npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@trustyourwebsite/cookie-consent-validator

v1.1.0

Published

Verify that cookie consent banners actually work. Clicks "Reject All" and checks if tracking cookies and scripts really stop.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

dev-tywdev-tyw

Keywords

cookiecookiescookie-consentconsentconsent-managementcmpgdpreprivacyprivacytrackingweb-privacycookiebotonetrustusercentricscompliancevalidatorscannerauditorclinodejstypescriptplaywrightpuppeteerreject-all

Readme

Cookie Consent Validator

Verify that cookie consent banners actually work. Clicks "Reject All" and checks if tracking cookies and scripts really stop.

npm version License: MIT CI

Built by TrustYourWebsite — automated website compliance scanning for EU businesses.

Why?

Under GDPR and the Dutch Telecommunicatiewet, websites must stop all non-essential tracking when users reject cookies. The Dutch Data Protection Authority (AP) has fined companies like Kruidvat (€600K) and Coolblue (€40K) for non-compliant cookie banners, and has warned 200+ organizations in 2025.

Most cookie banners look compliant but aren't — tracking continues after clicking "Reject All". This tool catches that.

Quick Start

# Run directly with npx (no install needed)
npx @trustyourwebsite/cookie-consent-validator https://example.com

# Or install globally
npm install -g @trustyourwebsite/cookie-consent-validator
cookie-consent-validator https://example.com

CLI Options

cookie-consent-validator <url> [options]

Options:
  --format <format>         Output format: json, text, table (default: table)
  --timeout <ms>            Page load timeout in ms (default: 30000)
  --wait-after-reject <ms>  Wait time after clicking reject (default: 3000)
  --screenshot              Save before/after screenshots
  --output, -o <file>       Save report to file
  --verbose, -v             Show debug output
  --help, -h                Show help
  --version                 Show version

Examples

# Basic scan
cookie-consent-validator https://example.com

# JSON output for CI/CD
cookie-consent-validator https://example.com --format json

# Save report and screenshots
cookie-consent-validator https://example.com --screenshot --output report.json

# Verbose mode for debugging
cookie-consent-validator https://example.com --verbose

Example Output

Cookie Consent Validation Report
================================
URL:             https://example.com
CMP Detected:    Cookiebot
Reject Button:   Found and clicked

Cookies Before Reject: 12
Cookies After Reject:  8
Tracking Cookies After: 3  ← VIOLATIONS

VIOLATIONS:
  ✗ _ga (.google-analytics.com) — Google Analytics cookie persists after rejection
  ✗ _fbp (.facebook.com) — Facebook cookie persists after rejection
  ✗ _gcl_au (.example.com) — Google Ads cookie persists after rejection

Tracker Requests After Reject: 2
  ✗ www.google-analytics.com — Google Analytics request fired after rejection
  ✗ connect.facebook.net — Facebook Pixel request fired after rejection

Result: FAIL — 5 violations found

Full scan with remediation advice → https://trustyourwebsite.nl

Use as a Library

import { validateConsent } from '@trustyourwebsite/cookie-consent-validator';

const result = await validateConsent('https://example.com', {
  timeout: 10000,
  waitAfterReject: 3000,
  screenshot: true,
});

console.log(result.cmpDetected);       // 'Cookiebot'
console.log(result.rejectButtonFound);  // true
console.log(result.rejectButtonClicked); // true
console.log(result.violations);         // [...violations]
console.log(result.passed);             // false

Use in CI/CD

Exit code 0 = pass, 1 = violations found, 2 = error.

GitHub Actions

- name: Check cookie consent compliance
  run: npx @trustyourwebsite/cookie-consent-validator https://your-site.com --format json --output consent-report.json

- name: Upload report
  if: always()
  uses: actions/upload-artifact@v4
  with:
    name: consent-report
    path: consent-report.json

Supported CMPs

| CMP | Detection | Reject Button | |-----|-----------|---------------| | Cookiebot | #CybotCookiebotDialog | #CybotCookiebotDialogBodyLevelButtonLevelOptinDeclineAll | | OneTrust | #onetrust-banner-sdk | #onetrust-reject-all-handler | | Quantcast | #qc-cmp2-container | button[mode="secondary"] | | Didomi | #didomi-notice | #didomi-notice-disagree-button | | Osano | .osano-cm-window | .osano-cm-deny | | Complianz | .cmplz-cookiebanner | .cmplz-deny | | CookieYes | .cky-consent-container | .cky-btn-reject | | Iubenda | .iubenda-cs-container | .iubenda-cs-reject-btn | | Borlabs Cookie | #BorlabsCookieBox | [data-cookie-refuse] | | TrustArc | #truste-consent-banner | .truste-consent-required | | CookieFirst | #cookiefirst-root | [data-cookiefirst-action="reject"] | | Custom/Generic | Text-based detection | Multilingual button text matching |

Generic detection supports 13 languages: English, Dutch, German, French, Italian, Spanish, Portuguese, Polish, Swedish, Danish, Norwegian, Finnish, and Czech.

What It Checks

  1. Cookie persistence — Tracking cookies (Google Analytics, Facebook, Hotjar, etc.) that remain set after clicking "Reject All"
  2. Tracker requests — Network requests to known tracking domains that fire after rejection
  3. CMP detection — Identifies which consent management platform is in use
  4. Reject button — Whether a "Reject All" button exists and is clickable

Full Website Compliance Scan

This tool checks cookie consent only. For a complete compliance scan covering GDPR, accessibility, security headers, copyright, and more:

TrustYourWebsite.nl — Automated compliance scanning for European businesses

Related

Contributing

Contributions welcome! Please open an issue first to discuss what you'd like to change.

git clone https://github.com/trustyourwebsite/cookie-consent-validator.git
cd cookie-consent-validator
npm install
npm test
npm run build

License

MIT — built by TrustYourWebsite