Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
devtools-protocol
Advanced tools
The devtools-protocol npm package provides a set of TypeScript definitions for the Chrome DevTools Protocol, which allows you to interact with the Chrome browser for tasks such as debugging, profiling, and inspecting web pages programmatically.
Page Navigation
This feature allows you to navigate to a specific URL and wait for the page to load. The code sample demonstrates how to use the Page domain to navigate to 'https://example.com' and wait for the load event.
const CDP = require('chrome-remote-interface');
(async function() {
const client = await CDP();
const { Page } = client;
await Page.enable();
await Page.navigate({ url: 'https://example.com' });
await Page.loadEventFired();
console.log('Page loaded');
await client.close();
})();
JavaScript Execution
This feature allows you to execute JavaScript code within the context of the web page. The code sample demonstrates how to evaluate a JavaScript expression to get the page title.
const CDP = require('chrome-remote-interface');
(async function() {
const client = await CDP();
const { Runtime } = client;
await Runtime.enable();
const result = await Runtime.evaluate({ expression: 'document.title' });
console.log('Page title:', result.result.value);
await client.close();
})();
Network Monitoring
This feature allows you to monitor network requests made by the web page. The code sample demonstrates how to listen for network requests and log the URLs of the requests.
const CDP = require('chrome-remote-interface');
(async function() {
const client = await CDP();
const { Network } = client;
await Network.enable();
Network.requestWillBeSent((params) => {
console.log('Request:', params.request.url);
});
await client.Page.navigate({ url: 'https://example.com' });
await client.Page.loadEventFired();
await client.close();
})();
Puppeteer is a Node library that provides a high-level API to control Chrome or Chromium over the DevTools Protocol. It is more user-friendly and provides additional features like taking screenshots, generating PDFs, and more. Puppeteer abstracts away many of the lower-level details of the DevTools Protocol, making it easier to use for common tasks.
Selenium WebDriver is a popular tool for automating web applications for testing purposes. It supports multiple browsers and provides a high-level API for interacting with web pages. While it does not use the DevTools Protocol directly, it offers similar functionalities for browser automation and testing.
Playwright is a Node library for browser automation that supports multiple browsers (Chromium, Firefox, and WebKit). It provides a high-level API similar to Puppeteer but with additional features like cross-browser testing. Playwright also uses the DevTools Protocol under the hood for Chromium-based browsers.
:warning:
This repository is related to Chrome DevTools Protocol, but does not track issues regarding its definition or implementation.
If you want to file an issue for the Chrome DevTools Protocol, please open an issue on https://crbug.com under component: Platform>DevTools>Platform
.
Use the protocol viewer for navigating the protocol.
TypeScript definitions for the protocol's types are available in 'types/protocol.d.ts'. Mappings from Commands and events to these types are available in either generated DomainApi
style in types/protocol-proxy-api.d.ts
or in simple name-to-type-interface style in types/protocol-mapping.d.ts
.
Also, this repo is published as the devtools-protocol
npm module.
FAQs
The Chrome DevTools Protocol JSON
The npm package devtools-protocol receives a total of 7,346,077 weekly downloads. As such, devtools-protocol popularity was classified as popular.
We found that devtools-protocol demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.