Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Chromium binaries for your NodeJS project
node-chromium allows you to easily add Chromium binaries to your project and use it for automation, testing, web scraping or just for fun.
Chromium is an open-source web browser developed and maintained by The Chromium Project. Google Chrome, also released in 2008, is a proprietary web browser developed and maintained by Google. The reason why Chrome and Chromium are tied to each other is that Chome borrows Chromium’s source code.
The main benefit of using Chromium is that it doesn't include all the proprietary modifications made by Google, thus it's more lightweight and more suitable for automation purposes.
You can see full list of differences in Fossbytes article.
Starting from version 2.2.0
node-chromium
is tested against and supports Node.js LTS and latest stable releases
Versions 2.0.0
- 2.1.2
support Node.js 7+
If you need to use older versions of Node.js try node-chromium 1.x.x
releases.
Depending on your needs, you can install module into devDependencies (--save-dev
) or production dependencies (--save
)
npm install --save chromium
During the installation process node-chromium will find the latest suitable build for your platform, download it and extract into libraries folder. As soon as installation is finished, you are ready to use Chromium in your project:
const chromium = require('chromium');
const {execFile} = require('child_process');
execFile(chromium.path, ['https://google.com'], err => {
console.log('Hello Google!');
});
When downloading the chromium binary node-chromium will use the proxy configured for npm
to establish HTTP(S) connections. The proxy used by npm
can be configured using
npm config set proxy http://<username>:<password>@<the.proxy.hostname>:<port>
npm config set https-proxy http://<username>:<password>@<the.proxy.hostname>:<port
npm config set no-proxy localhost,127.0.0.1,example.org
Additionally proxy settings found in the environment variables HTTP_PROXY
, HTTPS_PROXY
and NO_PROXY
will be used if they are not defined in the .npmrc
file.
If you want to specify the revision of Chromium to be installed, just set the environment variable NODE_CHROMIUM_REVISION
to the number of the revision you want to install, as in:
export NODE_CHROMIUM_REVISION=729994
Note - may also be set in .npmrc like so:
node_chromium_revision=729994
You may download a specific revision from an alternate download host using the environment variable NODE_CHROMIUM_DOWNLOAD_HOST
, for example:
export NODE_CHROMIUM_REVISION=737027
export NODE_CHROMIUM_DOWNLOAD_HOST=https://npm.taobao.org/mirrors/chromium-browser-snapshots/
# If running on Linux x64 this will download binary from:
# https://npm.taobao.org/mirrors/chromium-browser-snapshots/Linux_x64/737027/chrome-linux.zip?alt=media
Notes on NODE_CHROMIUM_DOWNLOAD_HOST
:
https://www.googleapis.com/download/storage/v1/b/chromium-browser-snapshots/o/
<NODE_CHROMIUM_DOWNLOAD_HOST>/<PLATFORM_ARCHITECTURE>/<REVISION>/<OS_CHROMIUM_FILE_NAME>.zip?alt=media
for example see the taobao mirror chromium-browser-snapshots.node_chromium_download_host=https://npm.taobao.org/mirrors/chromium-browser-snapshots/
node_chromium_revision=737027
It's extremely easy to use node-chromium with selenium-webdriver to perform e2e tests without spawning browser UI. First, install all dependencies
npm install --save chromium chromedriver selenium-webdriver
After the installation is finished, create simple script that opens Google Search home page and takes it's screenshot in headless mode.
const fs = require('fs');
const webdriver = require('selenium-webdriver');
const chrome = require('selenium-webdriver/chrome');
const chromium = require('chromium');
require('chromedriver');
async function start() {
let options = new chrome.Options();
options.setChromeBinaryPath(chromium.path);
options.addArguments('--headless');
options.addArguments('--disable-gpu');
options.addArguments('--window-size=1280,960');
const driver = await new webdriver.Builder()
.forBrowser('chrome')
.setChromeOptions(options)
.build();
await driver.get('http://google.com');
console.log('Hello Google!');
await takeScreenshot(driver, 'google-start-page');
await driver.quit();
}
async function takeScreenshot(driver, name) {
await driver.takeScreenshot().then((data) => {
fs.writeFileSync(name + '.png', data, 'base64');
console.log('Screenshot is saved');
});
}
start();
By default downloaded chromium binaries are cached in the appropriate cache directory for your operating system.
You may override the cache path by setting the NODE_CHROMIUM_CACHE_PATH
environment variable to a directory path, for example:
export NODE_CHROMIUM_CACHE_PATH=/path/to/cache/dir/
# or in .npmrc like so:
# node_chromium_cache_path=/path/to/cache/dir/
You may disable caching by setting NODE_CHROMIUM_CACHE_DISABLE
to true
:
export NODE_CHROMIUM_CACHE_DISABLE=true
# or in .npmrc like so:
# node_chromium_cache_disable=true
Chromium will ordinarily be installed when you exectute npm install
however you may wish to skip this step if you are going to defer installation and perform it programatically at a later stage. Below is an example of how to do so.
export NODE_CHROMIUM_SKIP_INSTALL=true
# or in .npmrc like so:
# node_chromium_skip_install=true
Then install it programatically when you need it:
chromium.install().then(function() {
// do stuff...
});
Rick Brown |
Alex Schlosser | psociety | Daniel Hernández Alcojor | Ryan Cooney | Amila Welihinda | Timon Kurmann | Jakub Wąsik |
MIT
FAQs
Chromium binaries for Node.js projects
The npm package chromium receives a total of 16,258 weekly downloads. As such, chromium popularity was classified as popular.
We found that chromium demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.