Security News
The Nightmare Before Deployment
Season’s greetings from Socket, and here’s to a calm end of year: clean dependencies, boring pipelines, no surprises.
By Ahmad Nassri - Dec 16, 2025
patchright
Artifacts are distributable versions of a package. It typically includes the source code and metadata
Advanced tools
- Version
- 1.56.0
- Maintainers
- 1
🎭 Patchright Python
Patchright is a patched and undetected version of the Playwright Testing and Automation Framework.
It can be used as a drop-in replacement for Playwright.
[!NOTE]
This repository serves the Patchright-Python Package. To use Patchright with NodeJS, check out the NodeJS Package. Also check out the main Patchright Driver Repository
Sponsors
If you’re looking for a high-performance browser automation platform checkout Hyperbrowser. It’s ideal for AI Agents, large-scale web scraping and automated testing.
Hyperbrowser delivers cloud-based browser infrastructure that scales instantly from a few sessions to thousands, with built-in CAPTCHA solving, stealth fingerprinting, and a global proxy network. It integrates seamlessly with Puppeteer, Playwright, and Selenium, so you can be up and running in minutes, no server or proxy management required.
Key Features:
- Instant scaling: Launch 1,000+ concurrent browsers
- Captcha Solving: Handles reCAPTCHA, Cloudflare, AWS, and more
- Stealth mode: Dynamic, human-like fingerprints for undetectable automation
- Global proxy network: 170+ countries with rotation and geo-targeting
- Built-in debugging: Live view and session replay for real-time monitoring
- 1-line integration: Works with Puppeteer, Playwright, Selenium in Node.js or Python
👉 Learn more at hyperbrowser.ai
Install it from PyPI
# Install Patchright with Pip from PyPI
pip install patchright
# Install Chromium-Driver for Patchright
patchright install chromium
Usage
Just change the import and use it like playwright. Patchright is a drop-in-replacement for Playwright!
[!IMPORTANT]
Patchright only patches CHROMIUM based browsers. Firefox and Webkit are not supported.
# patchright here!
from patchright.sync_api import sync_playwright
with sync_playwright() as p:
browser = p.chromium.launch()
page = browser.new_page()
page.goto('http://playwright.dev')
page.screenshot(path=f'example-{p.chromium.name}.png')
browser.close()
import asyncio
# patchright here!
from patchright.async_api import async_playwright
async def main():
async with async_playwright() as p:
browser = await p.chromium.launch()
page = await browser.new_page()
await page.goto('http://playwright.dev')
await page.screenshot(path=f'example-{p.chromium.name}.png')
await browser.close()
asyncio.run(main())
Best Practice - use Chrome without Fingerprint Injection
To be completely undetected, use the following configuration:
playwright.chromium.launch_persistent_context(
user_data_dir="...",
channel="chrome",
headless=False,
no_viewport=True,
# do NOT add custom browser headers or user_agent
...
)
[!NOTE]
We recommend using Google Chrome instead of Chromium. You can install it viapatchright install chrome(or via any other installation method) and use it withchannel="chrome".
Patches
Runtime.enable Leak
This is the biggest Patch Patchright uses. To avoid detection by this leak, patchright avoids using Runtime.enable by executing Javascript in (isolated) ExecutionContexts.
Console.enable Leak
Patchright patches this leak by disabling the Console API all together. This means, console functionality will not work in Patchright. If you really need the console, you might be better off using Javascript loggers, although they also can be easily detected.
Command Flags Leaks
Patchright tweaks the Playwright Default Args to avoid detection by Command Flag Leaks. This (most importantly) affects:
--disable-blink-features=AutomationControlled(added) to avoid navigator.webdriver detection.--enable-automation(removed) to avoid navigator.webdriver detection.--disable-popup-blocking(removed) to avoid popup crashing.--disable-component-update(removed) to avoid detection as a Stealth Driver.--disable-default-apps(removed) to enable default apps.--disable-extensions(removed) to enable extensions
General Leaks
Patchright patches some general leaks in the Playwright codebase. This mainly includes poor setups and obvious detection points.
Closed Shadow Roots
Patchright is able to interact with elements in Closed Shadow Roots. Just use normal locators and Patchright will do the rest.
Patchright is now also able to use XPaths in Closed Shadow Roots.
Stealth
With the right setup, Patchright currently is considered undetectable. Patchright passes:
- Brotector ✅ (with CDP-Patches)
- Cloudflare ✅
- Kasada ✅
- Akamai ✅
- Shape/F5 ✅
- Bet365 ✅
- Datadome ✅
- Fingerprint.com ✅
- CreepJS ✅
- Sannysoft ✅
- Incolumitas ✅
- IPHey ✅
- Browserscan ✅
- Pixelscan ✅
Documentation and API Reference
See the original Playwright Documentation and API Reference
Extended Patchright API
evaluate Method (Frame.evaluate, Page.evaluate, Locator.evaluate, Worker.evaluate, JSHandle.evaluate)
- Added
isolated_contextto choose Execution Context (Main/Isolated).Bool(optional, Defaults toTrue)
object.evaluate(
expression: str,
arg: typing.Optional[typing.Any] = None,
...,
+ isolated_context: typing.Optional[bool] = True
)
evaluate_handle Method (Frame.evaluate_handle, Page.evaluate_handle, Locator.evaluate_handle, Worker.evaluate_handle, JSHandle.evaluate)
- Added
isolated_contextto choose Execution Context (Main/Isolated).Bool(optional, Defaults toTrue)
object.evaluate_handle(
expression: str,
arg: typing.Optional[typing.Any] = None,
...,
+ isolated_context: typing.Optional[bool] = True
)
evaluate_all Method (Locator.evaluate_all)
- Added
isolated_contextto choose Execution Context (Main/Isolated).Bool(optional, Defaults toTrue)
Locator.evaluate_all(
expression: str,
arg: typing.Optional[typing.Any] = None,
...,
+ isolated_context: typing.Optional[bool] = True
)
Bugs
The bugs are documented in the Patchright Driver Repository.
TODO
The TODO is documented in the Patchright Driver Repository.
Development
Deployment of new Patchright versions are automatic, but bugs due to Playwright codebase changes may occur. Fixes for these bugs might take a few days to be released.
Support our work
If you choose to support our work, please contact @vinyzu or @steve_abcdef on Discord.
Copyright and License
© Vinyzu
Patchright is licensed Apache 2.0
Disclaimer
This repository is provided for educational purposes only.
No warranties are provided regarding accuracy, completeness, or suitability for any purpose. Use at your own risk—the authors and maintainers assume no liability for any damages, legal issues, or warranty breaches resulting from use, modification, or distribution of this code.
Any misuse or legal violations are the sole responsibility of the user.
Authors
Active Maintainer: Vinyzu
Co-Maintainer: Kaliiiiiiiiii
FAQs
Undetected Python version of the Playwright testing and automation library.
We found that patchright demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Malicious NuGet Package Typosquats Popular .NET Tracing Library to Steal Wallet Passwords
Impostor NuGet package Tracer.Fody.NLog typosquats Tracer.Fody and its author, using homoglyph tricks, and exfiltrates Stratis wallet JSON/passwords to a Russian IP address.
By Kirill Boychenko - Dec 15, 2025
Security News
Deno 2.6 + Socket: Supply Chain Defense In Your CLI
Deno 2.6 introduces deno audit with a new --socket flag that plugs directly into Socket to bring supply chain security checks into the Deno CLI.
By Sarah Gooding - Dec 12, 2025