VYPR
Get started
← All advisories
High severityNVD Advisory· Published Aug 12, 2025· Updated Apr 15, 2026

CVE-2025-55164

CVE-2025-55164

Description

content-security-policy-parser parses content security policy directives. A prototype pollution vulnerability exists in versions 0.5.0 and earlier, wherein if a policy name is called __proto__, one can override the Object prototype. This issue has been patched in version 0.6.0. A workaround involves disabling prototype method in NodeJS, neutralizing all possible prototype pollution attacks. Provide either --disable-proto=delete (recommended) or --disable-proto=throw as an argument to node to enable this feature.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
content-security-policy-parsernpm
< 0.6.00.6.0

Patches

2
927f922cb188

0.6.0

https://github.com/helmetjs/content-security-policy-parserEvan HahnFeb 10, 2024via osv
commit
2 files changed · +2 2
  • build-npm.ts+1 1 modified
    @@ -11,7 +11,7 @@ await build({
     name: "content-security-policy-parser",
     author: "Evan Hahn <me@evanhahn.com> (https://evanhahn.com)",
     description: "Parse Content Security Policy directives.",
-    version: "0.5.0",
+    version: "0.6.0",
     license: "MIT",
     keywords: ["security", "content", "security", "policy", "csp", "parser"],
     homepage: "https://github.com/helmetjs/content-security-policy-parser",
  • CHANGELOG.md+1 1 modified
    @@ -1,6 +1,6 @@
 # Changelog
 
-## Unreleased
+## 0.6.0 - 2024-02-10
 
 ### Changed
b13a52554f01

Parse into a `Map` instead of an object, develop with Deno

https://github.com/helmetjs/content-security-policy-parserEvan HahnFeb 10, 2024via ghsa
commit
11 files changed · +222 3108
  • build-npm.ts+34 0 added
    @@ -0,0 +1,34 @@
+import { build, emptyDir } from "https://deno.land/x/dnt@0.40.0/mod.ts";
+
+await emptyDir("./dist/npm");
+
+await build({
+  entryPoints: ["./mod.ts"],
+  outDir: "./dist/npm",
+  shims: { deno: "dev" },
+  package: {
+    name: "content-security-policy-parser",
+    author: "Evan Hahn <me@evanhahn.com> (https://evanhahn.com)",
+    description: "Parse Content Security Policy directives.",
+    version: "0.5.0",
+    license: "MIT",
+    keywords: ["security", "content", "security", "policy", "csp", "parser"],
+    homepage: "https://github.com/helmetjs/content-security-policy-parser",
+    repository: {
+      type: "git",
+      url: "git://github.com/helmetjs/content-security-policy-parser.git",
+    },
+    bugs: {
+      url: "https://github.com/helmetjs/content-security-policy-parser/issues",
+      email: "me@evanhahn.com",
+    },
+    engines: {
+      node: ">=18.0.0",
+    },
+  },
+  postBuild() {
+    Deno.copyFileSync("LICENSE", "./dist/npm/LICENSE");
+    Deno.copyFileSync("README.md", "./dist/npm/README.md");
+    Deno.copyFileSync("CHANGELOG.md", "./dist/npm/CHANGELOG.md");
+  },
+});
  • CHANGELOG.md+10 2 modified
    @@ -1,10 +1,17 @@
 # Changelog
 
+## Unreleased
+
+### Changed
+
+- **Breaking:** Parse into a `Map` instead of an object
+
 ## 0.5.0 - 2024-01-26
 
 ### Fixed
 
-- Fix prototype pollution bug when parsing `__proto__`. See [#11](https://github.com/helmetjs/content-security-policy-parser/issues/11)
+- Fix prototype pollution bug when parsing `__proto__`. See
+  [#11](https://github.com/helmetjs/content-security-policy-parser/issues/11)
 
 ### Removed
 
@@ -32,7 +39,8 @@
 
 ### Added
 
-- Added TypeScript type definitions. See [#3](https://github.com/helmetjs/content-security-policy-parser/pull/3)
+- Added TypeScript type definitions. See
+  [#3](https://github.com/helmetjs/content-security-policy-parser/pull/3)
 
 ### Changed
  • deno.json+23 0 added
    @@ -0,0 +1,23 @@
+{
+  "tasks": {
+    "npm": "deno run -A build-npm.ts",
+    "clean": "rm -rf dist",
+    "test": "deno task clean && deno task test:fmt && deno task test:lint && deno test",
+    "test:fmt": "deno fmt --check",
+    "test:lint": "deno lint"
+  },
+  "compilerOptions": {
+    "noFallthroughCasesInSwitch": true,
+    "noImplicitReturns": true,
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "noUncheckedIndexedAccess": true,
+    "useUnknownInCatchVariables": true
+  },
+  "fmt": {
+    "exclude": ["dist"]
+  },
+  "lint": {
+    "exclude": ["dist"]
+  }
+}
  • deno.lock+117 0 added
    @@ -0,0 +1,117 @@
+{
+  "version": "3",
+  "remote": {
+    "https://deno.land/std@0.140.0/_util/assert.ts": "e94f2eb37cebd7f199952e242c77654e43333c1ac4c5c700e929ea3aa5489f74",
+    "https://deno.land/std@0.140.0/_util/os.ts": "3b4c6e27febd119d36a416d7a97bd3b0251b77c88942c8f16ee5953ea13e2e49",
+    "https://deno.land/std@0.140.0/bytes/bytes_list.ts": "67eb118e0b7891d2f389dad4add35856f4ad5faab46318ff99653456c23b025d",
+    "https://deno.land/std@0.140.0/bytes/equals.ts": "fc16dff2090cced02497f16483de123dfa91e591029f985029193dfaa9d894c9",
+    "https://deno.land/std@0.140.0/bytes/mod.ts": "763f97d33051cc3f28af1a688dfe2830841192a9fea0cbaa55f927b49d49d0bf",
+    "https://deno.land/std@0.140.0/fmt/colors.ts": "30455035d6d728394781c10755351742dd731e3db6771b1843f9b9e490104d37",
+    "https://deno.land/std@0.140.0/fs/_util.ts": "0fb24eb4bfebc2c194fb1afdb42b9c3dda12e368f43e8f2321f84fc77d42cb0f",
+    "https://deno.land/std@0.140.0/fs/ensure_dir.ts": "9dc109c27df4098b9fc12d949612ae5c9c7169507660dcf9ad90631833209d9d",
+    "https://deno.land/std@0.140.0/io/buffer.ts": "bd0c4bf53db4b4be916ca5963e454bddfd3fcd45039041ea161dbf826817822b",
+    "https://deno.land/std@0.140.0/path/_constants.ts": "df1db3ffa6dd6d1252cc9617e5d72165cd2483df90e93833e13580687b6083c3",
+    "https://deno.land/std@0.140.0/path/_interface.ts": "ee3b431a336b80cf445441109d089b70d87d5e248f4f90ff906820889ecf8d09",
+    "https://deno.land/std@0.140.0/path/_util.ts": "c1e9686d0164e29f7d880b2158971d805b6e0efc3110d0b3e24e4b8af2190d2b",
+    "https://deno.land/std@0.140.0/path/common.ts": "bee563630abd2d97f99d83c96c2fa0cca7cee103e8cb4e7699ec4d5db7bd2633",
+    "https://deno.land/std@0.140.0/path/glob.ts": "cb5255638de1048973c3e69e420c77dc04f75755524cb3b2e160fe9277d939ee",
+    "https://deno.land/std@0.140.0/path/mod.ts": "d3e68d0abb393fb0bf94a6d07c46ec31dc755b544b13144dee931d8d5f06a52d",
+    "https://deno.land/std@0.140.0/path/posix.ts": "293cdaec3ecccec0a9cc2b534302dfe308adb6f10861fa183275d6695faace44",
+    "https://deno.land/std@0.140.0/path/separator.ts": "fe1816cb765a8068afb3e8f13ad272351c85cbc739af56dacfc7d93d710fe0f9",
+    "https://deno.land/std@0.140.0/path/win32.ts": "31811536855e19ba37a999cd8d1b62078235548d67902ece4aa6b814596dd757",
+    "https://deno.land/std@0.140.0/streams/conversion.ts": "712585bfa0172a97fb68dd46e784ae8ad59d11b88079d6a4ab098ff42e697d21",
+    "https://deno.land/std@0.181.0/_util/asserts.ts": "178dfc49a464aee693a7e285567b3d0b555dc805ff490505a8aae34f9cfb1462",
+    "https://deno.land/std@0.181.0/_util/os.ts": "d932f56d41e4f6a6093d56044e29ce637f8dcc43c5a90af43504a889cf1775e3",
+    "https://deno.land/std@0.181.0/fmt/colors.ts": "d67e3cd9f472535241a8e410d33423980bec45047e343577554d3356e1f0ef4e",
+    "https://deno.land/std@0.181.0/fs/_util.ts": "65381f341af1ff7f40198cee15c20f59951ac26e51ddc651c5293e24f9ce6f32",
+    "https://deno.land/std@0.181.0/fs/empty_dir.ts": "c3d2da4c7352fab1cf144a1ecfef58090769e8af633678e0f3fabaef98594688",
+    "https://deno.land/std@0.181.0/fs/ensure_dir.ts": "dc64c4c75c64721d4e3fb681f1382f803ff3d2868f08563ff923fdd20d071c40",
+    "https://deno.land/std@0.181.0/fs/expand_glob.ts": "e4f56259a0a70fe23f05215b00de3ac5e6ba46646ab2a06ebbe9b010f81c972a",
+    "https://deno.land/std@0.181.0/fs/walk.ts": "ea95ffa6500c1eda6b365be488c056edc7c883a1db41ef46ec3bf057b1c0fe32",
+    "https://deno.land/std@0.181.0/path/_constants.ts": "e49961f6f4f48039c0dfed3c3f93e963ca3d92791c9d478ac5b43183413136e0",
+    "https://deno.land/std@0.181.0/path/_interface.ts": "6471159dfbbc357e03882c2266d21ef9afdb1e4aa771b0545e90db58a0ba314b",
+    "https://deno.land/std@0.181.0/path/_util.ts": "d7abb1e0dea065f427b89156e28cdeb32b045870acdf865833ba808a73b576d0",
+    "https://deno.land/std@0.181.0/path/common.ts": "ee7505ab01fd22de3963b64e46cff31f40de34f9f8de1fff6a1bd2fe79380000",
+    "https://deno.land/std@0.181.0/path/glob.ts": "d479e0a695621c94d3fd7fe7abd4f9499caf32a8de13f25073451c6ef420a4e1",
+    "https://deno.land/std@0.181.0/path/mod.ts": "bf718f19a4fdd545aee1b06409ca0805bd1b68ecf876605ce632e932fe54510c",
+    "https://deno.land/std@0.181.0/path/posix.ts": "8b7c67ac338714b30c816079303d0285dd24af6b284f7ad63da5b27372a2c94d",
+    "https://deno.land/std@0.181.0/path/separator.ts": "0fb679739d0d1d7bf45b68dacfb4ec7563597a902edbaf3c59b50d5bcadd93b1",
+    "https://deno.land/std@0.181.0/path/win32.ts": "d186344e5583bcbf8b18af416d13d82b35a317116e6460a5a3953508c3de5bba",
+    "https://deno.land/std@0.215.0/assert/_constants.ts": "a271e8ef5a573f1df8e822a6eb9d09df064ad66a4390f21b3e31f820a38e0975",
+    "https://deno.land/std@0.215.0/assert/_diff.ts": "dcc63d94ca289aec80644030cf88ccbf7acaa6fbd7b0f22add93616b36593840",
+    "https://deno.land/std@0.215.0/assert/_format.ts": "0ba808961bf678437fb486b56405b6fefad2cf87b5809667c781ddee8c32aff4",
+    "https://deno.land/std@0.215.0/assert/assert.ts": "bec068b2fccdd434c138a555b19a2c2393b71dfaada02b7d568a01541e67cdc5",
+    "https://deno.land/std@0.215.0/assert/assert_almost_equals.ts": "8b96b7385cc117668b0720115eb6ee73d04c9bcb2f5d2344d674918c9113688f",
+    "https://deno.land/std@0.215.0/assert/assert_array_includes.ts": "1688d76317fd45b7e93ef9e2765f112fdf2b7c9821016cdfb380b9445374aed1",
+    "https://deno.land/std@0.215.0/assert/assert_equals.ts": "4497c56fe7d2993b0d447926702802fc0becb44e319079e8eca39b482ee01b4e",
+    "https://deno.land/std@0.215.0/assert/assert_exists.ts": "24a7bf965e634f909242cd09fbaf38bde6b791128ece08e33ab08586a7cc55c9",
+    "https://deno.land/std@0.215.0/assert/assert_false.ts": "6f382568e5128c0f855e5f7dbda8624c1ed9af4fcc33ef4a9afeeedcdce99769",
+    "https://deno.land/std@0.215.0/assert/assert_greater.ts": "4945cf5729f1a38874d7e589e0fe5cc5cd5abe5573ca2ddca9d3791aa891856c",
+    "https://deno.land/std@0.215.0/assert/assert_greater_or_equal.ts": "573ed8823283b8d94b7443eb69a849a3c369a8eb9666b2d1db50c33763a5d219",
+    "https://deno.land/std@0.215.0/assert/assert_instance_of.ts": "72dc1faff1e248692d873c89382fa1579dd7b53b56d52f37f9874a75b11ba444",
+    "https://deno.land/std@0.215.0/assert/assert_is_error.ts": "6596f2b5ba89ba2fe9b074f75e9318cda97a2381e59d476812e30077fbdb6ed2",
+    "https://deno.land/std@0.215.0/assert/assert_less.ts": "2b4b3fe7910f65f7be52212f19c3977ecb8ba5b2d6d0a296c83cde42920bb005",
+    "https://deno.land/std@0.215.0/assert/assert_less_or_equal.ts": "b93d212fe669fbde959e35b3437ac9a4468f2e6b77377e7b6ea2cfdd825d38a0",
+    "https://deno.land/std@0.215.0/assert/assert_match.ts": "ec2d9680ed3e7b9746ec57ec923a17eef6d476202f339ad91d22277d7f1d16e1",
+    "https://deno.land/std@0.215.0/assert/assert_not_equals.ts": "ac86413ab70ffb14fdfc41740ba579a983fe355ba0ce4a9ab685e6b8e7f6a250",
+    "https://deno.land/std@0.215.0/assert/assert_not_instance_of.ts": "8f720d92d83775c40b2542a8d76c60c2d4aeddaf8713c8d11df8984af2604931",
+    "https://deno.land/std@0.215.0/assert/assert_not_match.ts": "b4b7c77f146963e2b673c1ce4846473703409eb93f5ab0eb60f6e6f8aeffe39f",
+    "https://deno.land/std@0.215.0/assert/assert_not_strict_equals.ts": "da0b8ab60a45d5a9371088378e5313f624799470c3b54c76e8b8abeec40a77be",
+    "https://deno.land/std@0.215.0/assert/assert_object_match.ts": "e85e5eef62a56ce364c3afdd27978ccab979288a3e772e6855c270a7b118fa49",
+    "https://deno.land/std@0.215.0/assert/assert_rejects.ts": "e9e0c8d9c3e164c7ac962c37b3be50577c5a2010db107ed272c4c1afb1269f54",
+    "https://deno.land/std@0.215.0/assert/assert_strict_equals.ts": "0425a98f70badccb151644c902384c12771a93e65f8ff610244b8147b03a2366",
+    "https://deno.land/std@0.215.0/assert/assert_string_includes.ts": "dfb072a890167146f8e5bdd6fde887ce4657098e9f71f12716ef37f35fb6f4a7",
+    "https://deno.land/std@0.215.0/assert/assert_throws.ts": "edddd86b39606c342164b49ad88dd39a26e72a26655e07545d172f164b617fa7",
+    "https://deno.land/std@0.215.0/assert/assertion_error.ts": "9f689a101ee586c4ce92f52fa7ddd362e86434ffdf1f848e45987dc7689976b8",
+    "https://deno.land/std@0.215.0/assert/equal.ts": "fae5e8a52a11d3ac694bbe1a53e13a7969e3f60791262312e91a3e741ae519e2",
+    "https://deno.land/std@0.215.0/assert/fail.ts": "f310e51992bac8e54f5fd8e44d098638434b2edb802383690e0d7a9be1979f1c",
+    "https://deno.land/std@0.215.0/assert/mod.ts": "325df8c0683ad83a873b9691aa66b812d6275fc9fec0b2d180ac68a2c5efed3b",
+    "https://deno.land/std@0.215.0/assert/unimplemented.ts": "47ca67d1c6dc53abd0bd729b71a31e0825fc452dbcd4fde4ca06789d5644e7fd",
+    "https://deno.land/std@0.215.0/assert/unreachable.ts": "38cfecb95d8b06906022d2f9474794fca4161a994f83354fd079cac9032b5145",
+    "https://deno.land/std@0.215.0/fmt/colors.ts": "aeaee795471b56fc62a3cb2e174ed33e91551b535f44677f6320336aabb54fbb",
+    "https://deno.land/x/code_block_writer@12.0.0/mod.ts": "2c3448060e47c9d08604c8f40dee34343f553f33edcdfebbf648442be33205e5",
+    "https://deno.land/x/code_block_writer@12.0.0/utils/string_utils.ts": "60cb4ec8bd335bf241ef785ccec51e809d576ff8e8d29da43d2273b69ce2a6ff",
+    "https://deno.land/x/deno_cache@0.6.2/auth_tokens.ts": "5d1d56474c54a9d152e44d43ea17c2e6a398dd1e9682c69811a313567c01ee1e",
+    "https://deno.land/x/deno_cache@0.6.2/cache.ts": "58b53c128b742757efcad10af9a3871f23b4e200674cb5b0ddf61164fb9b2fe7",
+    "https://deno.land/x/deno_cache@0.6.2/deno_dir.ts": "1ea355b8ba11c630d076b222b197cfc937dd81e5a4a260938997da99e8ff93a0",
+    "https://deno.land/x/deno_cache@0.6.2/deps.ts": "12cca94516cf2d3ed42fccd4b721ecd8060679253f077d83057511045b0081aa",
+    "https://deno.land/x/deno_cache@0.6.2/dirs.ts": "009c6f54e0b610914d6ce9f72f6f6ccfffd2d47a79a19061e0a9eb4253836069",
+    "https://deno.land/x/deno_cache@0.6.2/disk_cache.ts": "66a1e604a8d564b6dd0500326cac33d08b561d331036bf7272def80f2f7952aa",
+    "https://deno.land/x/deno_cache@0.6.2/file_fetcher.ts": "4f3e4a2c78a5ca1e4812099e5083f815a8525ab20d389b560b3517f6b1161dd6",
+    "https://deno.land/x/deno_cache@0.6.2/http_cache.ts": "407135eaf2802809ed373c230d57da7ef8dff923c4abf205410b9b99886491fd",
+    "https://deno.land/x/deno_cache@0.6.2/lib/deno_cache_dir.generated.js": "59f8defac32e8ebf2a30f7bc77e9d88f0e60098463fb1b75e00b9791a4bbd733",
+    "https://deno.land/x/deno_cache@0.6.2/lib/snippets/deno_cache_dir-a2aecaa9536c9402/fs.js": "cbe3a976ed63c72c7cb34ef845c27013033a3b11f9d8d3e2c4aa5dda2c0c7af6",
+    "https://deno.land/x/deno_cache@0.6.2/mod.ts": "b4004287e1c6123d7f07fe9b5b3e94ce6d990c4102949a89c527c68b19627867",
+    "https://deno.land/x/deno_cache@0.6.2/util.ts": "f3f5a0cfc60051f09162942fb0ee87a0e27b11a12aec4c22076e3006be4cc1e2",
+    "https://deno.land/x/deno_graph@0.53.0/deno_graph_wasm.generated.js": "2cbaec012743f138172c0aff377c589ca1dd25331b77acada8ea4aafd6ec8bb4",
+    "https://deno.land/x/deno_graph@0.53.0/loader.ts": "a2e757383908f4a51659fe1b1203386887ebb17756bac930a64856d613d8d57d",
+    "https://deno.land/x/deno_graph@0.53.0/media_type.ts": "a89a1b38d07c160e896de9ceb99285ba8391940140558304171066b5c3ef7609",
+    "https://deno.land/x/deno_graph@0.53.0/mod.ts": "e4bdddf09d8332394ac4b2e7084f7f4fbbbf09dff344cac9bd60f5e20b4f12e0",
+    "https://deno.land/x/dir@1.5.1/data_local_dir/mod.ts": "91eb1c4bfadfbeda30171007bac6d85aadacd43224a5ed721bbe56bc64e9eb66",
+    "https://deno.land/x/dnt@0.40.0/lib/compiler.ts": "7f4447531581896348b8a379ab94730856b42ae50d99043f2468328360293cb1",
+    "https://deno.land/x/dnt@0.40.0/lib/compiler_transforms.ts": "f21aba052f5dcf0b0595c734450842855c7f572e96165d3d34f8fed2fc1f7ba1",
+    "https://deno.land/x/dnt@0.40.0/lib/mod.deps.ts": "8d6123c8e1162037e58aa8126686a03d1e2cffb250a8757bf715f80242097597",
+    "https://deno.land/x/dnt@0.40.0/lib/npm_ignore.ts": "57fbb7e7b935417d225eec586c6aa240288905eb095847d3f6a88e290209df4e",
+    "https://deno.land/x/dnt@0.40.0/lib/package_json.ts": "607b0a4f44acad071a4c8533b312a27d6671eac8e6a23625c8350ce29eadb2ba",
+    "https://deno.land/x/dnt@0.40.0/lib/pkg/dnt_wasm.generated.js": "2694546844a50861d6d1610859afbf5130baca4dc6cf304541b7ec2d6d998142",
+    "https://deno.land/x/dnt@0.40.0/lib/pkg/snippets/dnt-wasm-a15ef721fa5290c5/helpers.js": "aba69a019a6da6f084898a6c7b903b8b583bc0dbd82bfb338449cf0b5bce58fd",
+    "https://deno.land/x/dnt@0.40.0/lib/shims.ts": "39e5c141f0315c0faf30b479b53f92b9078d92e1fd67ee34cc60b701d8e68dab",
+    "https://deno.land/x/dnt@0.40.0/lib/test_runner/get_test_runner_code.ts": "4dc7a73a13b027341c0688df2b29a4ef102f287c126f134c33f69f0339b46968",
+    "https://deno.land/x/dnt@0.40.0/lib/test_runner/test_runner.ts": "4d0da0500ec427d5f390d9a8d42fb882fbeccc92c92d66b6f2e758606dbd40e6",
+    "https://deno.land/x/dnt@0.40.0/lib/transform.deps.ts": "2e159661e1c5c650de9a573babe0e319349fe493105157307ec2ad2f6a52c94e",
+    "https://deno.land/x/dnt@0.40.0/lib/types.ts": "b8e228b2fac44c2ae902fbb73b1689f6ab889915bd66486c8a85c0c24255f5fb",
+    "https://deno.land/x/dnt@0.40.0/lib/utils.ts": "224f15f33e7226a2fd991e438d0291d7ed8c7889807efa2e1ecb67d2d1db6720",
+    "https://deno.land/x/dnt@0.40.0/mod.ts": "ae1890fbe592e4797e7dd88c1e270f22b8334878e9bf187c4e11ae75746fe778",
+    "https://deno.land/x/dnt@0.40.0/transform.ts": "f68743a14cf9bf53bfc9c81073871d69d447a7f9e3453e0447ca2fb78926bb1d",
+    "https://deno.land/x/ts_morph@20.0.0/bootstrap/mod.ts": "b53aad517f106c4079971fcd4a81ab79fadc40b50061a3ab2b741a09119d51e9",
+    "https://deno.land/x/ts_morph@20.0.0/bootstrap/ts_morph_bootstrap.js": "6645ac03c5e6687dfa8c78109dc5df0250b811ecb3aea2d97c504c35e8401c06",
+    "https://deno.land/x/ts_morph@20.0.0/common/DenoRuntime.ts": "6a7180f0c6e90dcf23ccffc86aa8271c20b1c4f34c570588d08a45880b7e172d",
+    "https://deno.land/x/ts_morph@20.0.0/common/mod.ts": "01985d2ee7da8d1caee318a9d07664774fbee4e31602bc2bb6bb62c3489555ed",
+    "https://deno.land/x/ts_morph@20.0.0/common/ts_morph_common.js": "2325f94f61dc5f3f98a1dab366dc93048d11b1433d718b10cfc6ee5a1cfebe8f",
+    "https://deno.land/x/ts_morph@20.0.0/common/typescript.js": "b9edf0a451685d13e0467a7ed4351d112b74bd1e256b915a2b941054e31c1736",
+    "https://deno.land/x/wasmbuild@0.14.1/cache.ts": "89eea5f3ce6035a1164b3e655c95f21300498920575ade23161421f5b01967f4",
+    "https://deno.land/x/wasmbuild@0.14.1/loader.ts": "d98d195a715f823151cbc8baa3f32127337628379a02d9eb2a3c5902dbccfc02",
+    "https://deno.land/x/wasmbuild@0.15.1/cache.ts": "9d01b5cb24e7f2a942bbd8d14b093751fa690a6cde8e21709ddc97667e6669ed",
+    "https://deno.land/x/wasmbuild@0.15.1/loader.ts": "8c2fc10e21678e42f84c5135d8ab6ab7dc92424c3f05d2354896a29ccfd02a63"
+  }
+}
  • index.ts+0 26 removed
    @@ -1,26 +0,0 @@
-interface PolicyResult {
-  [key: string]: string[];
-}
-
-export = (policy: string): PolicyResult => {
-  const result: PolicyResult = {};
-  policy.split(";").forEach((directive) => {
-    const [directiveKey, ...directiveValue] = directive.trim().split(/\s+/g);
-    if (
-      directiveKey &&
-      !Object.prototype.hasOwnProperty.call(result, directiveKey)
-    ) {
-      if (directiveKey === "__proto__") {
-        Object.defineProperty(result, directiveKey, {
-          configurable: true,
-          enumerable: true,
-          writable: true,
-          value: directiveValue,
-        });
-      } else {
-        result[directiveKey] = directiveValue;
-      }
-    }
-  });
-  return result;
-};
  • mod.ts+17 0 added
    @@ -0,0 +1,17 @@
+type ParsedContentSecurityPolicy = Map<string, string[]>;
+
+export default function parseContentSecurityPolicy(
+  policy: string,
+): ParsedContentSecurityPolicy {
+  const result: ParsedContentSecurityPolicy = new Map();
+  policy.split(";").forEach((directive) => {
+    const [directiveKey, ...directiveValue] = directive.trim().split(/\s+/g);
+    if (
+      directiveKey &&
+      !result.has(directiveKey)
+    ) {
+      result.set(directiveKey, directiveValue);
+    }
+  });
+  return result;
+}
  • package.json+0 56 removed
    @@ -1,56 +0,0 @@
-{
-  "name": "content-security-policy-parser",
-  "author": "Evan Hahn <me@evanhahn.com> (https://evanhahn.com)",
-  "description": "Parse Content Security Policy directives.",
-  "version": "0.5.0",
-  "license": "MIT",
-  "keywords": [
-    "security",
-    "content",
-    "security",
-    "policy",
-    "csp",
-    "parser"
-  ],
-  "homepage": "https://github.com/helmetjs/content-security-policy-parser",
-  "repository": {
-    "type": "git",
-    "url": "git://github.com/helmetjs/content-security-policy-parser.git"
-  },
-  "bugs": {
-    "url": "https://github.com/helmetjs/content-security-policy-parser/issues",
-    "email": "me@evanhahn.com"
-  },
-  "engines": {
-    "node": ">=18.0.0"
-  },
-  "main": "./dist/index.js",
-  "typings": "./dist/index.d.ts",
-  "files": [
-    "LICENSE",
-    "README.md",
-    "CHANGELOG.md",
-    "dist/index.js",
-    "dist/index.d.ts"
-  ],
-  "scripts": {
-    "pretest": "npm run lint",
-    "prepublishOnly": "npm run build",
-    "lint": "npm run lint:eslint && npm run lint:prettier",
-    "lint:eslint": "eslint .",
-    "lint:prettier": "prettier --check .",
-    "format": "prettier --write .",
-    "clean": "rm -rf dist",
-    "build": "npm run clean && tsc",
-    "test": "node --test --require ts-node/register test.ts"
-  },
-  "devDependencies": {
-    "@typescript-eslint/eslint-plugin": "^6.19.1",
-    "@typescript-eslint/parser": "^6.19.1",
-    "eslint": "^8.56.0",
-    "prettier": "^3.2.4",
-    "ts-node": "^10.9.2",
-    "typescipt": "^1.0.0",
-    "typescript": "^5.3.3"
-  }
-}
  • package-lock.json+0 2997 removed
  • README.md+9 10 modified
    @@ -8,16 +8,15 @@ Usage:
 const parse = require("content-security-policy-parser");
 
 parse(
-  "default-src 'self'; script-src 'unsafe-eval' scripts.com; object-src; style-src styles.biz",
+  "default-src 'self'; script-src 'unsafe-eval' scripts.example; object-src; style-src styles.example",
 );
-/*
-{
-  'default-src': ["'self'"],
-  'script-src': ["'unsafe-eval'", 'scripts.com'],
-  'object-src': [],
-  'style-src': ['styles.biz']
-}
-*/
+// => Map(X) {
+//      "default-src" => ["'self'"],
+//      "script-src" => ["'unsafe-eval'", "scripts.example"],
+//      "object-src" => [],
+//      "style-src" => ["styles.example"],
+//    }
 ```
 
-This module is considered "complete". I expect to continue maintenance if needed, but I don't plan to add features or make breaking changes.
+This module is considered "complete". I expect to continue maintenance if
+needed, but I don't plan to add features or make breaking changes.
  • test.ts+10 15 modified
    @@ -1,14 +1,13 @@
-import assert = require("node:assert/strict");
-import test from "node:test";
-import parse = require("./index");
+import { assertEquals } from "https://deno.land/std@0.215.0/assert/mod.ts";
+import parse from "./mod.ts";
 
 const parserTest = (
   testName: string,
   input: string,
   expected: Record<string, string[]>,
 ) => {
-  test(testName, () => {
-    assert.deepStrictEqual(parse(input), expected);
+  Deno.test(testName, () => {
+    assertEquals(parse(input), new Map(Object.entries(expected)));
   });
 };
 
@@ -99,17 +98,13 @@ parserTest(
   },
 );
 
-test("parsing __proto__ as a directive", () => {
+Deno.test("parsing __proto__ as a directive", () => {
   const actual = parse("default-src 'self';__proto__ foo");
 
-  const expected: Record<string, unknown> = { "default-src": ["'self'"] };
-  Object.defineProperty(expected, "__proto__", {
-    value: ["foo"],
-    configurable: true,
-    enumerable: true,
-    writable: true,
-  });
+  const expected = new Map([
+    ["default-src", ["'self'"]],
+    ["__proto__", ["foo"]],
+  ]);
 
-  assert.deepStrictEqual(actual, expected);
-  assert.strictEqual(actual.toString(), "[object Object]");
+  assertEquals(actual, expected);
 });
  • tsconfig.json+2 2 modified
    @@ -9,6 +9,6 @@
     "noUnusedParameters": true,
     "outDir": "./dist",
     "strict": true,
-    "target": "es6",
-  },
+    "target": "es6"
+  }
 }

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

7

News mentions

0

No linked articles in our index yet.