Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
phantomjs-beta_25
Advanced tools
An NPM wrapper for PhantomJS 2.5 Beta headless webkit with JS API.
NOTE: phantomjs v2.x is currently under heavy development. Releases should be considered unstable.
npm install PhantomJS-Beta_25
The package has been set up to fetch and run Phantom for MacOS (darwin).
bin/phantomjs [phantom arguments]
And npm will install a link to the binary in node_modules/.bin
.
The package exports a path
string that contains the path to the
phantomjs binary/executable.
Below is an example of using this package via node.
var path = require('path')
var childProcess = require('child_process')
var phantomjs = require('phantomjs2')
var binPath = phantomjs.path
var childArgs = [
path.join(__dirname, 'phantomjs-script.js'),
'some other argument (passed to phantomjs script)'
]
childProcess.execFile(binPath, childArgs, function(err, stdout, stderr) {
// handle results
})
The major and minor number tracks the version of PhantomJS that will be installed. The patch number is incremented when there is either an installer update or a patch build of the phantom binary.
By default, this package will download phantomjs from https://bitbucket.org/ariya/phantomjs/downloads
.
This should work fine for most people.
If bitbucket is down, or the Great Firewall is blocking bitbucket, you have a few options:
To set a mirror, set npm config property phantomjs_cdnurl
. The advantage of this
approach is that it will carry over the proper detection of version and OS, however
*the mirror must match the structure and naming conventions of
https://bitbucket.org/ariya/phantomjs/downloads
.
npm install phantomjs --phantomjs_cdnurl=http://cnpmjs.org/downloads
Or add property into your .npmrc
file (https://www.npmjs.org/doc/files/npmrc.html)
phantomjs_cdnurl=http://cnpmjs.org/downloads
Another option is to use environment variable PHANTOMJS_CDNURL
.
PHANTOMJS_CDNURL=http://cnpmjs.org/downloads npm install phantomjs
This is useful to entirely override the phantomjs download locaiton, i.e. if you wish to use a custom build. As of this writing there are lots of custom builds for phantomjs2, particularly to get it working on various flavors of linux. (see https://github.com/ariya/phantomjs/issues/12948)
To set a specifc download location, set npm config property phantomjs_downloadurl
.
npm install phantomjs --phantomjs_downloadurl=https://github.com/eugene1g/phantomjs/releases/download/2.0.0-bin/phantomjs-2.0.0-macosx.zip
or set the environment variable PHANTOMJS_DOWNLOADURL
.
PHANTOMJS_DOWNLOADURL=https://github.com/eugene1g/phantomjs/releases/download/2.0.0-bin/phantomjs-2.0.0-macosx.zip npm install phantomjs
If you plan to install phantomjs many times on a single machine, you can
install the phantomjs
binary on PATH. The installer will automatically detect
and use that for non-global installs.
PhantomJS is not a library for NodeJS. It's a separate environment and code written for node is unlikely to be compatible. In particular PhantomJS does not expose a Common JS package loader.
This is an NPM wrapper and can be used to conveniently make Phantom available It is not a Node JS wrapper.
I have had reasonable experiences writing standalone Phantom scripts which I then drive from within a node program by spawning phantom in a child process.
Read the PhantomJS FAQ for more details: http://phantomjs.org/faq.html
An extra note on Linux usage, from the PhantomJS download page:
This package is built on CentOS 5.8. It should run successfully on Lucid or more modern systems (including other distributions). There is no requirement to install Qt, WebKit, or any other libraries. It is however expected that some base libraries necessary for rendering (FreeType, Fontconfig) and the basic font files are available in the system.
spawn ENOENT
This is NPM's way of telling you that it was not able to start a process. It usually means:
node
is not on your PATH, or otherwise not correctly installed.tar
is not on your PATH. This package expects tar
on your PATH on Linux-based platforms.Check your specific error message for more information.
Error: EPERM
or operation not permitted
or permission denied
This error means that NPM was not able to install phantomjs to the file system. There are three major reasons why this could happen:
npm cache clean
to fix them.Error: read ECONNRESET
or Error: connect ETIMEDOUT
This error means that something went wrong with your internet connection, and the installer was not able to download the PhantomJS binary for your platform. Please try again.
ECONNRESET
or ETIMEDOUT
consistently.Do you live in China, or a country with an authoritarian government? We've seen problems where the GFW or local ISP blocks bitbucket, preventing the installer from downloading the binary.
Try visiting the the download page manually.
If that page is blocked, you can try using a different CDN with the PHANTOMJS_CDNURL
env variable described above.
You can tell NPM and the PhantomJS installer to skip validation of ssl keys with NPM's strict-ssl setting:
npm set strict-ssl false
WARNING: Turning off strict-ssl
leaves you vulnerable to attackers reading
your encrypted traffic, so run this at your own risk!
If you install PhantomJS manually, and put it on PATH, the installer will try to use the manually-installed binaries.
node
Some Linux distros tried to rename node
to nodejs
due to a package
conflict. This is a non-portable change, and we do not try to support this. The
official documentation
recommends that you run apt-get install nodejs-legacy
to symlink node
to nodejs
on those platforms, or many NodeJS programs won't work properly.
Questions, comments, bug reports, and pull requests are all welcome. Submit them at the project on GitHub.
Bug reports that include steps-to-reproduce (including code) are the best. Even better, make them in the form of pull requests.
Dan Pupius (personal website), supported by The Obvious Corporation.
Ported to phantomjs2 by zeevl
Copyright 2012 The Obvious Corporation.
Licensed under the Apache License, Version 2.0.
See the top-level file LICENSE.txt
and
(http://www.apache.org/licenses/LICENSE-2.0).
FAQs
Headless Webkit with JS & ES6 API
The npm package phantomjs-beta_25 receives a total of 0 weekly downloads. As such, phantomjs-beta_25 popularity was classified as not popular.
We found that phantomjs-beta_25 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.