
Research
/Security News
11 Malicious NuGet Tools Pose as Game Cheats to Drop a Windows Host-Surveillance Payload
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.
@percy/dom
Advanced tools
Serializes a document's DOM into a DOM string suitable for re-rendering.
import serializeDOM from '@percy/dom';
// optional arguments shown with defaults
const domSnapshot = serializeDOM(options)
// via puppeteer
await page.addScriptTag({ path: require.resolve('@percy/dom') })
const domSnapshot = await page.evaluate(() => PercyDOM.serialize(options))
enableJavaScript — When true, does not serialize some DOM elementsdomTransformation — Function to transform the DOM after serializationdisableShadowDOM — disable shadow DOM capturing, usually to be used when enableJavascript: truereshuffleInvalidTags — moves DOM tags which are outside </body> to its inside to make the DOM compliant.The following serialization happens to a cloned instance of the document in order.
Input elements (input, textarea, select) are serialized by setting respective DOM attributes
to their matching JavaScript property counterparts. For example checked, selected, and value.
Frame elements are serialized when they are CORS accessible and if they haven't been built by JavaScript when JavaScript is enabled. They are serialized by recursively serializing the iframe's own document element.
When JavaScript is not enabled, CSSOM rules are serialized by iterating over and appending each rule to a new stylesheet inserted into the document's head.
Canvas elements' drawing buffers are serialized as data URIs and the canvas elements are replaced with image elements. The image elements reference the serialized data URI and have the same HTML attributes as their respective canvas elements. The image elements also have a max-width of 100% to accommodate responsive layouts in situations where canvases may be expected to resize with JS.
Videos without a poster attribute will have the current frame of the video
serialized into an image and set as the poster attribute automatically. This is
to ensure videos have a stable image to display when screenshots are captured.
Shadow dom #shadow-root (open) is serialized into declarative shadow DOM (<template shadowroot="open">) form
Shadow host element is annotated with special identifier attribute named data-percy-shadow-host. This identifier
attribute may be used when passing domTransformation.
All other elements are not serialized. The resulting cloned document is passed to any provided
domTransformation option before the serialize function returns a DOM string.
this example contains scenario of nested shadow DOMs
import serializeDOM from '@percy/dom';
const domSnapshot = serializeDOM({
domTransformation: (documentElement) => {
function insertHelloHeader(root) {
h1 = document.createElement('h1');
h1.innerText = 'Inserted using dom transformations';
root.append(h1);
root.querySelectorAll('[data-percy-shadow-host]')
.forEach(
shadowHost => {
if (shadowHost?.shadowRoot)
insertHelloHeader(shadowHost.shadowRoot)
});
}
insertHelloHeader(documentElement);
}
});
Puppeteer is a Node library which provides a high-level API to control Chrome or Chromium over the DevTools Protocol. It can be used for taking screenshots, generating PDFs, and capturing the DOM. Unlike @percy/dom, Puppeteer is a more general-purpose tool for browser automation and not specifically focused on visual testing.
Cypress is a JavaScript end-to-end testing framework that allows you to write tests for your web applications. It includes features for capturing screenshots and recording videos of tests. While it is not specifically designed for visual testing like @percy/dom, it can be extended with plugins to achieve similar functionality.
Selenium WebDriver is a tool for automating web application testing. It provides APIs to interact with web browsers and can be used to capture screenshots and the DOM. However, it is more complex and less focused on visual testing compared to @percy/dom.
FAQs
Serializes a document's DOM into a DOM string suitable for re-rendering.
The npm package @percy/dom receives a total of 412,750 weekly downloads. As such, @percy/dom popularity was classified as popular.
We found that @percy/dom demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.

Research
/Security News
4 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.