Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
webdriver
Advanced tools
A Node.js bindings implementation for the W3C WebDriver and Mobile JSONWire Protocol
The 'webdriver' npm package is an HTTP client for interacting with WebDriver-compatible browsers for the purpose of performing automated web application testing. It allows you to control a browser programmatically and perform actions like navigating to URLs, interacting with web page elements, and executing JavaScript within the context of the browser.
Browser Navigation
This code sample demonstrates how to navigate to a URL using the webdriver package. It initializes a new browser session, navigates to 'https://example.com', and then closes the session.
const { remote } = require('webdriverio');
(async () => {
const browser = await remote({
capabilities: { browserName: 'chrome' }
});
await browser.url('https://example.com');
await browser.deleteSession();
})();
Element Interaction
This code sample shows how to interact with web page elements. It finds an input field and a button by their selectors, sets a value in the input field, and clicks the button.
const { remote } = require('webdriverio');
(async () => {
const browser = await remote({
capabilities: { browserName: 'chrome' }
});
await browser.url('https://example.com');
const input = await browser.$('input#search');
await input.setValue('WebdriverIO');
const button = await browser.$('button#submit');
await button.click();
await browser.deleteSession();
})();
Executing JavaScript
This code sample illustrates executing custom JavaScript code in the context of the browser. It retrieves and logs the title of the current web page.
const { remote } = require('webdriverio');
(async () => {
const browser = await remote({
capabilities: { browserName: 'chrome' }
});
await browser.url('https://example.com');
const result = await browser.execute(() => {
return document.title;
});
console.log('Document title is: ' + result);
await browser.deleteSession();
})();
Selenium WebDriver is a well-known library for browser automation. It provides bindings for multiple programming languages and is the basis for many browser automation tools. Compared to 'webdriver', Selenium WebDriver is more established with a larger community but can be more complex to set up and use.
Puppeteer is a Node library developed by the Chrome DevTools team. It provides a high-level API to control Chrome or Chromium over the DevTools Protocol. Puppeteer is known for its ease of use and rich features for browser automation and scraping, especially with Chrome-based browsers. Unlike 'webdriver', which is designed to work with multiple browsers, Puppeteer is optimized for Chrome/Chromium.
Playwright is a Node library that provides a set of APIs to automate Chromium, Firefox, and WebKit browsers. It is similar to Puppeteer but with cross-browser support. Playwright offers features like auto-wait, network interception, and emulation capabilities. It is considered to be more modern and feature-rich compared to 'webdriver' and is developed by the same team that initially built Puppeteer.
Nightwatch.js is an end-to-end testing solution for web applications and websites, written in Node.js. It uses the W3C WebDriver API for browser automation. Nightwatch has a built-in test runner and assertions library, making it a more integrated solution compared to 'webdriver', which is primarily a client for interacting with the WebDriver API.
Cypress is a front-end testing tool built for the modern web. It is both a library for writing tests and a test runner that executes the tests in a browser. Cypress provides a unique interactive test runner that allows you to see commands as they execute while also viewing the application under test. It differs from 'webdriver' in that it runs in the same run-loop as the application, enabling more consistent results and easier debugging.
A lightweight, non-opinionated implementation of the WebDriver and WebDriver BiDi specification including mobile commands supported by Appium
There are tons of Selenium and WebDriver binding implementations in the Node.js world. Every one of them has an opinionated API and recommended way to use it. This binding is the most non-opinionated you will find as it just represents the WebDriver specification and doesn't come with any extra or higher-level abstraction. It is lightweight and comes with support for the WebDriver specification and Appium's Mobile JSONWire Protocol.
The package supports the following protocols:
Commands are added to the client's protocol based on assumptions of provided capabilities. You can find more details about the commands by checking out the @wdio/protocols
package. All commands come with TypeScript support.
To install this package from NPM run:
npm i webdriver
The following example demonstrates a simple Google Search scenario:
import WebDriver from 'webdriver';
const client = await WebDriver.newSession({
path: '/',
capabilities: { browserName: 'firefox' }
})
await client.navigateTo('https://www.google.com/ncr')
const searchInput = await client.findElement('css selector', '#lst-ib')
await client.elementSendKeys(searchInput['element-6066-11e4-a52e-4f735466cecf'], 'WebDriver')
const searchBtn = await client.findElement('css selector', 'input[value="Google Search"]')
await client.elementClick(searchBtn['element-6066-11e4-a52e-4f735466cecf'])
console.log(await client.getTitle()) // outputs "WebDriver - Google Search"
await client.deleteSession()
To connect to the WebDriver Bidi protocol you have to send along a webSocketUrl
flag to tell the browser driver to opt-in to the protocol:
import WebDriver from 'webdriver'
const browser = await WebDriver.newSession({
capabilities: {
webSocketUrl: true,
browserName: 'firefox'
}
})
await browser.sessionSubscribe({ events: ['log.entryAdded'] })
/**
* returns: {"type":"console","method":"log","realm":null,"args":[{"type":"string","value":"Hello Bidi"}],"level":"info","text":"Hello Bidi","timestamp":1657282076037}
*/
browser.on('log.entryAdded', (entryAdded) => console.log('received %s', entryAdded))
await browser.executeScript('console.log("Hello Bidi")', [])
await browser.deleteSession()
To create a WebDriver session call the newSession
method on the WebDriver
class and pass in your configurations:
import WebDriver from 'webdriver'
const client = await WebDriver.newSession(options)
The following options are available:
Defines the capabilities you want to run in your WebDriver session. Note: by default, it will automatically set the webSocketUrl
to establish a WebDriver Bidi session, if you don't want this, make sure to set 'wdio:enforceWebDriverClassic': true
in your capabilities.
Type: Object
Required: true
Level of logging verbosity.
Type: String
Default: info
Options: trace | debug | info | warn | error | silent
Protocol to use when communicating with the Selenium standalone server (or driver).
Type: String
Default: http
Options: http | https
Host of your WebDriver server.
Type: String
Default: localhost
Port your WebDriver server is on.
Type: Number
Default: undefined
Path to WebDriver endpoint or grid server.
Type: String
Default: /
Query parameters that are propagated to the driver server.
Type: Object
Default: undefined
Timeout for any WebDriver request to a driver or grid.
Type: Number
Default: 120000
Count of request retries to the Selenium server.
Type: Number
Default: 3
Allows you to use a custom http
/https
/http2
agent to make requests.
Type: Object
Default:
{
http: new http.Agent({ keepAlive: true }),
https: new https.Agent({ keepAlive: true })
}
Function intercepting HTTP request options before a WebDriver request is made to a driver.
Type: (RequestOptions) => RequestOptions
Default: none
Function intercepting HTTP response objects after a WebDriver response has arrived.
Type: (Response, RequestOptions) => Response
Default: none
FAQs
A Node.js bindings implementation for the W3C WebDriver and Mobile JSONWire Protocol
We found that webdriver demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.