Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Chromy is a library for operating headless chrome.
Document Site: https://onetapinc.github.io/chromy/
Chromy is similar to Nightmare.js but has some differences:
headless mode is supported by Chrome59 or later.
npm i chromy
const Chromy = require('chromy')
// not headless
// let chromy = new Chromy({visible:true})
let chromy = new Chromy()
chromy.chain()
.goto('http://example.com/')
.evaluate(() => {
return document.querySelectorAll('*').length
})
.result((r) => console.log(r))
.end()
.then(() => chromy.close())
You can also use async/await interfaces like this:
const Chromy = require('chromy')
async function main () {
let chromy = new Chromy()
await chromy.goto('http://example.com/')
const result = await chromy.evaluate(() => {
return document.querySelectorAll('*').length
})
console.log(result)
await chromy.close()
}
main()
Chromy provides mobile emulation.
The emulation changes a screen resolution, density, userAgent and provides touch emulation.
const Chromy = require('chromy')
let chromy = new Chromy()
chromy.chain()
.emulate('iPhone6')
.goto('http://example.com/')
.tap(100, 100) // emulate tap action by synthesizing touch events.
.evaluate(() => {
return navigator.userAgent
})
.result(console.log)
.end()
.then(() => chromy.close())
Launches Chrome browser.
startingUrl: a staring url. If you set to null 'about:blank' is used as a starting url.
Goes to url. If you have not called start(), this method calls start(url) automatically.
waitLoadEvent(default: true): If set to false, goto() doesn't wait until load event is fired.
Returns Response object
wait until a load event is fired.
set a useragent.
ua: new user agent.
add custom device definitions to emulate it.
See src.
emulate a device that is defined by Chromy.addCustomDevice()
.
go forward to the next page and wait until load event is fired.
go back to the previous page and wait until load event is fired.
Injects a file into browser as a javascript or a css.
type: must be 'js' or 'css' file: injected file.
Evaluates a expression in the browser context.
If the expression returns a Promise object, the promise is resolved automatically.
result() receives a result of previous directive.
chromy.chain()
.goto('http://example.com')
.evaluate(() => {
return document.querySelectorAll('*').length
})
.result((length) => {
// length is a result of evaluate() directive.
console.log(length)
}
.end()
Returns whether an node matched with the selector is exists.
Returns whether an node matched with the selector is exists and visible.
alias for .sleep(msec)
wait until selector you specified appear in a DOM tree.
wait until function you supplied is evaluated as true. func() executes in browser window context.
wait for milli seconds you specified.
Sets the files to a file field that matches the selector.
waitLoadEvent(default: false): If set to true, wait until load event is fired after click event is fired.
Dispatch mousemoved event.
Dispatch mousedown event.
Dispatch mouseup event.
Synthesize tap by dispatching touch events. (NOTE: To dispatch touch events you need to enable a mobile emulation before.)
Synthesize double tap by dispatching touch events. (NOTE: To dispatch touch events you need to enable a mobile emulation before.)
Scrolls to the position. x and y means relative position.
Scrolls to the position. x and y means absolute position.
Returns a rect of the element specified by selector.
Returns an array of rects that is specified by selector.
function outerFunc () {
return 'VALUE'
}
chromy.chain()
.goto('http://example.com')
.defineFunction(outerFunc)
.evaluate(() => {
outerFunc()
})
.end()
Calls DevTools protocol directly.
Adds the listener function.
Adds one time listener function.
Removes the listener function.
Removes all listener function.
Exports a current screen as an image data.
See examples: examples/screenshot.js
Exports an area of selector you specified as an image data.
See examples: examples/screenshot.js
Note:
See screenshot()
Takes multiple screenshot specified by selector at once. Each image can be received by callback.
Limitation:
Exports a entire document as an image data.
See examples: examples/screenshot.js
Limitation:
Known Issue:
Exports a current page's printing image as a PDF data. This function is supported only in headless mode (since Chrome60).
See examples: examples/screenshot.js
Starts screencast to take screenshots by every frame.
See examples: examples/screencast.js
callback: callback function for receiving parameters of screencastFrame event. See details here options: See details here.
Stops screencast.
chromy.chain()
.goto('http://example.com')
.console((text) => {
console.log(text)
})
.evaluate(() => {
console.log('HEY')
})
.end()
receive a message from browser.
You can communicate with a browser by using receiveMessage() and sendToChromy(). sendToChromy() is a special function to communicate with Chromy. When you call receiveMessage() at the first time, sendToChromy() is defined in a browser automatically. A listener function passed to receiveMessage() receives parameters when sendToChromy() is executed in a browser.
chromy.chain()
.goto('http://example.com')
.receiveMessage((msg) => {
console.log(msg[0].value)
})
.evaluate(() => {
sendToChromy({value: 'foo'})
})
Ignores all certificate errors.
chromy.chain()
.ignoreCertificateErrors()
.goto('https://xxxxx/')
.end()
blocks urls from loading.
urls: array[string]
Wildcard('*') is allowed in url string.
Removes all browser caches.
params: object or array
See chrome document If url parameter is not set, current url(location.href) is used as default value.
name: string or array of string
See chrome document
Remove a cookie.
name: string or array of string url: url associated with cookie. If url is not set, current url(location.href) is used as default value.
Removes all browser cookies.
Clear data for origin.(cookies, local_storage, indexedDb, etc...)
See details here.
Get count of these item: document, node, jsEventListeners
See details here.
close all browsers.
process.on('SIGINT', async () => {
await Chromy.cleanup()
process.exit(1)
})
Bug reports and pull requests are welcome on GitHub at https://github.com/OnetapInc/chromy
0.5.11 - 2017-03-14
FAQs
The library for manipulating headless chrome with Nightmare.js like API.
The npm package chromy receives a total of 1,152 weekly downloads. As such, chromy popularity was classified as popular.
We found that chromy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.