npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

nuxt-csp-report

v1.0.0

Published

A Nuxt module for collecting, normalizing, and persisting Content Security Policy reports

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

gonzo17gonzo17

Keywords

nuxtsecuritycspcontent-security-policycontent-security-policy-reportreport-toreport-uri

Readme

Nuxt CSP Report

npm version npm downloads License Nuxt

A Nuxt module for collecting, normalizing, and persisting Content Security Policy (CSP) reports.

Compatibility: Nuxt 3 (3.12.0 and newer) and Nuxt 4.

✨ Release Notes

What is CSP and CSP reports?

The CSP is a HTTP response header that allows you to control which resources a document is allowed to load. For example setting Content-Security-Policy: script-src example.com; will prevent any script tag from loading a source that is not from example.com. Any violation will be logged in the console of the browser. Additionally, a reporting endpoint can be set in the CSP header where the browser will send the CSP report to.

Once you decide to secure your website with CSP, you most likely want to analyze on production if your CSP headers are configured properly. That can be tricky the more external resources are loaded. Especially dynamically loaded scripts, e.g. depending on your country or your consent, are not always the same for every user. That's where the CSP reports are helpful, because they show the real CSP violations that users experience in their browsers.

Features

  • 📋 Registers a POST endpoint for CSP reports
  • 📡 Adds the Reporting-Endpoints header to your responses for report-to support
  • 🔄 Supports both legacy report-uri and report-to format reports
  • ✅ Validates and normalizes reports with Zod
  • 💾 Persists reports via unstorage
  • 📝 Full TypeScript support with proper type exports

Quick Setup

Install the module to your Nuxt application:

npm install nuxt-csp-report

Add it to your nuxt.config.ts:

export default defineNuxtConfig({
  modules: ['nuxt-csp-report'],
  cspReport: {
    //  Module options
  },
})

Examples

Usage

The module is ready to go with the defaults. In most use cases simple logs are sufficient. If you want to analyze CSP reports, you can use the storage option to persist the reports in a KV store.

nuxt-security

The Content Security Policy is set through specific headers. You can handle that yourself with Nuxt/Nitro, but I highly recommend using nuxt-security. Here is a minimal example of how to use the two moduls in combination:

export default defineNuxtConfig({
  modules: ['nuxt-security', 'nuxt-csp-report'],
  security: {
    headers: {
      contentSecurityPolicy: {
        'report-uri': '/api/csp-report',
        // your CSP headers
      },
    },
  },
})

Advanced: Access reports

Depending on your use case you might want to access the CSP reports. You can do that with useStorage:

export default defineNuxtConfig({
  modules: ['nuxt-csp-report'],
  cspReport: {
    storage: {
      driver: {
        name: 'redis',
        options: {
          // Your redis configuration
        }
      }
    },
  },
})
import  { type NormalizedCspReport } from 'nuxt-csp-report'

const storage = useStorage<NormalizedCspReport>('csp-report-storage')

Options

endpoint

  • Type: string
  • Default: /api/csp-report
  • Description: Optional. Path for the CSP report endpoint.

reportingEndpointsHeader

  • Type: boolean
  • Default: false
  • Description: Optional. Adds the Reporting-Endpoints header to your HTML responses, using 'csp-endpoint' as the key and endpoint from the configuration as the value. This header is needed if you want to use report-to csp-endpoint in your CSP configuration.

console

  • Type: 'summary' | 'full' | false
  • Default: 'summary'
  • Description: Optional. Log reports to console on server. 'full' will print the NormalizedCspReport object.

storage

  • Type: See fields below.
  • Description: Optional. Sets up a storage using unstorage, which is part of Nitro and Nuxt.

storage.driver

  • Type: BuiltinDriverOptions
  • Description: Defines the driver from unstorage. You can use the same notation and drivers as in Nuxt:
    • https://nuxt.com/docs/4.x/directory-structure/server#server-storage
    • https://nitro.build/guide/storage
    • https://unstorage.unjs.io/drivers

storage.keyPrefix

  • Type: string
  • Default: csp-report
  • Description: Optional. Key prefix for the stored reports.

Contribution

# Install dependencies
pnpm install

# Generate type stubs
pnpm dev:prepare

# Develop with the playground
pnpm dev

# Build the playground
pnpm dev:build

# Run ESLint
pnpm lint

# Run Vitest
pnpm test
pnpm test:watch

# Build the module
pnpm prepack

# Release new version
pnpm release