@tickboxhq/core
Classes
| Class | Description |
|---|---|
| ConsentStore | Framework-agnostic consent state machine. |
Type Aliases
| Type alias | Description |
|---|---|
| AiTxtOptions | - |
| ApplyOptions | - |
| CategoryDefinition | - |
| CategoryId | - |
| ConsentConfig | - |
| ConsentMode | How a category should be treated for a given jurisdiction. |
| ConsentModeMapping | Custom mapping from Tickbox category IDs to Google Consent Mode v2 keys. |
| ConsentModeRule | Rule that maps one gtag consent key to a Tickbox category. |
| ConsentState | - |
| GtagConsentKey | The seven Google Consent Mode v2 storage / signal keys. |
| Jurisdiction | - |
| JurisdictionId | Identifier of a jurisdiction preset shipped with @tickboxhq/core. |
| ResolvedCategory | A category resolved against the active jurisdiction — what the SDK actually needs to know to render UI and gate scripts. |
| StorageOptions | - |
| StoredConsent | The serialised consent record stored in the browser cookie. Schema is versioned via v so future migrations don’t break readers. |
| StoreOptions | - |
Variables
| Variable | Description |
|---|---|
| ADVERTISING_VENDORS | Advertising / paid-acquisition pixels and SDKs. Always require consent. |
| AI_TRAINING_CRAWLERS | AI-training crawlers and LLM-related user-agents. |
| ALL_TRACKING_VENDORS | Convenience: all known vendor identifiers across all categories. Used by EU_GDPR to classify everything as consent in one shot. |
| CDP_AND_PRODUCT_ANALYTICS | Customer-data platforms and product analytics that send individual events. Always require consent. |
| CHAT_WIDGETS | Live-chat widgets. Each loads third-party scripts that fingerprint users. |
| jurisdictions | Map of all built-in jurisdiction presets, keyed by their ID for ergonomic lookup: jurisdictions.UK_DUAA. |
| MARKETING_AUTOMATION | Marketing-automation, CRM and email-marketing platforms with browser tracking. Always require consent. |
| PRIVACY_FRIENDLY_ANALYTICS | Privacy-friendly statistical analytics — first-party or near-first-party, aggregated, no individual-level data, no advertising features. |
| SESSION_REPLAY_VENDORS | Session-replay and individual-user fingerprinting. Always require consent. |
| TAG_ATTRIBUTE | Element attribute used by Tickbox-aware scripts to declare their category. |
Functions
| Function | Description |
|---|---|
| applyConsent | Apply a consent state to the document by: 1. Activating any <script type="text/plain" data-tb-category="X"> whose category was granted 2. Calling gtag('consent', 'update', ...) if gtag is on the global scope 3. Dispatching a tickbox:consent-changed CustomEvent for any custom integrations |
| clearConsent | Clear the stored consent cookie. |
| defineConsent | Identity helper that narrows the type of a consent config so users get full autocomplete + type-checking in their consent.config.ts. |
| generateAiBotRobotsRules | Generate a robots.txt fragment with Disallow rules for AI training crawlers based on the ai_training category in the config. |
| generateAiTxt | Generate the contents of /ai.txt (Spawning.ai-compatible format). |
| isGPCSignaled | Detect a Global Privacy Control signal from the visitor’s browser. |
| parseConsentFromHeader | Parse a stored consent record from a raw Cookie header string. Useful on the server: pass the request’s cookie header. Returns null when the cookie isn’t present or is malformed. |
| readConsent | Read the stored consent record from document.cookie. Returns null on the server, when no cookie is set, or when the cookie is malformed. |
| resolveCategories | Resolve each declared category against the active jurisdiction’s vendor rules. |
| resolveJurisdictionByCountry | Resolve a jurisdiction from an ISO 3166-1 alpha-2 country code (e.g. ‘GB’). Falls back to EU_GDPR for any country not explicitly mapped — the safer default for an unknown EEA visitor. Returns null when the code is unknown and no fallback is requested. |
| writeConsent | Persist a consent record to document.cookie. No-op on the server. |