Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
puppeteer-core
Advanced tools
A high-level API to control headless Chrome over the DevTools Protocol
The puppeteer-core package is a version of Puppeteer, a Node library which provides a high-level API to control headless Chrome or Chromium over the DevTools Protocol. It is intended to be a lightweight version that can be used when you want to bring your own browser. It does not download any browsers by default, unlike the full puppeteer package.
Page Automation
Automate and control a web page, including navigation, screenshot taking, and DOM manipulation.
const puppeteer = require('puppeteer-core');
(async () => {
const browser = await puppeteer.launch({executablePath: '/path/to/your/Chrome'});
const page = await browser.newPage();
await page.goto('https://example.com');
await page.screenshot({path: 'example.png'});
await browser.close();
})();
Form Submission
Automate form submissions by typing into fields and clicking buttons.
const puppeteer = require('puppeteer-core');
(async () => {
const browser = await puppeteer.launch({executablePath: '/path/to/your/Chrome'});
const page = await browser.newPage();
await page.goto('https://example.com/login');
await page.type('#username', 'myUsername');
await page.type('#password', 'myPassword');
await page.click('#submit');
await page.waitForNavigation();
await browser.close();
})();
Web Scraping
Extract data from web pages by running JavaScript in the context of the page.
const puppeteer = require('puppeteer-core');
(async () => {
const browser = await puppeteer.launch({executablePath: '/path/to/your/Chrome'});
const page = await browser.newPage();
await page.goto('https://example.com');
const data = await page.evaluate(() => {
return document.querySelector('h1').textContent;
});
console.log(data);
await browser.close();
})();
PDF Generation
Generate PDFs of web pages for offline viewing or archiving.
const puppeteer = require('puppeteer-core');
(async () => {
const browser = await puppeteer.launch({executablePath: '/path/to/your/Chrome'});
const page = await browser.newPage();
await page.goto('https://example.com', {waitUntil: 'networkidle0'});
await page.pdf({path: 'example.pdf', format: 'A4'});
await browser.close();
})();
Automated Testing
Perform automated testing on web applications, including end-to-end tests, performance testing, and more.
const puppeteer = require('puppeteer-core');
(async () => {
const browser = await puppeteer.launch({executablePath: '/path/to/your/Chrome', headless: false});
const page = await browser.newPage();
await page.goto('https://example.com');
// Perform various tests, like checking if a button exists
const buttonExists = await page.$('button') !== null;
console.assert(buttonExists, 'Button should exist on the page');
await browser.close();
})();
Playwright is a Node library to automate the Chromium, WebKit, and Firefox browsers with a single API. It is similar to puppeteer-core but provides support for multiple browsers out of the box. It also offers additional features like network interception and emulation capabilities.
Selenium WebDriver is one of the most well-known tools for automated web testing. It supports multiple browsers and languages, making it a versatile choice for web automation. Compared to puppeteer-core, Selenium is more mature and has a larger community but can be slower and more complex to set up.
Nightmare is a high-level browser automation library. It is built on top of Electron, which is a framework for creating native applications with web technologies. Nightmare is designed to be simpler and more approachable than Puppeteer, but it is less powerful and only works with Electron's version of Chromium.
Cypress is a front-end testing tool built for the modern web. It is both a library for writing automated tests and a test runner that can execute them. Cypress is more focused on testing than general browser automation and provides a rich interactive interface for developing tests.
Puppeteer is a Node.js library which provides a high-level API to control Chrome/Chromium over the DevTools Protocol. Puppeteer runs in headless mode by default, but can be configured to run in full (non-headless) Chrome/Chromium.
Most things that you can do manually in the browser can be done using Puppeteer! Here are a few examples to get you started:
To use Puppeteer in your project, run:
npm i puppeteer
# or using yarn
yarn add puppeteer
# or using pnpm
pnpm i puppeteer
When you install Puppeteer, it automatically downloads a recent version of
Chromium (~170MB macOS, ~282MB Linux, ~280MB Windows) that is guaranteed to
work
with Puppeteer. The browser is downloaded to the $HOME/.cache/puppeteer
folder
by default (starting with Puppeteer v19.0.0).
If you deploy a project using Puppeteer to a hosting provider, such as Render or
Heroku, you might need to reconfigure the location of the cache to be within
your project folder (see an example below) because not all hosting providers
include $HOME/.cache
into the project's deployment.
For a version of Puppeteer without the browser installation, see
puppeteer-core
.
Puppeteer uses several defaults that can be customized through configuration files.
For example, to change the default cache directory Puppeteer uses to install
browsers, you can add a .puppeteerrc.cjs
(or puppeteer.config.cjs
) at the
root of your application with the contents
const {join} = require('path');
/**
* @type {import("puppeteer").Configuration}
*/
module.exports = {
// Changes the cache location for Puppeteer.
cacheDirectory: join(__dirname, '.cache', 'puppeteer'),
};
After adding the configuration file, you will need to remove and reinstall
puppeteer
for it to take effect.
See the configuration guide for more information.
puppeteer-core
Every release since v1.7.0 we publish two packages:
puppeteer
is a product for browser automation. When installed, it downloads
a version of Chromium, which it then drives using puppeteer-core
. Being an
end-user product, puppeteer
automates several workflows using reasonable
defaults that can be customized.
puppeteer-core
is a library to help drive anything that supports DevTools
protocol. Being a library, puppeteer-core
is fully driven through its
programmatic interface implying no defaults are assumed and puppeteer-core
will not download Chromium when installed.
You should use puppeteer-core
if you are
connecting to a remote browser
or managing browsers yourself.
If you are managing browsers yourself, you will need to call
puppeteer.launch
with
an an explicit
executablePath
(or channel
if it's
installed in a standard location).
When using puppeteer-core
, remember to change the import:
import puppeteer from 'puppeteer-core';
Puppeteer follows the latest maintenance LTS version of Node.
Puppeteer will be familiar to people using other browser testing frameworks. You launch/connect a browser, create some pages, and then manipulate them with Puppeteer's API.
For more in-depth usage, check our guides and examples.
The following example searches developer.chrome.com for blog posts with text "automate beyond recorder", click on the first result and print the full title of the blog post.
import puppeteer from 'puppeteer';
(async () => {
const browser = await puppeteer.launch();
const page = await browser.newPage();
await page.goto('https://developer.chrome.com/');
// Set screen size
await page.setViewport({width: 1080, height: 1024});
// Type into search box
await page.type('.search-box__input', 'automate beyond recorder');
// Wait and click on first result
const searchResultSelector = '.search-box__link';
await page.waitForSelector(searchResultSelector);
await page.click(searchResultSelector);
// Locate the full title with a unique string
const textSelector = await page.waitForSelector(
'text/Customize and automate'
);
const fullTitle = await textSelector.evaluate(el => el.textContent);
// Print the full title
console.log('The title of this blog post is "%s".', fullTitle);
await browser.close();
})();
1. Uses Headless mode
By default Puppeteer launches Chromium in old Headless mode.
const browser = await puppeteer.launch();
// Equivalent to
const browser = await puppeteer.launch({headless: true});
Chrome 112 launched a new Headless mode that might cause some differences in behavior compared to the old Headless implementation. In the future Puppeteer will start defaulting to new implementation. We recommend you try it out before the switch:
const browser = await puppeteer.launch({headless: 'new'});
To launch a "headful" version of Chromium, set the
headless
to false
option when launching a browser:
const browser = await puppeteer.launch({headless: false});
2. Runs a bundled version of Chromium
By default, Puppeteer downloads and uses a specific version of Chromium so its
API is guaranteed to work out of the box. To use Puppeteer with a different
version of Chrome or Chromium, pass in the executable's path when creating a
Browser
instance:
const browser = await puppeteer.launch({executablePath: '/path/to/Chrome'});
You can also use Puppeteer with Firefox. See status of cross-browser support for more information.
See
this article
for a description of the differences between Chromium and Chrome.
This article
describes some differences for Linux users.
3. Creates a fresh user profile
Puppeteer creates its own browser user profile which it cleans up on every run.
See our Docker guide.
See our Chrome extensions guide.
Check out our contributing guide to get an overview of Puppeteer development.
FAQs
A high-level API to control headless Chrome over the DevTools Protocol
The npm package puppeteer-core receives a total of 6,808,559 weekly downloads. As such, puppeteer-core popularity was classified as popular.
We found that puppeteer-core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.