npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

get-consent

v1.5.1

Published

GDPR consent string fetcher

Downloads

29

Readme

Get-Consent

GDPR consent string & US Privacy string fetcher

Build Status npm version

About

Get-Consent is a helper library to make collecting GDPR consent data from CMPs easier. Consent data is typically collected from a window.__cmp() function call by providing certain parameters. This is tedious as the function may arrive (be assigned and ready) later, or may never arrive at all. This library wraps a smart interface around the __cmp() call for fetching consent so that you don't have to worry about the details.

Get-Consent also handles being contained within an iframe, and will try to make window.top.postMessage requests to fetch CMP data. Note that Google personalization is not available in the circumstance that the script is contained within a frame.

Get-Consent supports fetching and processing USP (US Privacy) strings from CMP-style systems and cookies for supporting the CCPA.

Get-Consent is 10.8 KiB minified.

Google Personalization

Get-Consent also recognises Google consent for use with personalized ads. Currently the following CMPs are recognised and supported:

Installation

npm install get-consent --save-dev

Usage

The examples below detail the basic usage of the library. If you're looking for more detailed information, consider reading the API documentation.

The simplest way to fetch consent data is to use one of the getter methods:

Raw consent data:

import { getConsentData } from "get-consent";

getConsentData()
    .then(data => {
        // {
        //     consentData: "BN5lERiOMYEdiAOAWeFRAAYAAaAAptQ",
        //     gdprApplies: true,
        //     hasGlobalScope: true
        // }
    })
    .catch(err => {
        if (err.name === "TimeoutError") {
            // handle timeout
        } else if (err.name === "InvalidConsentError") {
            // Handle invalid/no consent
        }
    });

Consent string:

import { getConsentString } from "get-consent";

(async function() {
    const cString = await getConsentString();
    // "BN5lERiOMYEdiAOAWeFRAAYAAaAAptQ"
})();

Google consent:

import { getGoogleConsent } from "get-consent";

(async function() {
    const googleConsent = await getGoogleConsent();
    // 1 or 0
})();

Google consent is always in number form - 1 meaning consent was granted, 0 meaning it was denied.

Vendor consents:

import { getVendorConsentData } from "get-consent";

(async function() {
    const vendorConsentData = await getVendorConsentData();
    // {
    //     gdprApplies: true,
    //     hasGlobalScope: false,
    //     metaData: "AAAAAAAAAAAAAAAAAAAAAAA",
    //     purposeConsents: {
    //         "1": true,
    //         "2": true,
    //         "3": true
    //     },
    //     vendorConsents: {
    //         "1": false,
    //         "2": true,
    //         "3": false
    //     }
    // }
})();

The get* methods will all throw if they fail to fetch consent data, or if they time out. This can be changed by providing an extra option:

const cString = await getConsentString({
    noConsent: "resolve" // Return `null` when consent fetching fails
});

The timeout can be adjusted by specifying it in the options:

const googleConsent = await getGoogleConsent({
    timeout: 2500 // Default is no timeout
});

USP Strings (CCPA)

Fetching the USP string is performed using different methods for the most part:

import { getUSPString, onUSPString, uspApplies, uspOptsOut } from "get-consent";

// ...

const uspString = await getUSPString();// 1YN-
uspApplies(uspString); // true
uspOptsOut(uspString); // false

onUSPString(uspStr => { // 1---
    uspApplies(uspStr); // false
    uspOptsOut(uspStr); // false
});

The uspApplies and uspOptsOut methods provide detection for whether or not a US Privacy string is valid to use and how it affects data sales opt-out. The uspApplies method will return true for all valid USP strings that are not 1---. The uspOptsOut will return true for all valid USP strings that specify yes (Y) for the 3rd character of the string.

You can read more about the US Privacy string format in the IAB specification.

Manual USP override

You can forcibly override the USP string for a page by setting the property window.__uspStrOvr to a valid US privacy string. For example:

window.__uspStrOvr = "1YY-"; // Opt the user out of the sale of their data

Consent Callbacks

Other methods are available for using callbacks as a way to receive consent data:

import {
    onConsentData,
    onConsentString,
    onGoogleConsent,
    onVendorConsent
} from "get-consent";

const remove = onConsentData((err, result) => {
    // Error is always first..
    // Second result paramter matches the same data structures
    //   as returned by the get* methods mentioned above..
}, { win: window.top });

Caching

You can use memoization to cache consent fetching, so that multiple calls to some method don't make extra unnecessary CMP requests:

import { createMem, getConsentString } from "get-consent";

const mem = createMem(); // Memoization store instance
getConsentString({ mem }).then(cString => {
    // ...
});

// Later..
getConsentString({ mem }); // Does not initiate another CMP request,
    // but merely reuses the previous requests result and returns that.

Compatibility

This library is built using Webpack and Babel, and is designed to work on IE10 and upwards. No support will be provided for IE versions less than 10, nor other obscure browsers and versions.