npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

csp-logger

v0.4.0

Published

Content Security Policy Logging Service

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

naugturnaugtur

Keywords

cspsecuritycontent security policy

Readme

CSP Logger

A basic service for logging content security policy violations.

It handles saving violation reports for you. You can save logs to any SQL database or to any appender that log4js is capable of - mainly log files with rotation features and configuration. Logging to console and intercepting in your own application is supported too.

Usage

Configure your CSP to report to the /csp route of this service. Incoming reports will be logged to your designated storage.

There are multiple ways to use csp-logger

As a comand line tool

npm install -g csp-logger
csp-logger -c config.json

As a standalone app

Clone this repository and run

npm install .
node csp-logger.js -c config.json

As a module in your application

var cspLogger = require("csp-logger")("config.json"); //accepts a matching object too
   
cspLogger.interceptReport(function(report,req){
    //this runs before the report is stored
    //react to CSP reports or return a modified version 

});

Configuration

To get an example configuration file run csp-logger with following arguments: -c example.json --example Configuration is a json file containing the following:

  • store (String) - Choose a storage implementation from lib/stores, which currently gives you the choice of sql, logger, console or nil
  • domainWhitelist (Array of Strings) - A whitelist of domains that will have CSP exceptions logged.
  • sourceBlacklist (Array of Strings) - A list of sources to block from being recorded.

Store configurations:

logger

  • configuration (String) - path to log4js configuration file. Logger name is csp

sql

  • dbDialect (String) - Either mysql, sqlite or postgres.
  • dbHost (String) - SQL server hostname.
  • dbName (String) - Database name.
  • dbPort (Number) - Port number of SQL server.
  • dbUsername (String) - Username with write permissions for DB.
  • dbPassword (String) - Password.

console

Just logs with console.warn

nil

Does nothing (useful when csp-logger is used as a module)

Module API

The module returns a function accepting 3 arguments:

| configuration | required | Configure csp-logger - string path to configuration file or object matching the expected configuration | | server to use | optional | Bind it to the same port as your app - anything that can be passed as server to express().listen(server) | | testing | optional | boolean stating if you want page throwing violations to be served at / for testing |

var cspLogger = require("csp-logger")("config.json", server, true);

Intercepting violation reports

An initialized csp-logger instance exports two things:

cspLogger.Report

A report constructor. You can use it to base your implementation of report on it.

cspLogger.interceptReport

Sets a callback that will be called before each report is stored. If the callback returns a new object that implement getLog and getRaw methods - the new instance will be stored instead of the original report.

var cspLogger = require("csp-logger")("config.json");

function MyReport(report, username){
    this.report = report;
    this.username = username
}

MyReport.prototype.getLog = function(){
    var log = this.report.getLog();
    log+="\n username: "+this.username;
    return log;
};

cspLogger.interceptReport(function(report, req){
    var username = getUsername(req);
    var myReport = new MyReport(report, username);
    return myReport;
});

Overriding getRaw requires the output to match SQL schema, so all modifications should be done only to existing fields. other field (type: TEXT) is prepared for the purpose of extensions.

Testing your policies

You can try it out with any policies by running node csp-logger.js -c yourconfig.json --test as it serves test/index.html file on the root path alongside the /csp route.