Installations
npm install @axe-core/playwright
Developer Guide
Typescript
Yes
Module System
CommonJS, ESM
Node Version
18.20.4
NPM Version
lerna/8.1.3/node@v18.20.4+x64 (linux)
Score
56.4
Supply Chain
98.7
Quality
93.9
Maintenance
100
Vulnerability
79.3
License
Releases
Contributors
Unable to fetch Contributors
Languages
JavaScript (59.32%)
TypeScript (40.46%)
HTML (0.12%)
CSS (0.08%)
Shell (0.01%)
Developer
dequelabs
Download Statistics
Total Downloads
24,673,657
Last Day
33,808
Last Week
326,006
Last Month
1,710,108
Last Year
16,691,954
GitHub Statistics
622 Stars
597 Commits
68 Forks
13 Watching
77 Branches
35 Contributors
Package Meta Information
Latest Version
4.10.1
Package Id
@axe-core/playwright@4.10.1
Unpacked Size
61.60 kB
Size
11.92 kB
File Count
8
NPM Version
lerna/8.1.3/node@v18.20.4+x64 (linux)
Node Version
18.20.4
Publised On
11 Nov 2024
Total Downloads
Cumulative downloads
Total Downloads
24,673,657
Last day
-58.9%
33,808
Compared to previous day
Last week
-22.4%
326,006
Compared to previous week
Last month
7.6%
1,710,108
Compared to previous month
Last year
177%
16,691,954
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Peer Dependencies
1
@axe-core/playwright
Provides a chainable axe API for playwright and automatically injects into all frames
Getting Started
Install Node.js if you haven't already.
Install Playwright: npm install playwright
Install @axe-core/playwright: npm install @axe-core/playwright
Usage
This module uses a chainable API to assist in injecting, configuring, and analyzing axe with Playwright. As such, it is required to pass an instance of Playwright.
Here is an example of a script that will drive Playwright to a page, perform an analysis, and then log results to the console.
1const { AxeBuilder } = require('@axe-core/playwright'); 2const playwright = require('playwright'); 3 4(async () => { 5 const browser = await playwright.chromium.launch({ headless: true }); 6 const context = await browser.newContext(); 7 const page = await context.newPage(); 8 await page.goto('https://dequeuniversity.com/demo/mars/'); 9 10 try { 11 const results = await new AxeBuilder({ page }).analyze(); 12 console.log(results); 13 } catch (e) { 14 // do something with the error 15 } 16 17 await browser.close(); 18})();
AxeBuilder({ page: Playwright.Page })
Constructor for the AxeBuilder helper. You must pass an instance of Playwright as the first argument.
1const builder = new AxeBuilder({ page });
AxeBuilder#analyze(): Promise<axe.Results | Error>
Performs analysis and passes any encountered error and/or the result object.
1new AxeBuilder({ page }) 2 .analyze() 3 .then(results => { 4 console.log(results); 5 }) 6 .catch(e => { 7 // Do something with error 8 });
AxeBuilder#include(selector: String | String[])
Adds a CSS selector to the list of elements to include in analysis
1new AxeBuilder({ page }).include('.results-panel');
Method chaining is also available, add multiple CSS selectors to the list of elements to include in analysis
1new AxeBuilder({ page }) 2 .include('.selector-one') 3 .include('.selector-two') 4 .include('.selector-three');
Note: arrays with more than one index when passing multiple CSS selectors are not currently supported example: .include(['#foo', '#bar', '#baz'])
AxeBuilder#exclude(selector: String | String[])
Add a CSS selector to the list of elements to exclude from analysis
1new AxeBuilder({ page }).exclude('.another-element');
Method chaining is also available, add multiple CSS selectors to the list of elements to exclude from analysis
1new AxeBuilder({ page }) 2 .exclude('.selector-one') 3 .exclude('.selector-two') 4 .exclude('.selector-three');
Note: arrays with more than one index when passing multiple CSS selectors are not currently supported example: .exclude(['#foo', '#bar', '#baz'])
AxeBuilder#options(options: axe.RunOptions)
Specifies options to be used by axe.run
. Will override any other configured options. including calls to AxeBuilder#withRules()
and AxeBuilder#withTags()
. See axe-core API documentation for information on its structure.
1new AxeBuilder({ page }).options({ checks: { 'valid-lang': ['orcish'] } });
AxeBuilder#withRules(rules: String|Array)
Limits analysis to only those with the specified rule IDs. Accepts a String of a single rule ID or an Array of multiple rule IDs. Subsequent calls to AxeBuilder#options
, AxeBuilder#withRules
or AxeBuilder#withRules
will override specified options.
1new AxeBuilder({ page }).withRules('html-lang');
1new AxeBuilder({ page }).withRules(['html-lang', 'image-alt']);
AxeBuilder#withTags(tags: String|Array)
Limits analysis to only those with the specified rule IDs. Accepts a String of a single tag or an Array of multiple tags. Subsequent calls to AxeBuilder#options
, AxeBuilder#withRules
or AxeBuilder#withRules
will override specified options.
1new AxeBuilder({ page }).withTags('wcag2a');
1new AxeBuilder({ page }).withTags(['wcag2a', 'wcag2aa']);
AxeBuilder#disableRules(rules: String|Array)
Skips verification of the rules provided. Accepts a String of a single rule ID or an Array of multiple rule IDs. Subsequent calls to AxeBuilder#options
, AxeBuilder#disableRules
will override specified options.
1new AxeBuilder({ page }).disableRules('color-contrast');
AxeBuilder#setLegacyMode(legacyMode: boolean = true)
Set the frame testing method to "legacy mode". In this mode, axe will not open a blank page in which to aggregate its results. This can be used in an environment where opening a blank page is causes issues.
With legacy mode turned on, axe will fall back to its test solution prior to the 4.3 release, but with cross-origin frame testing disabled. The frame-tested
rule will report which frames were untested.
Important Use of .setLegacyMode()
is a last resort. If you find there is no other solution, please report this as an issue.
1const axe = new AxeBuilder({ page }).setLegacyMode(); 2const result = await axe.analyze(); 3axe.setLegacyMode(false); // Disables legacy mode
No vulnerabilities found.
Reason
all changesets reviewed
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Mozilla Public License 2.0: LICENSE:0
Reason
dependency not pinned by hash detected -- score normalized to 5
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/auto-patch-release.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/auto-patch-release.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/create-release-candidate.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/create-release-candidate.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/deploy.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/deploy.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/deploy.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/deploy.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/deploy.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/deploy.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/semantic-pr-footer.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/semantic-pr-footer.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/semantic-pr-title.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/semantic-pr-title.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync-master-develop.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/sync-master-develop.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:176: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:177: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:190: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:191: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:157: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:158: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-axe-core.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/update-axe-core.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-axe-core.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/update-axe-core.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-axe-core.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/update-axe-core.yml/develop?enable=pin
- Info: 0 out of 28 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 6 third-party GitHubAction dependencies pinned
- Info: 13 out of 13 npmCommand dependencies pinned
Reason
9 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/auto-patch-release.yml:1
- Warn: no topLevel permission defined: .github/workflows/create-release-candidate.yml:1
- Warn: no topLevel permission defined: .github/workflows/deploy.yml:1
- Warn: no topLevel permission defined: .github/workflows/semantic-pr-footer.yml:1
- Warn: no topLevel permission defined: .github/workflows/semantic-pr-title.yml:1
- Warn: no topLevel permission defined: .github/workflows/sync-master-develop.yml:1
- Warn: no topLevel permission defined: .github/workflows/tests.yml:1
- Warn: no topLevel permission defined: .github/workflows/update-axe-core.yml:1
- Info: no jobLevel write permissions found
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Score
6
/10
Last Scanned on 2024-12-23
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More