Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@fingerprintjs/fingerprintjs
Advanced tools
Browser fingerprinting library with the highest accuracy and stability
@fingerprintjs/fingerprintjs is a JavaScript library that provides a way to uniquely identify users based on their browser and device characteristics. It is commonly used for fraud prevention, user authentication, and personalization.
Generate a Visitor Identifier
This feature allows you to generate a unique identifier for a visitor based on their browser and device characteristics. The code sample demonstrates how to load the FingerprintJS library, generate a visitor identifier, and log it to the console.
const FingerprintJS = require('@fingerprintjs/fingerprintjs');
FingerprintJS.load().then(fp => {
fp.get().then(result => {
const visitorId = result.visitorId;
console.log(visitorId);
});
});
Get Detailed Visitor Data
This feature provides detailed information about the visitor's browser and device characteristics. The code sample shows how to access and log the detailed components of the visitor's fingerprint.
const FingerprintJS = require('@fingerprintjs/fingerprintjs');
FingerprintJS.load().then(fp => {
fp.get().then(result => {
const components = result.components;
console.log(components);
});
});
ClientJS is a JavaScript library for generating a client-side fingerprint based on browser and device characteristics. It offers similar functionality to @fingerprintjs/fingerprintjs but may not be as comprehensive in terms of the data it collects and analyzes.
FingerprintJS2 is an older version of the FingerprintJS library. It provides similar functionality for generating unique visitor identifiers but lacks some of the newer features and improvements found in @fingerprintjs/fingerprintjs.
UA-Parser-JS is a JavaScript library for parsing user-agent strings to identify browser, engine, OS, CPU, and device type/model. While it does not generate a unique visitor identifier, it provides detailed information about the user's environment, which can be used in conjunction with other libraries for fingerprinting.
FingerprintJS is a browser fingerprinting library that queries browser attributes and computes a hashed visitor identifier from them. Unlike cookies and local storage, a fingerprint stays the same in incognito/private mode and even when browser data is purged.
FingerprintJS is 100% open-source, but its accuracy is limited because it's only a client-side library without a backend.
Open Source library accuracy | Fingerprint Pro accuracy |
---|---|
FingerprintJS has limited accuracy (40% - 60%) and functionality, because it's not possible to do many things without a backend. | Fingerprint Pro is a high-scale device identity platform that has both client-side and server-side components and identifies browsers and mobile devices with a 99.5% accuracy. Fingerprint Pro is free for developers, production plans start at $200/mo. |
FingerprintJS library demo: https://fingerprintjs.github.io/fingerprintjs | Fingerprint Pro demo: https://fingerprint.com/demo |
<script>
// Initialize the agent at application startup.
const fpPromise = import('https://openfpcdn.io/fingerprintjs/v3')
.then(FingerprintJS => FingerprintJS.load())
// Get the visitor identifier when you need it.
fpPromise
.then(fp => fp.get())
.then(result => {
// This is the visitor identifier:
const visitorId = result.visitorId
console.log(visitorId)
})
</script>
⚛️ Sample usage with React on the StackBlitz platform
Fingerprint Pro is a professional visitor identification service that processes all information server-side and transmits it securely to your servers using server-to-server APIs. Pro combines browser fingerprinting with vast amounts of auxiliary data (IP addresses, time of visit patterns, URL changes and more) to be able to reliably deduplicate different users that have identical devices, resulting in the 99.5% identification accuracy. Fingerprint Pro is available for Web, Android, iOS and other platforms.
Pro plans start at $0/month - no credit card required.
Full product comparison:
Open Source | Pro | |
---|---|---|
Core Features | ||
100% open source | yes | no1 |
Accuracy | up to 60% | 99.5% |
Standard fingerprint signals screen, os, device name | ✓ | ✓ |
Advanced fingerprint signals canvas, audio, fonts | ✓ | ✓ |
ID type | fingerprint | visitorID2 |
ID lifetime | several weeks | months/years |
ID origin | client | server |
ID collisions | common | rare |
Mobile Native SDKs | ||
Android | ✓ | ✓ |
iOS | ✓ | ✓ |
Flutter | - | ✓ |
React Native | - | ✓ |
Additional Features | ||
Incognito mode detection works in all modern browsers - see our full list of browsers supported | – | ✓ |
Server-side accuracy increase based on additional server-side signals, such as TLS crypto support, ipv4/v6 data and others | – | ✓ |
Query API & realtime Webhooks build flexible workflows | – | ✓ |
Ability to evade ad blockers | supported (NPM, own hosting) | supported (NPM + subdomain) |
Geolocation based on IP address | – | ✓ |
Operations | ||
Data security | Your infrastructure | Encrypted at rest |
Storage | Your infrastructure | Unlimited up to 1 yr |
Regions | Your infrastructure | Hosting in US, EU and Mumbai |
Compliance | Your infrastructure | GDPR, CCPA compliant3 |
SLA | No SLA | 99.9% Uptime |
Support | GitHub community | Support team via email, chat, and call-back within 1 business day |
1. Pro uses the open source fingerprinting library as well as proprietary technology for increased accuracy and identifier stability.
2. VisitorIDs, in comparison to fingerprints, include server side techniques, are deduplicated and utilize fuzzy matching to result in a more accurate and stable identifier. Fingerprint hashes rely on an exact match across all browser attributes, making them less stable across > 4 week time intervals.
3. Fingerprint Pro is GDPR and CCPA compliant as the data processor. You still need to be compliant as the data controller and use the identification for fraud prevention under legitimate interest or ask for user consent.
{
"requestId": "HFMlljrzKEiZmhUNDx7Z",
"visitorId": "kHqPGWS1Mj18sZFsP8Wl",
"visitorFound": true,
"confidence": { "score": 0.995 },
"incognito": false,
"browserName": "Chrome",
"browserVersion": "92.0.4515.107",
"os": "Mac OS X",
"osVersion": "10.15.6",
"device": "Other",
"ip": "192.65.67.131",
"ipLocation": {
"accuracyRadius": 100,
"latitude": 37.409657,
"longitude": -121.965467
// ...
},
"firstSeenAt": {
"global": "2022-03-16T11:26:45.362Z",
"subscription": "2022-03-16T11:31:01.101Z"
},
"lastSeenAt": {
"global": "2022-05-21T18:05:43.023Z",
"subscription": "2022-05-20T05:41:29.926Z"
}
}
⏱ How to upgrade from Open Source to Pro in 30 seconds
📕 Fingerprint Pro documentation
▶️ Video: use Fingerprint Pro to prevent multiple signups
See the compatibility policy for the API and visitor identifiers in the version policy guide.
The library supports all popular browsers. See more details and learn how to run the library in old browsers in the browser support guide.
Thanks to our series B funding, we are happy to provide technical support for our open-source FingerprintJS library. We recommend using GitHub Issues to submit bugs or Discussions to ask questions. Using issues and discussions publicly will help the open-source community and other users with similar issues. However, if you require private support, please email us at oss-support@fingerprint.com.
See the contributing guidelines to learn how to start a playground, test and build.
FAQs
Browser fingerprinting library with the highest accuracy and stability
The npm package @fingerprintjs/fingerprintjs receives a total of 252,140 weekly downloads. As such, @fingerprintjs/fingerprintjs popularity was classified as popular.
We found that @fingerprintjs/fingerprintjs demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.