Gathering detailed insights and metrics for @axe-core/playwright
Gathering detailed insights and metrics for @axe-core/playwright
Installations
npm install @axe-core/playwrightDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS, ESM
Node Version
18.20.4
NPM Version
lerna/8.1.3/node@v18.20.4+x64 (linux)
Releases
22
Languages
5
JavaScript
TypeScript
HTML
CSS
Shell
JavaScript (59.32%)
TypeScript (40.47%)
HTML (0.12%)
CSS (0.08%)
Shell (0.01%)
Developer
dequelabs
Download Statistics
Total Downloads
34,961,992
Last Day
121,352
Last Week
637,717
Last Month
2,703,900
Last Year
22,323,470
GitHub Statistics
MPL-2.0 License
650 Stars
609 Commits
73 Forks
12 Watchers
77 Branches
40 Contributors
Updated on Apr 30, 2025
Bundle Size
560.28 kB
Minified
149.16 kB
Minified + Gzipped
Maintainers
4
Package Meta Information
Latest Version
4.10.1
Package Id
@axe-core/playwright@4.10.1
Unpacked Size
61.60 kB
Size
11.92 kB
File Count
8
NPM Version
lerna/8.1.3/node@v18.20.4+x64 (linux)
Node Version
18.20.4
Published on
Nov 11, 2024
Total Downloads
Cumulative downloads
Total Downloads
34,961,992
Last Day
50.3%
121,352
Compared to previous day
Last Week
5.4%
637,717
Compared to previous week
Last Month
0.2%
2,703,900
Compared to previous month
Last Year
145.1%
22,323,470
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Peer Dependencies
1
@axe-core/playwright
Provides a chainable axe API for playwright and automatically injects into all frames
Getting Started
Install Node.js if you haven't already.
Install Playwright: npm install playwright
Install @axe-core/playwright: npm install @axe-core/playwright
Usage
This module uses a chainable API to assist in injecting, configuring, and analyzing axe with Playwright. As such, it is required to pass an instance of Playwright.
Here is an example of a script that will drive Playwright to a page, perform an analysis, and then log results to the console.
1const { AxeBuilder } = require('@axe-core/playwright'); 2const playwright = require('playwright'); 3 4(async () => { 5 const browser = await playwright.chromium.launch({ headless: true }); 6 const context = await browser.newContext(); 7 const page = await context.newPage(); 8 await page.goto('https://dequeuniversity.com/demo/mars/'); 9 10 try { 11 const results = await new AxeBuilder({ page }).analyze(); 12 console.log(results); 13 } catch (e) { 14 // do something with the error 15 } 16 17 await browser.close(); 18})();
AxeBuilder({ page: Playwright.Page })
Constructor for the AxeBuilder helper. You must pass an instance of Playwright as the first argument.
1const builder = new AxeBuilder({ page });
AxeBuilder#analyze(): Promise<axe.Results | Error>
Performs analysis and passes any encountered error and/or the result object.
1new AxeBuilder({ page }) 2 .analyze() 3 .then(results => { 4 console.log(results); 5 }) 6 .catch(e => { 7 // Do something with error 8 });
AxeBuilder#include(selector: String | String[])
Adds a CSS selector to the list of elements to include in analysis
1new AxeBuilder({ page }).include('.results-panel');
Method chaining is also available, add multiple CSS selectors to the list of elements to include in analysis
1new AxeBuilder({ page }) 2 .include('.selector-one') 3 .include('.selector-two') 4 .include('.selector-three');
Note: arrays with more than one index when passing multiple CSS selectors are not currently supported example: .include(['#foo', '#bar', '#baz'])
AxeBuilder#exclude(selector: String | String[])
Add a CSS selector to the list of elements to exclude from analysis
1new AxeBuilder({ page }).exclude('.another-element');
Method chaining is also available, add multiple CSS selectors to the list of elements to exclude from analysis
1new AxeBuilder({ page }) 2 .exclude('.selector-one') 3 .exclude('.selector-two') 4 .exclude('.selector-three');
Note: arrays with more than one index when passing multiple CSS selectors are not currently supported example: .exclude(['#foo', '#bar', '#baz'])
AxeBuilder#options(options: axe.RunOptions)
Specifies options to be used by axe.run. Will override any other configured options. including calls to AxeBuilder#withRules() and AxeBuilder#withTags(). See axe-core API documentation for information on its structure.
1new AxeBuilder({ page }).options({ checks: { 'valid-lang': ['orcish'] } });
AxeBuilder#withRules(rules: String|Array)
Limits analysis to only those with the specified rule IDs. Accepts a String of a single rule ID or an Array of multiple rule IDs. Subsequent calls to AxeBuilder#options, AxeBuilder#withRules or AxeBuilder#withRules will override specified options.
1new AxeBuilder({ page }).withRules('html-lang');1new AxeBuilder({ page }).withRules(['html-lang', 'image-alt']);AxeBuilder#withTags(tags: String|Array)
Limits analysis to only those with the specified rule IDs. Accepts a String of a single tag or an Array of multiple tags. Subsequent calls to AxeBuilder#options, AxeBuilder#withRules or AxeBuilder#withRules will override specified options.
1new AxeBuilder({ page }).withTags('wcag2a');1new AxeBuilder({ page }).withTags(['wcag2a', 'wcag2aa']);AxeBuilder#disableRules(rules: String|Array)
Skips verification of the rules provided. Accepts a String of a single rule ID or an Array of multiple rule IDs. Subsequent calls to AxeBuilder#options, AxeBuilder#disableRules will override specified options.
1new AxeBuilder({ page }).disableRules('color-contrast');AxeBuilder#setLegacyMode(legacyMode: boolean = true)
Set the frame testing method to "legacy mode". In this mode, axe will not open a blank page in which to aggregate its results. This can be used in an environment where opening a blank page is causes issues.
With legacy mode turned on, axe will fall back to its test solution prior to the 4.3 release, but with cross-origin frame testing disabled. The frame-tested rule will report which frames were untested.
Important Use of .setLegacyMode() is a last resort. If you find there is no other solution, please report this as an issue.
1const axe = new AxeBuilder({ page }).setLegacyMode(); 2const result = await axe.analyze(); 3axe.setLegacyMode(false); // Disables legacy mode
No vulnerabilities found.
Reason
all changesets reviewed
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Mozilla Public License 2.0: LICENSE:0
Reason
7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Reason
dependency not pinned by hash detected -- score normalized to 5
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/auto-patch-release.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/auto-patch-release.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/create-release-candidate.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/create-release-candidate.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/deploy.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/deploy.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/deploy.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/deploy.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/deploy.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/deploy.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/semantic-pr-footer.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/semantic-pr-footer.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/semantic-pr-title.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/semantic-pr-title.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync-master-develop.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/sync-master-develop.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:176: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:177: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:190: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:191: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:157: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:158: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-axe-core.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/update-axe-core.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-axe-core.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/update-axe-core.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-axe-core.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/update-axe-core.yml/develop?enable=pin
- Info: 0 out of 28 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 6 third-party GitHubAction dependencies pinned
- Info: 13 out of 13 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/auto-patch-release.yml:1
- Warn: no topLevel permission defined: .github/workflows/create-release-candidate.yml:1
- Warn: no topLevel permission defined: .github/workflows/deploy.yml:1
- Warn: no topLevel permission defined: .github/workflows/semantic-pr-footer.yml:1
- Warn: no topLevel permission defined: .github/workflows/semantic-pr-title.yml:1
- Warn: no topLevel permission defined: .github/workflows/sync-master-develop.yml:1
- Warn: no topLevel permission defined: .github/workflows/tests.yml:1
- Warn: no topLevel permission defined: .github/workflows/update-axe-core.yml:1
- Info: no jobLevel write permissions found
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Reason
19 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q
- Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
- Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
- Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx
- Warn: Project is vulnerable to: GHSA-3mv9-4h5g-vhg3
- Warn: Project is vulnerable to: GHSA-c76h-2ccp-4975
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
5.3
/10
Last Scanned on 2025-05-05
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More