Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement
Sign In

@percy/cli-doctor

Package Overview
Dependencies
Maintainers
1
Versions
20
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@percy/cli-doctor

> Percy CLI sub-command that diagnoses network, authentication, configuration, and CI readiness for running Percy builds.

Source
npmnpm
Version
1.31.14-beta.2
Version published
Weekly downloads
251K
29.39%
Maintainers
1
Weekly downloads
 
Created
Source

@percy/cli-doctor

Percy CLI sub-command that diagnoses network, authentication, configuration, and CI readiness for running Percy builds.

Installation

@percy/cli-doctor is bundled with @percy/cli. If you use the Percy CLI you already have it:

npx percy doctor

To install standalone:

npm install --save-dev @percy/cli-doctor
# or
yarn add --dev @percy/cli-doctor

Usage

percy doctor [options]

Options:
  --proxy-server  <url>   Proxy server to test alongside direct connectivity
                          e.g. http://proxy.corp.example.com:8080
  --url           <url>   URL to open in Chrome for network activity analysis
                          (default: https://percy.io)
  --timeout       <ms>    Per-request timeout in milliseconds
                          (default: 10000, max: 300000)
  --quick                 Run only connectivity, SSL, and token auth checks
                          (~4 seconds instead of a full diagnostic run)
  --output-json   <path>  Write the full diagnostic report to a JSON file
  -v, --verbose           Show detailed debug output
  -h, --help              Show help

What it checks

1 · Configuration Validation

Detects and validates Percy configuration files (.percy.yml, .percy.yaml, percy.config.js, etc.) via cosmiconfig:

  • Reports file location and format
  • Warns on missing or outdated version field (recommends version 2)
  • Detects project-type/config mismatches (e.g., automate-only keys like fullPage used with a web token)
CategoryMeaning
config_not_foundNo Percy config file detected
config_foundConfig file located and loaded
config_parse_errorConfig file has YAML/JSON syntax errors
config_version_invalidversion field is missing or non-numeric
config_version_outdatedConfig uses an outdated version (< 2)
config_key_automate_onlyConfig contains Automate-only keys but token is not Automate
config_key_web_onlyConfig contains Web-only keys but token is not a Web token

2 · CI Environment Detection

Detects your CI provider and validates CI-related settings:

  • Identifies 10+ CI systems (GitHub Actions, GitLab CI, Jenkins, CircleCI, Travis, etc.)
  • Validates git availability for commit/branch detection
  • Checks parallel build configuration (PERCY_PARALLEL_TOTAL + PERCY_PARALLEL_NONCE)
CategoryMeaning
ci_not_detectedNot running in a CI environment
ci_detectedCI system identified
ci_commit_missingCommit SHA could not be detected
ci_commit_foundCommit SHA available
ci_branch_missingBranch name could not be detected
ci_parallel_nonce_missingPERCY_PARALLEL_TOTAL set without PERCY_PARALLEL_NONCE
ci_parallel_config_validBoth parallel env vars are set correctly
ci_git_availableGit repository detected
ci_git_check_skippedGit check suppressed via PERCY_SKIP_GIT_CHECK=true
ci_git_unavailableGit not installed or not in a git repository

3 · Environment Variable Audit

Inventories all Percy-specific environment variables:

  • Lists all set PERCY_* vars (names only — values are never exposed)
  • Validates PERCY_PARALLEL_TOTAL is a positive integer
  • Flags manual overrides (PERCY_COMMIT, PERCY_BRANCH, PERCY_PULL_REQUEST)
  • Warns when NODE_TLS_REJECT_UNAUTHORIZED=0 disables SSL validation
CategoryMeaning
env_system_infoOS, Node version, CPU, and RAM summary
env_no_percy_varsNo PERCY_* environment variables detected
env_vars_listedLists names of all set PERCY_* variables
env_parallel_total_invalidPERCY_PARALLEL_TOTAL is not a valid positive integer
env_manual_overridesManual override vars active (e.g. PERCY_COMMIT, PERCY_BRANCH)
env_tls_disabledNODE_TLS_REJECT_UNAUTHORIZED=0 — SSL validation globally disabled

4 · Network Connectivity

Probes each required Percy / BrowserStack domain:

DomainPurpose
https://percy.ioPercy API
https://www.browserstack.comBrowserStack API
https://hub.browserstack.comBrowserStack Automate

Failure modes are classified as:

  • ENOTFOUND → DNS resolution failure; suggest whitelisting on corporate DNS
  • ETIMEDOUT / ECONNRESET → Firewall dropping packets; list CIDRs to whitelist
  • via proxy only → Proxy required, suggests setting HTTPS_PROXY

5 · SSL / TLS

ScenarioOutcome
NODE_TLS_REJECT_UNAUTHORIZED=0 is setWarning – SSL verification is disabled globally
SSL certificate error connecting to percy.ioFail – likely a MITM proxy/VPN; suggests remediation
SSL handshake succeedsPass

When a certificate error is detected, the command prints actionable suggestions (contact network admin, add proxy cert to trust store, set NODE_EXTRA_CA_CERTS).

6 · Proxy Detection

Detects proxy configuration from (in priority order):

  • Environment variables: HTTPS_PROXY, HTTP_PROXY, ALL_PROXY, NO_PROXY
  • macOS system proxy: scutil --proxy, networksetup -getautoproxyurl
  • Linux (GNOME): gsettings org.gnome.system.proxy
  • Linux (/etc): /etc/environment
  • Windows registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings

Each discovered proxy is validated by attempting connections to percy.io and browserstack.com through it.

7 · PAC / WPAD Auto-Proxy Configuration

Detects PAC file URLs from:

SourceDetection method
macOS systemnetworksetup -getautoproxyurl <interface>
macOS plist/Library/Preferences/SystemConfiguration/preferences.plist
Linux GNOMEgsettings org.gnome.system.proxy autoconfig-url
WindowsHKCU\…\Internet Settings\AutoConfigURL
Chrome / ChromiumDefault/Preferences JSON (macOS, Linux, Windows)
Firefox~/.mozilla/firefox/*/prefs.js (network.proxy.autoconfig_url)

The PAC script is fetched and evaluated in a sandboxed Node.js vm context using shims for all standard PAC helper functions. The result of FindProxyForURL("https://percy.io/", "percy.io") is reported.

If a PAC file routes percy.io through a proxy the command surfaces the exact HTTPS_PROXY=… export statement to add to your CI environment.

8 · Token Authentication

Validates the PERCY_TOKEN environment variable:

  • Presence: Checks the token is set
  • Format: Detects project type from token prefix (web_, auto_, app_, ss_, vmw_, res_) and suggests the correct CLI command
  • Authentication: Makes a live API call to percy.io/api/v1/tokens to verify the token is valid (uses proxy if one was discovered in earlier checks)

Token values are never included in output — only the project type and pass/fail status.

CategoryMeaning
token_missingPERCY_TOKEN is not set or is blank
token_type_infoToken prefix decoded — project type and suggested CLI command
token_auth_passToken authenticated successfully; role shown
token_auth_failToken rejected (HTTP 401 or 403)
token_auth_unexpected_statusPercy API returned an unexpected HTTP status
token_auth_network_errorCould not reach Percy API to validate token
check_skippedToken validation skipped because percy.io is unreachable

9 · Browser Network (Chrome CDP)

Launches headless Chrome to test end-to-end network connectivity through the browser process, including proxy and PAC resolution as Chrome would see it.

Quick Mode

Use --quick to run only the essential checks (connectivity, SSL, and token auth) in ~4 seconds:

npx percy doctor --quick

This is useful for fast triage in CI pipelines or when you just want to verify your token and network are working.

Auto-Doctor on Build Failure

Set PERCY_AUTO_DOCTOR=true to automatically run diagnostics when a Percy build fails:

export PERCY_AUTO_DOCTOR=true
npx percy exec -- your-test-command

When enabled, a build failure triggers a diagnostic run and prints actionable findings inline. This is opt-in and has no effect on successful builds.

Example output

  Percy Doctor — diagnostic check

── Configuration
  ℹ Configuration file detected: /project/.percy.yml
  ✔ Config version: 2 (current)

── CI Environment
  ℹ CI system detected: GitHub Actions
  ✔ Git is available for commit detection.

── Environment Variables
  ℹ Percy environment variables set: PERCY_TOKEN, PERCY_PARALLEL_TOTAL

── SSL / TLS
  ✔ SSL handshake with percy.io succeeded (47ms).

── Network Connectivity
  ✔ Percy API is reachable directly (HTTP 200, 51ms).
  ✔ BrowserStack API is reachable directly (HTTP 200, 72ms).
  ✔ BrowserStack Automate is reachable directly (HTTP 200, 89ms).

── Proxy Configuration
  ℹ No proxy configuration detected in environment or system settings.

── PAC / Auto-Proxy Configuration
  ℹ No PAC (Proxy Auto-Configuration) file detected.

── Token Authentication
  ℹ Token detected (project type: web). Use `percy exec` to run snapshots.
  ✔ Token authentication successful.

── Browser Network
  ✔ Chrome loaded percy.io successfully.

  ✔ 8 passed · 0 warnings · 0 failures (4.2s)

License

MIT

FAQs

Package last updated on 08 May 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

TrapDoor Crypto Stealer Supply Chain Attack Hits 34 Packages and Hundreds of Versions Across npm, PyPI, and Crates.io

Research

/

Security News

TrapDoor Crypto Stealer Supply Chain Attack Hits 34 Packages and Hundreds of Versions Across npm, PyPI, and Crates.io

TrapDoor crypto stealer hits 36 malicious packages across npm, PyPI, and Crates.io, targeting crypto, DeFi, AI, and security developers.

By Socket Research Team  -  May 24, 2026