Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
chrome-launcher
Advanced tools
The chrome-launcher npm package is a tool that allows developers to automate the launching of Google Chrome with specific configurations. It is often used for running automated tests, scraping websites, and automating interactions with web pages.
Launching Chrome
This feature allows you to launch a new instance of Chrome. The code sample demonstrates how to launch Chrome with a starting URL.
const chromeLauncher = require('chrome-launcher');
async function launchChrome() {
const chrome = await chromeLauncher.launch({startingUrl: 'https://example.com'});
console.log(`Chrome debugging port running on ${chrome.port}`);
}
launchChrome();
Custom Chrome Flags
This feature enables the use of custom flags when launching Chrome. The code sample shows how to launch Chrome in headless mode with GPU disabled.
const chromeLauncher = require('chrome-launcher');
async function launchChromeWithFlags() {
const chrome = await chromeLauncher.launch({
chromeFlags: ['--headless', '--disable-gpu']
});
console.log(`Chrome debugging port running on ${chrome.port}`);
}
launchChromeWithFlags();
Killing Chrome Instances
This feature allows you to programmatically kill the launched Chrome instance. The code sample illustrates launching Chrome and then killing it after some operations.
const chromeLauncher = require('chrome-launcher');
async function launchAndKillChrome() {
const chrome = await chromeLauncher.launch({startingUrl: 'https://example.com'});
console.log(`Chrome debugging port running on ${chrome.port}`);
// Some time later...
await chrome.kill();
}
launchAndKillChrome();
Puppeteer is a Node library which provides a high-level API to control Chrome or Chromium over the DevTools Protocol. It is similar to chrome-launcher but offers more comprehensive features for interacting with the browser, such as generating screenshots, PDFs, and automating form submissions.
Selenium WebDriver is a browser automation framework that works with multiple browsers, including Chrome. It is more complex and feature-rich compared to chrome-launcher, suitable for full-scale browser automation and testing.
Nightmare is a high-level browser automation library. It is built on top of Electron, which is a framework for creating native applications with web technologies. Nightmare is designed for automating tasks in a simplified manner compared to chrome-launcher, with an emphasis on ease of use and simplicity.
Launch Google Chrome with ease from node.
remote-debugging-port
on an available portkill()
Ctrl-C
(by default) to terminate the Chrome processOnce launched, interacting with the browser must be done over the devtools protocol, typically via chrome-remote-interface. For many cases Puppeteer is recommended, though it has its own chrome launching mechanism.
yarn add chrome-launcher
# or with npm:
npm install chrome-launcher
.launch([opts])
{
// (optional) remote debugging port number to use. If provided port is already busy, launch() will reject
// Default: an available port is autoselected
port: number;
// (optional) When `port` is specified *and* no Chrome is found at that port,
// * if `false` (default), chrome-launcher will launch a new Chrome with that port.
// * if `true`, throw an error
// This option is useful when you wish to explicitly connect to a running Chrome, such as on a mobile device via adb
// Default: false
portStrictMode: boolean;
// (optional) Additional flags to pass to Chrome, for example: ['--headless', '--disable-gpu']
// See: https://github.com/GoogleChrome/chrome-launcher/blob/main/docs/chrome-flags-for-tools.md
// Do note, many flags are set by default: https://github.com/GoogleChrome/chrome-launcher/blob/main/src/flags.ts
chromeFlags: Array<string>;
// (optional) Additional preferences to be set in Chrome, for example: {'download.default_directory': __dirname}
// See: https://chromium.googlesource.com/chromium/src/+/main/chrome/common/pref_names.cc
// Do note, if you set preferences when using your default profile it will overwrite these
prefs: {[key: string]: Object};
// (optional) Close the Chrome process on `Ctrl-C`
// Default: true
handleSIGINT: boolean;
// (optional) Explicit path of intended Chrome binary
// * If this `chromePath` option is defined, it will be used.
// * Otherwise, the `CHROME_PATH` env variable will be used if set. (`LIGHTHOUSE_CHROMIUM_PATH` is deprecated)
// * Otherwise, a detected Chrome Canary will be used if found
// * Otherwise, a detected Chrome (stable) will be used
chromePath: string;
// (optional) Chrome profile path to use, if set to `false` then the default profile will be used.
// By default, a fresh Chrome profile will be created
userDataDir: string | boolean;
// (optional) Starting URL to open the browser with
// Default: `about:blank`
startingUrl: string;
// (optional) Logging level
// Default: 'silent'
logLevel: 'verbose'|'info'|'error'|'silent';
// (optional) Flags specific in [flags.ts](src/flags.ts) will not be included.
// Typically used with the defaultFlags() method and chromeFlags option.
// Default: false
ignoreDefaultFlags: boolean;
// (optional) Interval in ms, which defines how often launcher checks browser port to be ready.
// Default: 500
connectionPollInterval: number;
// (optional) A number of retries, before browser launch considered unsuccessful.
// Default: 50
maxConnectionRetries: number;
// (optional) A dict of environmental key value pairs to pass to the spawned chrome process.
envVars: {[key: string]: string};
};
.launch().then(chrome => ...
// The remote debugging port exposed by the launched chrome
chrome.port: number;
// Method to kill Chrome (and cleanup the profile folder)
chrome.kill: () => Promise<void>;
// The process id
chrome.pid: number;
// The childProcess object for the launched Chrome
chrome.process: childProcess
ChromeLauncher.Launcher.defaultFlags()
Returns an Array<string>
of the default flags Chrome is launched with. Typically used along with the ignoreDefaultFlags
and chromeFlags
options.
Note: This array will exclude the following flags: --remote-debugging-port
--disable-setuid-sandbox
--user-data-dir
.
ChromeLauncher.Launcher.getInstallations()
Returns an Array<string>
of paths to available Chrome installations. When chromePath
is not provided to .launch()
, the first installation returned from this method is used instead.
Note: This method performs synchronous I/O operations.
.killAll()
Attempts to kill all Chrome instances created with .launch([opts])
. Returns a Promise that resolves to an array of errors that occurred while killing instances. If all instances were killed successfully, the array will be empty.
import * as ChromeLauncher from 'chrome-launcher';
async function cleanup() {
await ChromeLauncher.killAll();
}
import * as ChromeLauncher from 'chrome-launcher';
ChromeLauncher.launch({
startingUrl: 'https://google.com'
}).then(chrome => {
console.log(`Chrome debugging port running on ${chrome.port}`);
});
import * as ChromeLauncher from 'chrome-launcher';
ChromeLauncher.launch({
startingUrl: 'https://google.com',
chromeFlags: ['--headless', '--disable-gpu']
}).then(chrome => {
console.log(`Chrome debugging port running on ${chrome.port}`);
});
import * as ChromeLauncher from 'chrome-launcher';
const newFlags = ChromeLauncher.Launcher.defaultFlags().filter(flag => flag !== '--disable-extensions' && flag !== '--mute-audio');
ChromeLauncher.launch({
ignoreDefaultFlags: true,
chromeFlags: newFlags,
}).then(chrome => { ... });
In a CI environment like Travis, Chrome may not be installed. If you want to use chrome-launcher
, Travis can install Chrome at run time with an addon. Alternatively, you can also install Chrome using the download-chrome.sh
script.
Then in .travis.yml
, use it like so:
language: node_js
install:
- yarn install
before_script:
- export DISPLAY=:99.0
- export CHROME_PATH="$(pwd)/chrome-linux/chrome"
- sh -e /etc/init.d/xvfb start
- sleep 3 # wait for xvfb to boot
addons:
chrome: stable
FAQs
Launch latest Chrome with the Devtools Protocol port open
We found that chrome-launcher demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.