Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
chromium-bidi
Advanced tools
An implementation of the WebDriver BiDi protocol for Chromium implemented as a JavaScript layer translating between BiDi and CDP, running inside a Chrome tab.
The chromium-bidi npm package provides a BiDi (Bidirectional) protocol implementation for Chromium-based browsers. It allows for remote control of the browser, enabling automation and interaction with web pages through a standardized protocol.
Browser Control
This feature allows you to launch a Chromium browser, navigate to a webpage, and interact with it. The code sample demonstrates launching the browser, opening a new page, navigating to 'https://example.com', printing the page title, and closing the browser.
const { chromiumBidi } = require('chromium-bidi');
(async () => {
const browser = await chromiumBidi.launch();
const page = await browser.newPage();
await page.goto('https://example.com');
console.log(await page.title());
await browser.close();
})();
Element Interaction
This feature allows you to interact with elements on a webpage. The code sample demonstrates launching the browser, opening a new page, navigating to 'https://example.com', selecting an 'h1' element, printing its text content, and closing the browser.
const { chromiumBidi } = require('chromium-bidi');
(async () => {
const browser = await chromiumBidi.launch();
const page = await browser.newPage();
await page.goto('https://example.com');
const element = await page.$('h1');
console.log(await element.textContent());
await browser.close();
})();
Screenshot Capture
This feature allows you to capture screenshots of web pages. The code sample demonstrates launching the browser, opening a new page, navigating to 'https://example.com', capturing a screenshot, and saving it as 'example.png'.
const { chromiumBidi } = require('chromium-bidi');
(async () => {
const browser = await chromiumBidi.launch();
const page = await browser.newPage();
await page.goto('https://example.com');
await page.screenshot({ path: 'example.png' });
await browser.close();
})();
Puppeteer is a Node library which provides a high-level API to control Chrome or Chromium over the DevTools Protocol. It is similar to chromium-bidi in that it allows for browser automation, but it uses the DevTools Protocol instead of the BiDi protocol.
Selenium WebDriver is a collection of language-specific bindings to drive a browser. It is widely used for browser automation and testing. Unlike chromium-bidi, Selenium WebDriver supports multiple browsers and is not limited to Chromium-based browsers.
Playwright is a Node library to automate Chromium, Firefox, and WebKit with a single API. It offers similar functionalities to chromium-bidi but supports multiple browser engines, making it more versatile for cross-browser testing.
This is an implementation of the WebDriver BiDi protocol with some extensions (BiDi+) for Chromium, implemented as a JavaScript layer translating between BiDi and CDP, running inside a Chrome tab.
Current status can be checked at WPT WebDriver BiDi status.
"BiDi+" is an extension of the WebDriver BiDi protocol. In addition to WebDriver BiDi it has:
goog:cdp.sendCommand
CdpSendCommandCommand = {
method: "goog:cdp.sendCommand",
params: CdpSendCommandParameters,
}
CdpSendCommandParameters = {
method: text,
params: any,
session?: text,
}
CdpSendCommandResult = {
result: any,
session: text,
}
The command runs the described CDP command and returns the result.
goog:cdp.getSession
CdpGetSessionCommand = {
method: "goog:cdp.getSession",
params: CdpGetSessionParameters,
}
CdpGetSessionParameters = {
context: BrowsingContext,
}
CdpGetSessionResult = {
session: text,
}
The command returns the default CDP session for the selected browsing context.
goog:cdp.resolveRealm
CdpResolveRealmCommand = {
method: "goog:cdp.resolveRealm",
params: CdpResolveRealmParameters,
}
CdpResolveRealmParameters = {
realm: Script.Realm,
}
CdpResolveRealmResult = {
executionContextId: text,
}
The command returns resolves a BiDi realm to its CDP execution context ID.
goog:cdp
CdpEventReceivedEvent = {
method: "goog:cdp.<CDP Event Name>",
params: CdpEventReceivedParameters,
}
CdpEventReceivedParameters = {
event: text,
params: any,
session: text,
}
The event contains a CDP event.
goog:channel
Each command can be extended with a goog:channel
:
Command = {
id: js-uint,
"goog:channel"?: text,
CommandData,
Extensible,
}
If provided and non-empty string, the very same goog:channel
is added to the response:
CommandResponse = {
id: js-uint,
"goog:channel"?: text,
result: ResultData,
Extensible,
}
ErrorResponse = {
id: js-uint / null,
"goog:channel"?: text,
error: ErrorCode,
message: text,
?stacktrace: text,
Extensible
}
When client uses
commands session.subscribe
and session.unsubscribe
with goog:channel
, the subscriptions are handled per channel, and the corresponding
goog:channel
filed is added to the event message:
Event = {
"goog:channel"?: text,
EventData,
Extensible,
}
npm
This is a Node.js project, so install dependencies as usual:
npm install
cargo
We use cddlconv to generate our WebDriverBiDi types before building.
cargo install --git https://github.com/google/cddlconv.git cddlconv
Refer to the documentation at .pre-commit-config.yaml.
pre-commit install --hook-type pre-push
Re-installing pre-commit locally:
pre-commit clean && pip install pre-commit
This will run the server on port 8080
:
npm run server
Use the PORT=
environment variable or --port=
argument to run it on another port:
PORT=8081 npm run server
npm run server -- --port=8081
Use the DEBUG
environment variable to see debug info:
DEBUG=* npm run server
Use the DEBUG_DEPTH
(default: 10
) environment variable to see debug deeply nested objects:
DEBUG_DEPTH=100 DEBUG=* npm run server
Use the CHANNEL=...
environment variable with one of the following values to run
the specific Chrome channel: stable
, beta
, canary
, dev
, local
. Default is
local
. The local
channel means the pinned in .browser
Chrome version will be
downloaded if it is not yet in cache. Otherwise, the requested Chrome version should
be installed.
CHANNEL=dev npm run server
Use the CLI argument --verbose
to have CDP events printed to the console. Note: you have to enable debugging output bidi:mapper:debug:*
as well.
DEBUG=bidi:mapper:debug:* npm run server -- --verbose
or
DEBUG=* npm run server -- --verbose
TODO: verify it works on Windows.
You can also run the server by using npm run server
. It will write
output to the file log.txt
:
npm run server -- --port=8081 --headless=false
Sometimes it good to verify that a change will not affect thing downstream for other packages.
There is a useful puppeteer
label you can add to any PR to run Puppeteer test with your changes.
It will bundle chromium-bidi
and install it in Puppeteer project then run that package test.
Running:
npm run unit
The e2e tests serve the following purposes:
The E2E tests are written using Python, in order to more-or-less align with the web-platform-tests.
Python 3.10+ and some dependencies are required:
python -m pip install --user pipenv
pipenv install
The E2E tests require BiDi server running on the same host. By default, tests
try to connect to the port 8080
. The server can be run from the project root:
npm run e2e # alias to to e2e:headless
npm run e2e:headful
npm run e2e:headless
This commands will run ./tools/run-e2e.mjs
, which will log the PyTest output to console,
Additionally the output is also recorded under ./logs/<DATE>.e2e.log
, this will contain
both the PyTest logs and in the event of FAILED
test all the Chromium-BiDi logs.
If you need to see the logs for all test run the command with VERBOSE=true
.
Simply pass npm run e2e -- tests/<PathOrFile>
and the e2e will run only the selected one.
You run a specific test by running npm run e2e -- -k <TestName>
.
Use CHROMEDRIVER
environment to run tests in chromedriver
instead of NodeJS runner:
CHROMEDRIVER=true npm run e2e
Use the PORT
environment variable to connect to another port:
PORT=8081 npm run e2e
Use the HEADLESS
to run the tests in headless (new or old) or headful modes.
Values: new
, old
, false
, default: new
.
HEADLESS=new npm run e2e
npm run e2e -- --snapshot-update true
See https://github.com/tophat/syrupy for more information.
E2E tests use local http
server pytest-httpserver
, which is run
automatically with the tests. However,
sometimes it is useful to run the http server outside the test
case, for example for manual debugging. This can be done by running:
pipenv run local_http_server
...or directly:
python tests/tools/local_http_server.py
Refer to examples/README.md.
WPT is added as a git submodule. To get run WPT tests:
git submodule update --init
cd wpt
Follow the System Setup instructions.
hosts
fileFollow
the hosts
File Setup
instructions.
./wpt make-hosts-file | sudo tee -a /etc/hosts
This must be run in a PowerShell session with Administrator privileges:
python wpt make-hosts-file | Out-File $env:SystemRoot\System32\drivers\etc\hosts -Encoding ascii -Append
If you are behind a proxy, you also need to make sure the domains above are excluded from your proxy lookups.
BROWSER_BIN
Set the BROWSER_BIN
environment variable to a Chrome, Edge or Chromium binary to launch.
For example, on macOS:
# Chrome
export BROWSER_BIN="/Applications/Google Chrome Canary.app/Contents/MacOS/Google Chrome Canary"
export BROWSER_BIN="/Applications/Google Chrome Dev.app/Contents/MacOS/Google Chrome Dev"
export BROWSER_BIN="/Applications/Google Chrome Beta.app/Contents/MacOS/Google Chrome Beta"
export BROWSER_BIN="/Applications/Google Chrome.app/Contents/MacOS/Google Chrome"
export BROWSER_BIN="/Applications/Chromium.app/Contents/MacOS/Chromium"
# Edge
export BROWSER_BIN="/Applications/Microsoft Edge Canary.app/Contents/MacOS/Microsoft Edge Canary"
export BROWSER_BIN="/Applications/Microsoft Edge.app/Contents/MacOS/Microsoft Edge"
https://www.google.com/chrome/dev/
Oneshot:
npm run build
Continuously:
npm run build --watch
npm run wpt -- webdriver/tests/bidi/
UPDATE_EXPECTATIONS=true npm run wpt -- webdriver/tests/bidi/
The architecture is described in the WebDriver BiDi in Chrome Context implementation plan .
There are 2 main modules:
src
. It runs webSocket server, and for each ws connection
runs an instance of browser with BiDi Mapper.src/bidiMapper
. Gets BiDi commands from the backend,
and map them to CDP commands.The BiDi commands are processed in the src/bidiMapper/commandProcessor.ts
. To add a
new command, add it to _processCommand
, write and call processor for it.
npm
releasechromium-bidi
maintains release branches corresponding to Chrome releases. The
branches are named using the following pattern: releases/m$MAJOR_VERSION
.
The new release branch is created as soon a new major browser version is published by the update-browser-version job:
Changes that need to be cherry-picked into the release branch should be marked as patches. Either major or minor version bumps are not allowed on the release branch.
Example workflow:
gitGraph
commit id: "feat: featA"
commit id: "release: v0.5.0"
branch release/m129
checkout main
commit id: "feat: roll Chrome to M130 from 129"
commit id: "release: v0.6.0"
commit id: "fix: for m129"
checkout release/m129
cherry-pick id: "fix: for m129"
commit id: "release: v0.5.1 "
Currently, the releases from release branches are not automated.
We use release-please to automate releases. When a release should be done, check for the release PR in our pull requests and merge it.
Dry-run
npm publish --dry-run
Open a PR bumping the chromium-bidi version number in package.json
for review:
npm version patch -m 'chore: Release v%s' --no-git-tag-version
Instead of patch
, use minor
or major
as needed.
After the PR is reviewed, create a GitHub release specifying the tag name matching the bumped version. Our CI then automatically publishes the new release to npm based on the tag name.
This section assumes you already have a Chromium set-up locally, and knowledge on how to submit changes to the repo. Otherwise submit an issue for a project maintainer.
src/
.third_party/bidimapper/roll_bidmapper
Submit a CL with bug 42323268
(link).
Regenerate WPT expectations or baselines:
4.1. Trigger a build and test run:
third_party/blink/tools/blink_tool.py rebaseline-cl --build="linux-blink-rel" --verbose
4.2. Once the test completes on the builder, rerun that command to update the baselines. Update test expectations if there are any crashes or timeouts. Commit the changes (if any), and upload the new patch to the CL.
Add appropriate reviewers or comment the CL link on the PR.
Want to add a shiny new command to WebDriver BiDi for Chromium? Here's the playbook:
The WebDriver BiDi module, command, or event must be specified either in the WebDriver BiDi specification or as an extension in a separate specification (e.g., the Permissions specification). The specification should include the command's type definitions in valid CDDL format.
You'll need tests to prove your command works as expected. These tests should be written using WPT wdspec and submitted along with the spec itself. Don't forget to roll the WPT repo into the Mapper (dependabot can help, and you will likely need to tweak some expectations afterward).
Make sure Chromium already has the CDP methods your command will rely on.
error: Switch is not exhaustive. Cases not matched: "{NEW_COMMAND_NAME}" @typescript-eslint/switch-exhaustiveness-check
CommandProcessor.#processCommand
. For now, just have it throw an UnknownErrorException (see the example for how to do this).case '{NEW_COMMAND_NAME}':
throw new UnknownErrorException(
`Method ${command.method} is not implemented.`,
);
CommandProcessor.#processCommand
handles parsing parameters and running your command.
If your command has parameters, update the BidiCommandParameterParser
and implement the parsing logic in BidiNoOpParser
, BidiParser
and protocol-parser
. Look at the example for guidance.
Write the core logic for your command in the appropriate domain processor. Again, example is your friend.
Call your new module processor method from CommandProcessor.#processCommand
, passing in the parsed parameters. Example.
Write end-to-end tests for your command, including the happy path and any edge cases that might trip things up. Focus on testing the code in the mapper.
Your WPT tests will probably fail now.
Tests with unexpected results: PASS [expected FAIL] ...
Update the expectations in a draft PR with the "update-expectations" label. This will trigger an automated PR "test: update the expectations for PR" that you'll need to merge to your branch.
Mark your PR as ready, get it reviewed, and merge it in.
This bit usually involves the core devs:
FAQs
An implementation of the WebDriver BiDi protocol for Chromium implemented as a JavaScript layer translating between BiDi and CDP, running inside a Chrome tab.
The npm package chromium-bidi receives a total of 4,660,440 weekly downloads. As such, chromium-bidi popularity was classified as popular.
We found that chromium-bidi demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.