Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
puppeteer-core
Advanced tools
A high-level API to control headless Chrome over the DevTools Protocol
The puppeteer-core package is a version of Puppeteer, a Node library which provides a high-level API to control headless Chrome or Chromium over the DevTools Protocol. It is intended to be a lightweight version that can be used when you want to bring your own browser. It does not download any browsers by default, unlike the full puppeteer package.
Page Automation
Automate and control a web page, including navigation, screenshot taking, and DOM manipulation.
const puppeteer = require('puppeteer-core');
(async () => {
const browser = await puppeteer.launch({executablePath: '/path/to/your/Chrome'});
const page = await browser.newPage();
await page.goto('https://example.com');
await page.screenshot({path: 'example.png'});
await browser.close();
})();
Form Submission
Automate form submissions by typing into fields and clicking buttons.
const puppeteer = require('puppeteer-core');
(async () => {
const browser = await puppeteer.launch({executablePath: '/path/to/your/Chrome'});
const page = await browser.newPage();
await page.goto('https://example.com/login');
await page.type('#username', 'myUsername');
await page.type('#password', 'myPassword');
await page.click('#submit');
await page.waitForNavigation();
await browser.close();
})();
Web Scraping
Extract data from web pages by running JavaScript in the context of the page.
const puppeteer = require('puppeteer-core');
(async () => {
const browser = await puppeteer.launch({executablePath: '/path/to/your/Chrome'});
const page = await browser.newPage();
await page.goto('https://example.com');
const data = await page.evaluate(() => {
return document.querySelector('h1').textContent;
});
console.log(data);
await browser.close();
})();
PDF Generation
Generate PDFs of web pages for offline viewing or archiving.
const puppeteer = require('puppeteer-core');
(async () => {
const browser = await puppeteer.launch({executablePath: '/path/to/your/Chrome'});
const page = await browser.newPage();
await page.goto('https://example.com', {waitUntil: 'networkidle0'});
await page.pdf({path: 'example.pdf', format: 'A4'});
await browser.close();
})();
Automated Testing
Perform automated testing on web applications, including end-to-end tests, performance testing, and more.
const puppeteer = require('puppeteer-core');
(async () => {
const browser = await puppeteer.launch({executablePath: '/path/to/your/Chrome', headless: false});
const page = await browser.newPage();
await page.goto('https://example.com');
// Perform various tests, like checking if a button exists
const buttonExists = await page.$('button') !== null;
console.assert(buttonExists, 'Button should exist on the page');
await browser.close();
})();
Playwright is a Node library to automate the Chromium, WebKit, and Firefox browsers with a single API. It is similar to puppeteer-core but provides support for multiple browsers out of the box. It also offers additional features like network interception and emulation capabilities.
Selenium WebDriver is one of the most well-known tools for automated web testing. It supports multiple browsers and languages, making it a versatile choice for web automation. Compared to puppeteer-core, Selenium is more mature and has a larger community but can be slower and more complex to set up.
Nightmare is a high-level browser automation library. It is built on top of Electron, which is a framework for creating native applications with web technologies. Nightmare is designed to be simpler and more approachable than Puppeteer, but it is less powerful and only works with Electron's version of Chromium.
Cypress is a front-end testing tool built for the modern web. It is both a library for writing automated tests and a test runner that can execute them. Cypress is more focused on testing than general browser automation and provides a rich interactive interface for developing tests.
Puppeteer is a JavaScript library which provides a high-level API to control Chrome or Firefox over the DevTools Protocol or WebDriver BiDi. Puppeteer runs in the headless (no visible UI) by default
npm i puppeteer # Downloads compatible Chrome during installation.
npm i puppeteer-core # Alternatively, install as a library, without downloading Chrome.
import puppeteer from 'puppeteer';
// Or import puppeteer from 'puppeteer-core';
// Launch the browser and open a new blank page
const browser = await puppeteer.launch();
const page = await browser.newPage();
// Navigate the page to a URL.
await page.goto('https://developer.chrome.com/');
// Set screen size.
await page.setViewport({width: 1080, height: 1024});
// Type into search box.
await page.locator('.devsite-search-field').fill('automate beyond recorder');
// Wait and click on first result.
await page.locator('.devsite-result-item-link').click();
// Locate the full title with a unique string.
const textSelector = await page
.locator('text/Customize and automate')
.waitHandle();
const fullTitle = await textSelector?.evaluate(el => el.textContent);
// Print the full title.
console.log('The title of this blog post is "%s".', fullTitle);
await browser.close();
FAQs
A high-level API to control headless Chrome over the DevTools Protocol
The npm package puppeteer-core receives a total of 4,813,382 weekly downloads. As such, puppeteer-core popularity was classified as popular.
We found that puppeteer-core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.