Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@sum.cumo/lighthouse-keeper
Advanced tools
Lighthouse Keeper makes it easier to run specific Lighthouse audits on a set of URLs.
npm install --save-dev @sum.cumo/lighthouse-keeper
You need a Chrome installation in order to be able to use Lighthouse.
lighthouse-keeper --config path/to/config.js[on]
These are the possible options for the configuration file:
Option | Description | Default |
---|---|---|
extends | name of a predefined set of configurations | optional |
urls | array of URLs to scan | [] |
extendedInfo | display extended info of the audit | false by default. If the audit is not satisfied extendInfo turns true |
allAudits | indicates if all audits should be evaluated | false |
onlyAudits | array of audit keys to evaluate (see below) | [] |
skipAudits | array of audit keys to be skipped (see below) | [] |
scores | object of minimum scores per category (see below) to obtain | {} |
auditPassThreshold | Threshold of the score to pass an audit (0 - 1) | 0.75 |
There is a predefined set of options called 'recommended. This looks like this:
skipAudits: [
"uses-webp-images",
"hreflang",
"installable-manifest",
"without-javascript",
]
{
"extends": "recommended",
"urls": [
"https://www.example.com/"
],
"scores": {
"performance": 90,
"accessibility": 90,
"best-practices": 90,
"seo": 80
},
"onlyAudits": [
"performance",
"accessibility",
"best-practices",
"seo"
],
"skipAudits": [
"uses-responsive-images",
"uses-webp-images",
"meta-description"
],
"extendedInfo": true
}
(Reasoning behind this sample config.)
lighthouse-keeper --url https://www.example.com --audits accesskeys,uses-http2 --scores seo:90,best-practices:10
These are the possible options for the CLI:
Option | Description | Mandatory |
---|---|---|
url | the URL to scan | yes |
audits | list of audits that should be evaluated (see below) | no |
skip | list of audits that should be skipped (see below) | no |
scores | list of minimum scores per category to obtain (see below) | no |
showaudits | only show the available audits | no |
List entries must be separated by comma.
Category ID | Description |
---|---|
accessibility | These checks highlight opportunities to improve the accessibility of your web app. Only a subset of accessibility issues can be automatically detected so manual testing is also encouraged. |
best-practices | We’ve compiled some recommendations for modernizing your web app and avoiding performance pitfalls. |
performance | These encapsulate your web app’s current performance and opportunities to improve it. |
pwa | These checks validate the aspects of a Progressive Web App, as specified by the baseline PWA Checklist. |
seo | These checks ensure that your page is optimized for search engine results ranking. There are additional factors Lighthouse does not check that may affect your search ranking. Learn more. |
If you want to see a list of all available audits, run
lighthouse-keeper --url https://www.example.com/ --showaudits
The url
is actually irrelevant for the list, but needed for running Lighthouse to parse the response.
Please have in mind that there are audits like screenshot-thumbnails
which can’t be validated. These audits are marked with a ⚠
in the audits list and with (?)
in the result.
Copyright 2018 sum.cumo GmbH
Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Learn more about sum.cumo and work on open source projects, too!
FAQs
CLI tool for running Google’s Lighthouse checks
We found that @sum.cumo/lighthouse-keeper demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.