Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
axe-webdriverjs
Advanced tools
Provides a chainable aXe API for Selenium's WebDriverJS and automatically injects into all frames.
Install Node.js if you haven't already. For running axe-webdriverjs tests read more about setting up your environment.
Download and install any necessary browser drivers on your machine's PATH. More on Webdriver setup.
Install Selenium Webdriver: npm install selenium-webdriver --no-save
Install axe-webdriverjs and its dependencies: npm install axe-webdriverjs
This module uses a chainable API to assist in injecting, configuring and analyzing using aXe with Selenium WebDriverJS. As such, it is required to pass an instance of WebDriver.
Here is an example of a script that will drive Selenium to this repository, perform analysis and then log results to the console.
var AxeBuilder = require('axe-webdriverjs');
var WebDriver = require('selenium-webdriver');
var driver = new WebDriver.Builder()
.forBrowser('firefox')
.build();
driver
.get('https://dequeuniversity.com/demo/mars/')
.then(function() {
AxeBuilder(driver).analyze(function(err, results) {
if (err) {
// Handle error somehow
}
console.log(results);
});
});
Constructor for the AxeBuilder helper. You must pass an instance of selenium-webdriver as the first and only argument. Can be called with or without the new
keyword.
var builder = AxeBuilder(driver);
If you wish to run a specific version of axe-core, you can pass the source axe-core source file in as a string. Doing so will mean axe-webdriverjs runs this version of axe-core, instead of the one installed as a dependency of axe-webdriverjs.
var axeSource = fs.readFileSync('./axe-1.0.js', 'utf8');
var builder = AxeBuilder(driver, axeSource);
Adds a CSS selector to the list of elements to include in analysis
AxeBuilder(driver)
.include('.results-panel');
Add a CSS selector to the list of elements to exclude from analysis
AxeBuilder(driver)
.include('.results-panel')
.exclude('.results-panel h2');
Specifies options to be used by axe.a11yCheck
. Will override any other configured options, including calls to withRules
and withTags
. See axe-core API documentation for information on its structure.
AxeBuilder(driver)
.options({ checks: { 'valid-lang': ['orcish'] } });
Limits analysis to only those with the specified rule IDs. Accepts a String of a single rule ID or an Array of multiple rule IDs. Subsequent calls to AxeBuilder#options
, AxeBuilder#withRules
or AxeBuilder#withRules
will override specified options.
AxeBuilder(driver)
.withRules('html-lang');
AxeBuilder(driver)
.withRules(['html-lang', 'image-alt']);
Limits analysis to only those with the specified rule IDs. Accepts a String of a single tag or an Array of multiple tags. Subsequent calls to AxeBuilder#options
, AxeBuilder#withRules
or AxeBuilder#withRules
will override specified options.
AxeBuilder(driver)
.withTags('wcag2a');
AxeBuilder(driver)
.withTags(['wcag2a', 'wcag2aa']);
Skips verification of the rules provided. Accepts a String of a single rule ID or an Array of multiple rule IDs. Subsequent calls to AxeBuilder#options
, AxeBuilder#disableRules
will override specified options.
AxeBuilder(driver)
.disableRules('color-contrast');
or use it combined with some specified tags:
AxeBuilder(driver)
.withTags(['wcag2a', 'wcag2aa'])
.disableRules('color-contrast');
Inject an aXe configuration object to modify the ruleset before running Analyze. Subsequent calls to this
method will invalidate previous ones by calling axe.configure
and replacing the config object. See
axe-core API documentation
for documentation on the object structure.
var config = {
checks: [Object],
rules: [Object]
};
AxeBuilder(driver)
.configure(config)
.analyze(function(err, results) {
if (err) {
// Handle error somehow
}
console.log(results);
});
Performs analysis and passes any encountered error and/or the result object to the provided callback function or promise function. Does not chain as the operation is asynchronous
AxeBuilder(driver)
.analyze(function(err, results) {
if (err) {
// Handle error somehow
}
console.log(results);
});
Using the returned promise (optional):
AxeBuilder(driver)
.analyze()
.then(function(results) {
console.log(results);
})
.catch(err => {
// Handle error somehow
});
NOTE: to maintain backwards compatibility, the analyze
function will also accept a callback which takes a single results
argument. However, if an error is encountered during analysis, the error will be raised which will cause the process to crash. ⚠️ This functionality will be removed in the next major release.⚠️
This project has a couple integrations that demonstrate the ability and use of this module:
Read the documentation on contributing
FAQs
Provides a method to inject and analyze web pages using aXe
The npm package axe-webdriverjs receives a total of 9,599 weekly downloads. As such, axe-webdriverjs popularity was classified as popular.
We found that axe-webdriverjs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.