Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
This is a new project based around Pa11y, named Pa11y CI. Pa11y CI will be a command-line tool which runs Pa11y against multiple URLs. It will be heavily geared towards easily running in CI environments against new versions of websites, but will also be runnable in local development.
:sparkles: Click here for the full proposal document, project roadmap, and FAQs :sparkles:
This command line tool requires Node.js 4+. You can install through npm:
npm install -g pa11y-ci
Pa11y CI can be used by running it as a command line tool, pa11y-ci
:
Usage: pa11y-ci [options]
Options:
-h, --help output usage information
-V, --version output the version number
-c, --config <path> the path to a JSON or JavaScript config file
-s, --sitemap <url> the path to a sitemap
-j, --json Output results as JSON
By default, Pa11y CI looks for a config file in the current working directory, named .pa11yci
. This should be a JSON file.
You can use the --config
command line argument to specify a different file, which can be either JSON or JavaScript. The config files should look like this:
{
"urls": [
"http://pa11y.org/",
"http://pa11y.org/contributing"
]
}
Pa11y will be run against each of the URLs in the urls
array.
You can specify a default set of pa11y configurations that should be used for each test run. These should be added to a default
object in your config. For example:
{
"defaults": {
"timeout": 1000,
"page": {
"viewport": {
"width": 320,
"height": 480
}
}
},
"urls": [
"http://pa11y.org/",
"http://pa11y.org/contributing"
]
}
Pa11y CI has a few of its own configurations which you can set as well:
concurrency
: The number of tests that should be run in parallel. Defaults to 2
.Each URL in your config file can be an object and specify pa11y configurations which override the defaults too. You do this by using an object instead of a string, and providing the URL as a url
property on that object. This can be useful if you know that a certain URL takes a while to load, for example:
{
"defaults": {
"timeout": 1000
},
"urls": [
"http://pa11y.org/",
{
"url": "http://pa11y.org/contributing",
"timeout": 50000
}
]
}
If you don't wish to specify your URLs in a config file, you can use an XML sitemap that's published somewhere online. This is done with the --sitemap
option:
pa11y-ci --sitemap http://pa11y.org/sitemap.xml
This takes the text content of each <loc>
in the XML and runs Pa11y against that URL. This can also be combined with a config file, but URLs in the Sitemap will override any found in your JSON config.
To contribute to Pa11y CI, clone this repo locally and commit your code on a new branch.
Please write unit tests for your code, and check that everything works by running the following before opening a PR:
make ci
You can also run verifications and tests individually:
make verify # Verify all of the code (JSHint/JSCS)
make test # Run all tests
make test-unit # Run the unit tests
make test-unit-coverage # Run the unit tests with coverage
make test-integration # Run the integration tests
Licensed under the Lesser General Public License (LGPL-3.0).
Copyright © 2016, Team Pa11y.
0.1.0 pre-release (2016-07-05)
FAQs
Pa11y CI is a CI-centric accessibility test runner, built using Pa11y
The npm package pa11y-ci receives a total of 24,814 weekly downloads. As such, pa11y-ci popularity was classified as popular.
We found that pa11y-ci demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.