Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@fingerprintjs/fingerprintjs
Advanced tools
@fingerprintjs/fingerprintjs is a JavaScript library that provides a way to uniquely identify users based on their browser and device characteristics. It is commonly used for fraud prevention, user authentication, and personalization.
Generate a Visitor Identifier
This feature allows you to generate a unique identifier for a visitor based on their browser and device characteristics. The code sample demonstrates how to load the FingerprintJS library, generate a visitor identifier, and log it to the console.
const FingerprintJS = require('@fingerprintjs/fingerprintjs');
FingerprintJS.load().then(fp => {
fp.get().then(result => {
const visitorId = result.visitorId;
console.log(visitorId);
});
});
Get Detailed Visitor Data
This feature provides detailed information about the visitor's browser and device characteristics. The code sample shows how to access and log the detailed components of the visitor's fingerprint.
const FingerprintJS = require('@fingerprintjs/fingerprintjs');
FingerprintJS.load().then(fp => {
fp.get().then(result => {
const components = result.components;
console.log(components);
});
});
ClientJS is a JavaScript library for generating a client-side fingerprint based on browser and device characteristics. It offers similar functionality to @fingerprintjs/fingerprintjs but may not be as comprehensive in terms of the data it collects and analyzes.
FingerprintJS2 is an older version of the FingerprintJS library. It provides similar functionality for generating unique visitor identifiers but lacks some of the newer features and improvements found in @fingerprintjs/fingerprintjs.
UA-Parser-JS is a JavaScript library for parsing user-agent strings to identify browser, engine, OS, CPU, and device type/model. While it does not generate a unique visitor identifier, it provides detailed information about the user's environment, which can be used in conjunction with other libraries for fingerprinting.
Original fingerprintjs library was developed in 2012, it's now impossible to evolve it without breaking backwards compatibilty, so this project will be where all the new development happens.
This project will use significantly more sources for fingerprinting, all of them will be configurable, that is it should be possible to cherry-pick only the options you need or just enable them all.
I'm also paying special attention to IE plugins, popular in China, such as QQ, Baidu and others.
This project will not be backwards compatible with original fingerprintjs.
This project uses semver
.
//cdn.jsdelivr.net/npm/fingerprintjs2@<VERSION>/dist/fingerprint2.min.js
or https://cdnjs.com/libraries/fingerprintjs2
bower install fingerprintjs2
npm install fingerprintjs2
yarn add fingerprintjs2
new Fingerprint2().get(function(result, components) {
console.log(result) // a hash, representing your device fingerprint
console.log(components) // an array of FP components
})
Note: You should not run fingerprinting directly on or after page load. Rather, delay it for a few milliseconds to ensure consistent fingerprints. See #307, #254, and others.
var options = {swfPath: '/assets/FontList.swf', excludeUserAgent: true}
new Fingerprint2(options).get(function(result) {
console.log(result)
})
Full list of options will be in the (https://github.com/Valve/fingerprintjs2/wiki/List-of-options) wiki page.
Flash font enumeration is disabled by default. JS code is used by default to get the list of available fonts.
The reason for this is that Flash will not work in incognito mode.
However, you can make the library to use Flash when detecting the fonts with:
excludeJsFonts: true
option.
To use Flash font enumeration, make sure you have swfobject available. If you don't, the library will skip the Flash part entirely.
detectScreenOrientation
option is true
by defaultTo ensure consistent fingerprints when users rotate their mobile devices.
new Fingerprint2().get(function(result, components) {
// this will use all available fingerprinting sources
console.log(result)
// components is an array of all fingerprinting components used
console.log(components)
})
userDefinedFonts
optionWhile hundreds of the most popular fonts are included in the extended font list, you may wish to increase the entropy of the font fingerprint by specifying the userDefinedFonts
option as an array of font names, but make sure to call the Fingerprint function after the page load, and not before, otherwise font detection might not work properly and in a result returned hash might be different every time you reloaded the page.
new Fingerprint2({
userDefinedFonts: ["Nimbus Mono", "Junicode", "Presto"]
}).get(function(result, components) {
console.log(result)
})
preprocessor
optionFunction that is called with each component value that may be used to modify component values before computing the fingerprint. For example: strip browser version from user agent.
new Fingerprint2({
preprocessor: function(key, value) {
if (key == "user_agent") {
var parser = new UAParser(value); // https://github.com/faisalman/ua-parser-js
var userAgentMinusVersion = parser.getOS().name + ' ' + parser.getBrowser().name
return userAgentMinusVersion
} else {
return value
}
}
}).get(function(result, components) {
// user_agent component will contain string processed with our function. For example: Windows Chrome
console.log(result, components)
});
You can view your browser fingerprint locally by starting a webserver and viewing the index.html
page.
Loading index.html
from the filesystem won't work due to Flash's ExternalInterface security restrictions.
To start a web server you can try using one of the following:
Ruby 1.9.2+
ruby -run -e httpd . -p 8080
Python 2.x
python -m SimpleHTTPServer 8080
Python 3.x
python -m http.server 8080
PHP 5.4+
php -S 0.0.0.0:8080
By default, JS font detection will only detect up to 65 installed fonts. If you want to improve the font detection,
you can pass extendedJsFonts: true
option. This will increase the number of detectable fonts to ~500.
On my machine (MBP 2013 Core i5) + Chrome 46 the default FP process takes about 80-100ms. If you use extendedJsFonts
option this time will increase up to 2000ms (cold font cache).
This option can incur even more overhead on mobile Firefox browsers, which is much slower in font detection, so use it with caution on mobile devices.
To speed up fingerprint computation, you can exclude font detection (~ 40ms), canvas fingerprint (~ 10ms), WebGL fingerprint (~ 35 ms), and Audio fingerprint (~30 ms).
(in no particular order)
FontList.swf
file:bin/
directory to your $PATH
(mxmlc binary should be in path)make
https://player.vimeo.com/video/151208427
FAQs
Browser fingerprinting library with the highest accuracy and stability
The npm package @fingerprintjs/fingerprintjs receives a total of 252,140 weekly downloads. As such, @fingerprintjs/fingerprintjs popularity was classified as popular.
We found that @fingerprintjs/fingerprintjs demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.