Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Webcap (for web screen capture) is a fork of node-webshot which appears to be dead unfortunately. This forks adds:
Webcap provides a simple API for taking webpage screenshots. The module is a light wrapper around PhantomJS, which utilizes WebKit to perform the page rendering.
A simple url example:
var webcap = require('webcap');
webcap('google.com', 'google.png', function(err) {
// screenshot now saved to google.png
});
An html example:
var webcap = require('webcap');
webcap('<html><body>Hello World</body></html>', 'hello_world.png', {siteType:'html'}, function(err) {
// screenshot now saved to hello_world.png
});
Alternately, the screenshot can be streamed back to the caller:
var webcap = require('webcap');
var fs = require('fs');
var renderStream = webcap('google.com');
var file = fs.createWriteStream('google.png', {encoding: 'binary'});
renderStream.on('data', function(data) {
file.write(data.toString('binary'), 'binary');
});
An example showing how to take a screenshot of a site's mobile version:
var webcap = require('webcap');
var options = {
screenSize: {
width: 320
, height: 480
}
, shotSize: {
width: 320
, height: 'all'
}
, userAgent: 'Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_2 like Mac OS X; en-us)'
+ ' AppleWebKit/531.21.20 (KHTML, like Gecko) Mobile/7B298g'
};
webcap('flickr.com', 'flickr.jpeg', options, function(err) {
// screenshot now saved to flickr.jpeg
});
An optional options
object can be passed as the parameter directly preceding
the callback in a call to webcap.
Option | Default Value | Description |
---|---|---|
windowSize |
{ width: 1024 , height: 768 } | The dimensions of the browser window. screenSize is an alias for this property. |
shotSize |
{ width: 'window' , height: 'window' } | The area of the page document, starting at the upper left corner, to
render. Possible values are 'screen', 'all', and a number defining a
pixel length.
'window' causes the length to be set to the length of the window (i.e. the shot displays what is initially visible within the browser window). 'all' causes the length to be set to the length of the document along the given dimension. |
shotOffset | { left: 0 , right: 0 , top: 0 , bottom: 0 } | The left and top offsets define the upper left corner of the screenshot rectangle. The right and bottom offsets allow pixels to be removed from the shotSize dimensions (e.g. a shotSize height of 'all' with a bottom offset of 30 would cause all but the last 30 rows of pixels on the site to be rendered). |
phantomPath | 'phantomjs' | The location of phantomjs. Webcap tries to use the binary provided by the phantomjs NPM module, and falls back to 'phantomjs' if the module isn't available. |
phantomConfig | {} | Object with key value pairs corresponding to phantomjs command line options. Don't include `--`. For example: `phantomConfig: {'ignore-ssl-errors': 'true'}` |
cookies | [] | List of cookie objects to use, or null to disable cookies. |
customHeaders | null | Any additional headers to be sent in the HTTP request. |
defaultWhiteBackground | false | When taking the screenshot, adds a white background if not defined elsewhere. |
customCSS | '' | When taking the screenshot, adds custom CSS rules if defined. |
quality | 75 | JPEG compression quality. A higher number will look better, but creates a larger file. Quality setting has no effect when streaming. |
streamType | 'png' | If streaming is used, this designates the file format of the streamed rendering. Possible values are 'png', 'jpg', and 'jpeg'. |
siteType | 'url' | siteType indicates whether the content needs to be requested ('url'), loaded locally ('file'), or is being provided directly as a string ('html'). |
renderDelay | 0 | Number of milliseconds to wait after a page loads before taking the screenshot. |
timeout | 0 | Number of milliseconds to wait before killing the phantomjs process and assuming web shotting has failed. (0 is no timeout.) |
takeShotOnCallback | false | Wait for the web page to signal to webcap when to take the photo
using window.callPhantom('takeShot'); |
errorIfStatusIsNot200 | false | If the loaded page has a non-200 status code, don't take a screenshot, cause an error instead. |
errorIfJSException | false | If a script on the page throws an exception, don't take a screenshot, cause an error instead. |
captureSelector | false | Captures the page area containing the provided selector and saves it to file. |
By default this package installs PhantomJS 1.9.x. Several issues exist
in this version that are fixed in v2, but v2 is not yet stable across
all platforms. The phantomPath
option can be used to get around this
if you want to try a more recent PhantomJS version. See this issue:
https://github.com/brenden/node-webshot/issues/100
In addition to these options, the following options can be specified and will be
passed to the Phantom page
object:
paperSize
, zoomFactor
, cookies
, customHeaders
, and settings
.
Arbitrary scripts can be run on the page before it gets rendered by using any of
Phantom's page callbacks,
such as onLoadFinished
or onResourceRequested
. For example, the script below
changes the text of every link on the page:
var options = {
onLoadFinished: function() {
var links = document.getElementsByTagName('a');
for (var i=0; i<links.length; i++) {
var link = links[i];
link.innerHTML = 'My custom text';
}
}
};
Note that the script will be serialized and then passed to Phantom as text, so all variable scope information will be lost. However, variables from the caller can be passed into the script as follows:
var options = {
onLoadFinished: {
fn: function() {
var links = document.getElementsByTagName('a');
for (var i=0; i<links.length; i++) {
var link = links[i];
link.innerHTML = this.foo;
}
}
, context: {foo: 'My custom text'}
}
};
Tests are written with Mocha and can be
run with npm test
. The tests use node-imagemagick and thus require
that the imagemagick CLI tools be installed.
(The MIT License)
Copyright (c) 2012 Brenden Kokoszka & contributors
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the 'Software'), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
Easy website screenshots
The npm package webcap receives a total of 1 weekly downloads. As such, webcap popularity was classified as not popular.
We found that webcap demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.