We're open-sourcing 3 CLI tools for website compliance testing
Source: Dev.to
We built a scanner for European websites and extracted three internal tools that work great as standalone utilities. All are MIT‑licensed, TypeScript‑based, CI‑friendly, and run on Node 18+.
Cookie Consent Validator
Clicks “Reject All” on a site’s cookie banner and verifies that tracking actually stops.
npx @trustyourwebsite/cookie-consent-validator https://your-site.com- Detects the CMP (Cookiebot, OneTrust, Complianz, CookieYes, Iubenda, generic).
- Records cookies and network requests before and after rejection.
- Flags violations where banners are decorative only.
- Inspired by Dutch DPA fines (e.g., Kruidvat €600 K, Coolblue €40 K).
GitHub: trustyourwebsite/cookie-consent-validator
Security Headers Checker
Grades your site’s security headers from A+ to F and provides remediation advice.
npx @trustyourwebsite/security-headers https://your-site.com- Checks HSTS, CSP (full directive parsing, flags
unsafe-inline/unsafe-eval),X-Content-Type-Options,X-Frame-Options,Referrer-Policy,Permissions-Policy, COOP/CORP/COEP. - Flags server and
X-Powered-Byversion disclosures. - Zero runtime dependencies.
- CI mode:
--ci --min-grade Bexits with code 1 if the grade drops below the threshold.
GitHub: trustyourwebsite/security-headers
DNS Auth Check
Validates SPF, DKIM, and DMARC configurations for a domain.
npx @trustyourwebsite/dns-auth-check your-domain.com- Recursive SPF lookup counting – detects when included mechanisms exceed the 10‑lookup limit (RFC 7208), a common hidden failure for setups like Google Workspace + Mailchimp + transactional senders.
- Auto‑discovers DKIM selectors (probes 12+ common ones) so you don’t need to know them in advance.
- Checks DMARC policy, BIMI, and MTA‑STS.
- Zero runtime dependencies; uses
node:dns/promises.
GitHub: trustyourwebsite/dns-auth-check
All three tools are released under the MIT license, output JSON and table formats, and accept CI flags. Pull requests are welcome.
If you want a single scan that includes these checks plus accessibility, image copyright, dark‑pattern detection, and legal‑page verification, try the full scanner at .