clients

import { createGA4Client, createPlausibleClient } from '@power-seo/tracking';

// Query GA4 reports
const ga4 = createGA4Client(process.env.GA4_ACCESS_TOKEN!);

// Query Plausible stats
const plausible = createPlausibleClient(process.env.PLAUSIBLE_API_KEY!);

const stats = await plausible.getAggregate('your-site-id', '7d');
console.log(stats.visitors, stats.pageviews);

Reactive Consent Loading (Next.js App Router)

'use client';

import { useEffect, useState } from 'react';
import { createConsentManager, buildGA4Script } from '@power-seo/tracking';

const consent = createConsentManager({ necessary: true, analytics: false });
const scripts = buildGA4Script({ measurementId: 'G-XXXXXXX' });

export function AnalyticsLoader() {
  const [state, setState] = useState(consent.getState());

  useEffect(() => {
    return consent.onChange(setState);
  }, []);

  const toLoad = scripts.filter((s) => s.shouldLoad(state));
  // inject toLoad scripts into document.head
  return null;
}

API Reference

Script Builders

| Function | Config Props | Returns | Description | | ---------------------- | --------------------------- | ---------------- | ---------------------------------- | | buildGA4Script | { measurementId } | ScriptConfig[] | Google Analytics 4 (2 script tags) | | buildClarityScript | { projectId } | ScriptConfig | Microsoft Clarity | | buildPostHogScript | { apiKey, apiHost? } | ScriptConfig | PostHog | | buildPlausibleScript | { domain, customDomain? } | ScriptConfig | Plausible Analytics | | buildFathomScript | { siteId } | ScriptConfig | Fathom Analytics |

ScriptConfig

| Prop | Type | Description | | ----------------- | ------------------------------------- | -------------------------------------- | | id | string | Unique script identifier | | src | string \| undefined | External script URL | | innerHTML | string \| undefined | Inline JavaScript content | | async | boolean \| undefined | Load asynchronously | | defer | boolean \| undefined | Defer execution | | consentCategory | ConsentCategory | Required consent category for loading | | attributes | Record<string, string> \| undefined | Additional script attributes | | shouldLoad | (consent: ConsentState) => boolean | Returns true if this script may load |

createConsentManager(initialState)

| Method | Signature | Description | | ----------- | ------------------------------------------- | ----------------------------------------- | | grant | (category: ConsentCategory) => void | Grant a consent category | | revoke | (category: ConsentCategory) => void | Revoke a consent category | | grantAll | () => void | Grant all non-necessary categories | | revokeAll | () => void | Revoke all non-necessary categories | | getState | () => ConsentState | Get the current consent snapshot | | isGranted | (category: ConsentCategory) => boolean | Check if a category is granted | | onChange | (cb: ConsentChangeCallback) => () => void | Subscribe to changes; returns unsubscribe |

API Clients

| Function | Parameters | Returns | Description | | ----------------------- | --------------------------------- | ----------------- | --------------------------- | | createGA4Client | (accessToken: string) | GA4Client | Google Analytics 4 Data API | | createClarityClient | (apiKey: string) | ClarityClient | Microsoft Clarity API | | createPostHogClient | (apiKey: string, host?: string) | PostHogClient | PostHog API | | createPlausibleClient | (apiKey: string) | PlausibleClient | Plausible Stats API | | createFathomClient | (apiKey: string) | FathomClient | Fathom Analytics API |

React Components

| Component | Props | Description | | ------------------- | -------------------------------------------------------- | ------------------------------------------------------- | | <AnalyticsScript> | { scripts: ScriptConfig[], consent: ConsentState } | Renders <script> tags that pass shouldLoad(consent) | | <ConsentBanner> | { manager: ConsentManager, privacyPolicyUrl?: string } | GDPR cookie consent banner with Accept All / Reject All |

Types

| Type | Description | | ----------------------- | ------------------------------------------------------------------------------------ | | ConsentCategory | 'necessary' \| 'analytics' \| 'marketing' \| 'preferences' | | ConsentState | { necessary, analytics, marketing, preferences } all boolean | | ConsentManager | Store with grant/revoke/grantAll/revokeAll/getState/isGranted/onChange | | ConsentChangeCallback | (state: ConsentState) => void | | ScriptConfig | { id, src?, innerHTML?, async?, defer?, consentCategory, attributes?, shouldLoad } | | GA4Config | { measurementId, consentModeV2?, anonymizeIp?, sendPageView? } | | GA4ReportRequest | { startDate, endDate, metrics, dimensions?, limit? } | | GA4ReportResponse | { rows, rowCount, metadata? } | | GA4Client | Methods: queryReport, getRealtimeReport, getMetadata | | ClarityConfig | { projectId: string } | | ClarityClient | Methods: getProjects, getInsights, getHeatmapData | | PostHogConfig | { apiKey: string, host?: string } | | PostHogClient | Methods: queryEvents, getTrends, getFunnels | | PlausibleConfig | { domain: string, selfHostedUrl?: string } | | PlausibleClient | Methods: getTimeseries, getBreakdown, getAggregate | | FathomConfig | { siteId: string } | | FathomClient | Methods: getSites, getPageviews, getReferrers |

Use Cases

• GDPR-compliant web apps — load analytics scripts only after the user grants consent
• SaaS marketing sites — track user behavior with GA4 while respecting privacy regulations
• E-commerce stores — Clarity session recordings for UX optimization with a consent gate
• Multi-provider analytics — run GA4 + Plausible + PostHog side-by-side for data validation
• Privacy-first apps — Plausible or Fathom as cookieless, GDPR-compliant alternatives to GA4
• Analytics dashboards — query GA4, Plausible, or Fathom APIs server-side for custom reporting
• A/B testing pipelines — PostHog feature flags and event tracking with consent management
• Enterprise compliance — full audit trail of when consent was granted per category

Architecture Overview

• Pure TypeScript — no compiled binary, no native modules
• Consent-first design — shouldLoad(consentState) is evaluated before any script tag is created
• GDPR defaults — necessary: true always; analytics, marketing, preferences default to false
• SSR-safe builders — script configs are generated server-side; consent is evaluated client-side
• Edge-compatible — script builders and consent manager have no Node.js-specific APIs; runs in Cloudflare Workers, Vercel Edge, Deno
• Optional React peer — <AnalyticsScript> and <ConsentBanner> require React 18+; all other exports are framework-agnostic
• Dual ESM + CJS — ships both formats via tsup for any bundler or require() usage
• Zero runtime dependencies — pure TypeScript; optional React peer dependency only

Supply Chain Security

• No install scripts (postinstall, preinstall)
• No runtime network access outside of analytics API calls
• No eval or dynamic code execution
• CI-signed builds — all releases published via verified github.com/CyberCraftBD/power-seo workflow
• Safe for SSR, Edge, and browser environments

The @power-seo Ecosystem

All 17 packages are independently installable — use only what you need.

| Package | Install | Description | | ------------------------------------------------------------------------------------------ | ----------------------------------- | ----------------------------------------------------------------------- | | @power-seo/core | npm i @power-seo/core | Framework-agnostic utilities, types, validators, and constants | | @power-seo/react | npm i @power-seo/react | React SEO components — meta, Open Graph, Twitter Card, breadcrumbs | | @power-seo/meta | npm i @power-seo/meta | SSR meta helpers for Next.js App Router, Remix v2, and generic SSR | | @power-seo/schema | npm i @power-seo/schema | Type-safe JSON-LD structured data — 23 builders + 22 React components | | @power-seo/content-analysis | npm i @power-seo/content-analysis | Yoast-style SEO content scoring engine with React components | | @power-seo/readability | npm i @power-seo/readability | Readability scoring — Flesch-Kincaid, Gunning Fog, Coleman-Liau, ARI | | @power-seo/preview | npm i @power-seo/preview | SERP, Open Graph, and Twitter/X Card preview generators | | @power-seo/sitemap | npm i @power-seo/sitemap | XML sitemap generation, streaming, index splitting, and validation | | @power-seo/redirects | npm i @power-seo/redirects | Redirect engine with Next.js, Remix, and Express adapters | | @power-seo/links | npm i @power-seo/links | Link graph analysis — orphan detection, suggestions, equity scoring | | @power-seo/audit | npm i @power-seo/audit | Full SEO audit engine — meta, content, structure, performance rules | | @power-seo/images | npm i @power-seo/images | Image SEO — alt text, lazy loading, format analysis, image sitemaps | | @power-seo/ai | npm i @power-seo/ai | LLM-agnostic AI prompt templates and parsers for SEO tasks | | @power-seo/analytics | npm i @power-seo/analytics | Merge GSC + audit data, trend analysis, ranking insights, dashboard | | @power-seo/search-console | npm i @power-seo/search-console | Google Search Console API — OAuth2, service account, URL inspection | | @power-seo/integrations | npm i @power-seo/integrations | Semrush and Ahrefs API clients with rate limiting and pagination | | @power-seo/tracking | npm i @power-seo/tracking | GA4, Clarity, PostHog, Plausible, Fathom — scripts + consent management |

About CyberCraft Bangladesh

CyberCraft Bangladesh is a Bangladesh-based enterprise-grade software development and Full Stack SEO service provider company specializing in ERP system development, AI-powered SaaS and business applications, full-stack SEO services, custom website development, and scalable eCommerce platforms. We design and develop intelligent, automation-driven SaaS and enterprise solutions that help startups, SMEs, NGOs, educational institutes, and large organizations streamline operations, enhance digital visibility, and accelerate growth through modern cloud-native technologies.

© 2026 CyberCraft Bangladesh · Released under the MIT License