Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@aabenoja/phantomjs
Advanced tools
This is a fork of the NPM wrapper for PhantomJS, headless webkit with JS API to pull down the v2.0.0 binaries from the cdn.
npm install phantomjs
Or grab the source and
node ./install.js
What this installer is really doing is just grabbing a particular "blessed" (by this module) version of Phantom. As new versions of Phantom are released and vetted, this module will be updated accordingly.
The package has been set up to fetch and run Phantom for MacOS (darwin), Linux based platforms (as identified by nodejs), and -- as of version 0.2.0 -- Windows (thanks to Domenic Denicola). If you spot any platform weirdnesses, let us know or send a patch.
bin/phantomjs [phantom arguments]
And npm will install a link to the binary in node_modules/.bin
as
it is wont to do.
The package exports a path
string that contains the path to the
phantomjs binary/executable.
Below is an example of using this package via node.
var path = require('path')
var childProcess = require('child_process')
var phantomjs = require('phantomjs')
var binPath = phantomjs.path
var childArgs = [
path.join(__dirname, 'phantomjs-script.js'),
'some other argument (passed to phantomjs script)'
]
childProcess.execFile(binPath, childArgs, function(err, stdout, stderr) {
// handle results
})
The major and minor number tracks the version of PhantomJS that will be installed. The patch number is incremented when there is either an installer update or a patch build of the phantom binary.
By default, this package will download phantomjs from https://bitbucket.org/ariya/phantomjs/downloads
.
This should work fine for most people.
If bitbucket is down, or the Great Firewall is blocking bitbucket, you may need to use
a download mirror. To set a mirror, set npm config property phantomjs_cdnurl
.
Default is ``.
npm install phantomjs --phantomjs_cdnurl=http://cnpmjs.org/downloads
Or add property into your .npmrc
file (https://www.npmjs.org/doc/files/npmrc.html)
phantomjs_cdnurl=http://cnpmjs.org/downloads
Another option is to use PATH variable PHANTOMJS_CDNURL
.
PHANTOMJS_CDNURL=http://cnpmjs.org/downloads npm install phantomjs
If you plan to install phantomjs many times on a single machine, you can
install the phantomjs
binary on PATH. The installer will automatically detect
and use that for non-global installs.
PhantomJS is not a library for NodeJS. It's a separate environment and code written for node is unlikely to be compatible. In particular PhantomJS does not expose a Common JS package loader.
This is an NPM wrapper and can be used to conveniently make Phantom available It is not a Node JS wrapper.
I have had reasonable experiences writing standalone Phantom scripts which I then drive from within a node program by spawning phantom in a child process.
Read the PhantomJS FAQ for more details: http://phantomjs.org/faq.html
An extra note on Linux usage, from the PhantomJS download page:
This package is built on CentOS 5.8. It should run successfully on Lucid or more modern systems (including other distributions). There is no requirement to install Qt, WebKit, or any other libraries. It is however expected that some base libraries necessary for rendering (FreeType, Fontconfig) and the basic font files are available in the system.
spawn ENOENT
This is NPM's way of telling you that it was not able to start a process. It usually means:
node
is not on your PATH, or otherwise not correctly installed.tar
is not on your PATH. This package expects tar
on your PATH on Linux-based platforms.Check your specific error message for more information.
Error: EPERM
or operation not permitted
or permission denied
This error means that NPM was not able to install phantomjs to the file system. There are three major reasons why this could happen:
npm cache clean
to fix them.Error: read ECONNRESET
or Error: connect ETIMEDOUT
This error means that something went wrong with your internet connection, and the installer was not able to download the PhantomJS binary for your platform. Please try again.
ECONNRESET
or ETIMEDOUT
consistently.Do you live in China, or a country with an authoritarian government? We've seen problems where the GFW or local ISP blocks bitbucket, preventing the installer from downloading the binary.
Try visiting the the download page manually.
If that page is blocked, you can try using a different CDN with the PHANTOMJS_CDNURL
env variable described above.
You can tell NPM and the PhantomJS installer to skip validation of ssl keys with NPM's strict-ssl setting:
npm set strict-ssl false
WARNING: Turning off strict-ssl
leaves you vulnerable to attackers reading
your encrypted traffic, so run this at your own risk!
If you install PhantomJS manually, and put it on PATH, the installer will try to use the manually-installed binaries.
node
Some Linux distros tried to rename node
to nodejs
due to a package
conflict. This is a non-portable change, and we do not try to support this. The
official documentation
recommends that you run apt-get install nodejs-legacy
to symlink node
to nodejs
on those platforms, or many NodeJS programs won't work properly.
Questions, comments, bug reports, and pull requests are all welcome. Submit them at the project on GitHub. If you haven't contributed to an Obvious project before please head over to the Open Source Project and fill out an OCLA (it should be pretty painless).
Bug reports that include steps-to-reproduce (including code) are the best. Even better, make them in the form of pull requests.
Dan Pupius (personal website), supported by The Obvious Corporation.
Copyright 2012 The Obvious Corporation.
Licensed under the Apache License, Version 2.0.
See the top-level file LICENSE.txt
and
(http://www.apache.org/licenses/LICENSE-2.0).
FAQs
Headless WebKit with JS API
We found that @aabenoja/phantomjs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.