Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
The bowser npm package is a browser detection library. It helps in identifying the browser and rendering engine a user is using, as well as providing information about the browser's capabilities, such as whether it supports touch events or service workers. This can be particularly useful for tailoring user experiences to different environments or for analytics and debugging purposes.
Browser Detection
Detects the browser name using the user agent string.
const Bowser = require('bowser');
const browser = Bowser.getParser(window.navigator.userAgent);
const browserName = browser.getBrowserName();
Browser Version Detection
Determines the version of the browser being used.
const Bowser = require('bowser');
const browser = Bowser.getParser(window.navigator.userAgent);
const browserVersion = browser.getBrowserVersion();
Platform Detection
Identifies the platform (desktop, mobile, tablet, etc.) on which the browser is running.
const Bowser = require('bowser');
const browser = Bowser.getParser(window.navigator.userAgent);
const platformType = browser.getPlatformType();
Feature Checks
Checks if the browser supports certain features, such as touch events.
const Bowser = require('bowser');
const browser = Bowser.getParser(window.navigator.userAgent);
const supportsTouch = browser.satisfies({
'mobile': { 'touch': true }
});
OS Detection
Determines the operating system on which the browser is running.
const Bowser = require('bowser');
const browser = Bowser.getParser(window.navigator.userAgent);
const osName = browser.getOSName();
The 'useragent' package is similar to 'bowser' in that it parses user agent strings to detect browser information. However, it focuses more on the parsing aspect and less on the browser's capabilities.
The 'platform' package provides information about the operating system, browser, and device based on the user agent string. It is similar to 'bowser' but has a simpler API and less detailed detection of browser features.
The 'detect-browser' package is another alternative for detecting browser information from the user agent string. It is a smaller and more lightweight library compared to 'bowser', but it may not offer as comprehensive feature detection.
A Browser detector. Because sometimes, there is no other way, and not even good modern browsers always provide good feature detection mechanisms.
So... it works like this:
if (bowser.msie && bowser.version <= 6) {
alert('Hello China');
}
We don't save built script in the repo anymore. The main file (src/bowser.js
) is available through NPM or Bower.
Also you can download minified file from the release page.
browser = require('bowser').browser;
becomes browser = require('bowser');
:Object
Use it to get object with detected flags of your current browser.
:String
):Object
Use it to get object with detected flags from User Agent string.
:Object
, strictMode:Boolean
, [ua]:String
):Boolean
Use it to check if browser supported.
browser.check({msie: "11"}, window.navigator.userAgent);
// true / false
:Array<String>
):Number
Use it to compare two versions.
browser.compareVersions(['9.0', '10']);
// -1
:Object
, [strictMode]:Boolean
, [ua]:string
):Boolean
Use it to check if browser is unsupported.
browser.isUnsupportedBrowser({msie: "10"}, window.navigator.userAgent);
// true / false
See more examples in tests.
Your mileage may vary, but these flags should be set. See Contributing below.
alert('Hello ' + bowser.name + ' ' + bowser.version);
These flags are set for all detected browsers:
name
- A human readable name for this browser. E.g. 'Chrome', ''version
- Version number for the browser. E.g. '32.0'For unknown browsers, Bowser makes a best guess from the UA string. So, these may not be set.
If detected, one of these flags may be set to true:
webkit
- Chrome 0-27, Android <4.4, iOs, BB, etc.blink
- Chrome >=28, Android >=4.4, Opera, etc.gecko
- Firefox, etc.msie
- IE <= 11msedge
- IE > 11Safari, Chrome and some other minor browsers will report that they have webkit
engines.
Firefox and Seamonkey will report that they have gecko
engines.
if (bowser.webkit) {
// do stuff with safari & chrome & opera & android & blackberry & webos & silk
}
If detected, one of these flags may be set to true:
mobile
- All detected mobile OSes are additionally flagged mobile
, unless it's a tablettablet
- If a tablet device is detected, the flag tablet
is set instead of mobile
.If detected, one of these flags may be set to true. The rendering engine flag is shown in []'s:
chrome
- [webkit
|blink
]firefox
- [gecko
]msie
msedge
safari
- [webkit
]android
- native browser - [webkit
|blink
]ios
- native browser - [webkit
]opera
- [blink
if >=15]phantom
- [webkit
]blackberry
- native browser - [webkit
]webos
- native browser - [webkit
]silk
- Amazon Kindle browser - [webkit
]bada
- [webkit
]tizen
- [webkit
]seamonkey
- [gecko
]sailfish
- [gecko
]ucbrowser
— [webkit
]qupzilla
— [webkit
]vivaldi
— [blink
]sleipnir
— [blink
]kMeleon
— [gecko
]For all detected browsers the browser version is set in the version
field.
If detected, one of these flags may be set to true:
mac
windows
- other than Windows Phonewindowsphone
linux
- other than android
, chromeos
, webos
, tizen
, and sailfish
chromeos
android
ios
- also sets one of iphone
/ipad
/ipod
blackberry
firefoxos
webos
- may also set touchpad
bada
tizen
sailfish
osversion
may also be set:
osversion
- for Android, iOS, Windows Phone, WebOS, Bada, and Tizen. If included in UA string.iOS is always reported as ios
and additionally as iphone
/ipad
/ipod
, whichever one matches best.
If WebOS device is an HP TouchPad the flag touchpad
is additionally set.
One of these flags may be set:
a
- This browser has full capabilitiesc
- This browser has degraded capabilities. Serve simpler versionx
- This browser has minimal capabilities and is probably not well detected.There is no b
. For unknown browsers, none of these flags may be set.
package.json
"dependencies": {
"bowser": "x.x.x"
}
if (require('bowser').chrome) {
alert('Hello Silicon Valley')
}
If you'd like to contribute a change to bowser, modify the files in src/
, then run the following (you'll need node + npm installed):
$ npm install
$ make test
Please do not check-in the built files bowser.js
and bowser.min.js
in pull requests.
See the list in src/useragents.js
with example user agents and their expected bowser object.
Whenever you add support for new browsers or notice a bug / mismatch, please update the list and check if all tests are still passing.
Licensed as MIT. All rights not explicitly granted in the MIT license are reserved. See the included LICENSE file for more details.
1.4.3 (July 27, 2016)
Object doesn't support this property or method
on IE8FAQs
Lightweight browser detector
We found that bowser demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.