Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
node-phantom-mod
Advanced tools
This is a bridge between PhantomJs and Node.js.
It is very much similar to the other bridge available, PhantomJS-Node, but is different in a few ways:
You will need to install PhantomJS first. The bridge assumes that the "phantomjs" binary is available in the PATH.
The only other dependency for using it is socket.io.
For running the tests you will need Mocha. The tests require PhantomJS 1.6 or newer to pass.
npm install node-phantom
You can use it pretty much like you would use PhantomJS-Node, for example this is an adaptation of a web scraping example :
var phantom=require('node-phantom');
phantom.create(function(err,ph) {
return ph.createPage(function(err,page) {
return page.open("http://tilomitra.com/repository/screenscrape/ajax.html", function(err,status) {
console.log("opened site? ", status);
page.includeJs('http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js', function(err) {
//jQuery Loaded.
//Wait for a bit for AJAX content to load on the page. Here, we are waiting 5 seconds.
setTimeout(function() {
return page.evaluate(function() {
//Get what you want from the page using jQuery. A good way is to populate an object with all the jQuery commands that you need and then return the object.
var h2Arr = [],
pArr = [];
$('h2').each(function() {
h2Arr.push($(this).html());
});
$('p').each(function() {
pArr.push($(this).html());
});
return {
h2: h2Arr,
p: pArr
};
}, function(err,result) {
console.log(result);
ph.exit();
});
}, 5000);
});
});
});
});
options
is an optional object with options for how to start PhantomJS.
options.parameters
is an array of parameters that will be passed to PhantomJS on the commandline.
For example
phantom.create(callback,{parameters:{'ignore-ssl-errors':'yes'}})
will start phantom as:
phantomjs --ignore-ssl-errors=yes
You may also pass in a custom path if you need to select a specific instance of PhantomJS or it is not present in PATH environment. This can for example be used together with the PhantomJS package like so:
phantom.create(callback,{phantomPath:require('phantomjs').path})
Once you have the phantom instance you can use it much as you would the real PhantomJS, node-phantom tries to mimic the api.
An exception is that since this is a wrapper that does network communication to control PhantomJS, all methods are asynchronous and with a callback even when the PhantomJS version is synchronous.
Another notable exception is the page.evaluate method (and page.evaluateAsync method) that since PhantomJS 1.6 has a provision for extra arguments to be passed into the evaluated function. In the node-phantom world these arguments are placed after the callback. So the order is evaluatee, callback, optional arguments. In code it looks like :
page.evaluate(function(s){
return document.querySelector(s).innerText;
},function(err,title){
console.log(title);
},'title');
You can also have a look at the test folder to see some examples of using the API.
Made by Alex Scheel Meyer. Released to the public domain.
FAQs
bridge between node.js and PhantomJS
The npm package node-phantom-mod receives a total of 0 weekly downloads. As such, node-phantom-mod popularity was classified as not popular.
We found that node-phantom-mod demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.