Security News
Vite+ Joins the Push to Consolidate JavaScript Tooling
Evan You announces Vite+, a commercial, Rust-powered toolchain built on the Vite ecosystem to unify JavaScript development and fund open source.
By Sarah Gooding - Oct 15, 2025
Introducing Socket Firewall: Free, Proactive Protection for Your Software Supply Chain.Learn More →
ghostface
Evaluate javascript in PhantomJS, and print the output.
Inspired by jsdom-eval, this module makes it trivial to run tests in a headless browser.
Installation
npm install -g ghostface will expose the ghostface command in your
environment.
ghostface does not include phantomjs as a dependency; you should install
that however works best in your environment, and ghostface will find it so
long as it exists in your $PATH.
ghostface supports phantomjs versions ^1.9.0 or ^2.0.0.
Example
Imagine a browserify project that you're testing using tape:
// file: test.js
var test = require('tape')
test('always passes', function(t) {
t.plan(1)
t.pass()
})
Run it with ghostface:
$ browserify test.js | ghostface | faucet
See the output printed to the console:
✓ always passes
# tests 1
# pass 1
✓ ok
Note: In the example above, we pipe output to faucet, which parses TAP
output and sets the correct exit codes; ghostface is just evaluating
javascript, it doesn't know/care what the output is, or how to set the correct
exit codes.
Usage
$ ghostface --help
Usage: ghostface [options] [file]
file Javascript file to be evaluated
Options:
-h --html The HTML file to be used as the page template
-t --timeout Milliseconds to wait for output before stopping execution. Default 1000
-f --forever Ignore the timeout and wait forever
-p --phantomPath Specify the path to the phantomjs executable
--help Show this message
--version Print version and quit
You can specify the JS file to be evaluated, or pipe a JS file directly into
ghostface. For an imaginary file.js in the current directory, these two
commands are equivalent:
$ ghostface file.js
$ cat file.js | ghostface
The JS you are evaluating will be done in a blank web page. If you want to
provide your own context, use the --html <filename> option to load your own
html; the JS will be evaluated after the page loads.
By default, execution is stopped if no console output is seen for over 1000ms.
You can override this timeout with --timeout <ms>, or choose to run forever
with --forever. Note you will have to send a SIGHUP to end execution.
License
This project is licensed under the Apache License, Version 2.0. See LICENSE for the full license.
FAQs
Evaluate Javascript in PhantomJS, and print the output.
The npm package ghostface receives a total of 8,279 weekly downloads. As such, ghostface popularity was classified as popular.
We found that ghostface demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 27 Apr 2015
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Ruby Central Faces Backlash After Publishing Incident Timeline on RubyGems Access Dispute
Ruby Central’s incident report on the RubyGems.org access dispute sparks backlash from former maintainers and renewed debate over project governance.
By Sarah Gooding - Oct 14, 2025
Research
/Security News
Weaponizing Discord for Command and Control Across npm, PyPI, and RubyGems.org
Socket researchers uncover how threat actors weaponize Discord across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.
By Olivia Brown - Oct 11, 2025