patchright
Advanced tools
[!NOTE]
This repository serves the Patchright-NodeJS Package. To use Patchright with Python, check out the Python Package. Also check out the main Patchright Driver Repository
# Install Patchright from NPM
npm i patchright
# Install Chromium-Driver for Patchright
npx patchright install chromium
[!IMPORTANT]
Patchright only patches CHROMIUM based browsers. Firefox and Webkit are not supported.
// patchright here!
const { chromium } = require('patchright');
(async () => {
const browser = await chromium.launch();
const page = await browser.newPage();
await page.goto('http://example.com');
// other actions...
await browser.close();
})();
To be completely undetected, use the following configuration:
chromium.launchPersistentContext("...", {
channel: "chrome",
headless: false,
viewport: null,
// do NOT add custom browser headers or userAgent
});
[!NOTE] We recommend using Google Chrome instead of Chromium. You can install it via
npx patchright install chrome(or via any other installation method) and use it withchannel: "chrome".
This is the biggest Patch Patchright uses. To avoid detection by this leak, patchright avoids using Runtime.enable by executing Javascript in (isolated) ExecutionContexts.
Patchright patches this leak by disabling the Console API all together. This means, console functionality will not work in Patchright. If you really need the console, you might be better off using Javascript loggers, although they also can be easily detected.
Patchright tweaks the Playwright Default Args to avoid detection by Command Flag Leaks. This (most importantly) affects:
--disable-blink-features=AutomationControlled (added) to avoid navigator.webdriver detection.--enable-automation (removed) to avoid navigator.webdriver detection.--disable-popup-blocking (removed) to avoid popup crashing.--disable-component-update (removed) to avoid detection as a Stealth Driver.--disable-default-apps (removed) to enable default apps.--disable-extensions (removed) to enable extensionsPatchright patches some general leaks in the Playwright codebase. This mainly includes poor setups and obvious detection points.
Patchright is able to interact with elements in Closed Shadow Roots. Just use normal locators and Patchright will do the rest.
Patchright is now also able to use XPaths in Closed Shadow Roots.
With the right setup, Patchright currently is considered undetectable. Patchright passes:
See the original Playwright Documentation and API Reference
evaluate Method (Frame.evaluate, Page.evaluate, Locator.evaluate, Worker.evaluate, JSHandle.evaluate)isolatedContext to choose Execution Context (Main/Isolated). Bool (optional, Defaults to true)object.evaluate(
pageFunction: Function | string,
arg?: Arg,
...,
+ isolatedContext: boolean = true
)
evaluateHandle Method (Frame.evaluateHandle, Page.evaluateHandle, Locator.evaluateHandle, Worker.evaluateHandle, JSHandle.evaluateHandle)isolatedContext to choose Execution Context (Main/Isolated). Bool (optional, Defaults to true)object.evaluateHandle(
pageFunction: Function | string,
arg?: Arg,
...,
+ isolatedContext: boolean = true
)
Deployment of new Patchright versions are automatic, but bugs due to Playwright codebase changes may occur. Fixes for these bugs might take a few days to be released.
If you choose to support our work, please contact @vinyzu or @steve_abcdef on Discord.
© Vinyzu
Patchright is licensed Apache 2.0
This repository is provided for educational purposes only.
No warranties are provided regarding accuracy, completeness, or suitability for any purpose. Use at your own risk—the authors and maintainers assume no liability for any damages, legal issues, or warranty breaches resulting from use, modification, or distribution of this code.
Any misuse or legal violations are the sole responsibility of the user.
FAQs
A high-level API to automate web browsers
The npm package patchright receives a total of 7,559 weekly downloads. As such, patchright popularity was classified as popular.
We found that patchright demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
Product
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.