Gathering detailed insights and metrics for @axe-core/webdriverjs
Installations
npm install @axe-core/webdriverjsDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS, ESM
Node Version
18.20.4
NPM Version
lerna/8.1.3/node@v18.20.4+x64 (linux)
Score
88.8
Supply Chain
96.5
Quality
94.4
Maintenance
100
Vulnerability
79.9
License
Releases
22
Contributors
35
Languages
5
JavaScript
TypeScript
HTML
CSS
Shell
JavaScript (59.32%)
TypeScript (40.47%)
HTML (0.12%)
CSS (0.08%)
Shell (0.01%)
Love this project? Help keep it running — sponsor us today! 🚀
Developer
dequelabs
Download Statistics
Total Downloads
2,610,200
Last Day
3,752
Last Week
17,956
Last Month
73,841
Last Year
853,112
GitHub Statistics
637 Stars
599 Commits
68 Forks
13 Watching
77 Branches
35 Contributors
Bundle Size
565.04 kB
Minified
150.24 kB
Minified + Gzipped
Maintainers
4
Package Meta Information
Latest Version
4.10.1
Package Id
@axe-core/webdriverjs@4.10.1
Unpacked Size
77.46 kB
Size
13.67 kB
File Count
8
NPM Version
lerna/8.1.3/node@v18.20.4+x64 (linux)
Node Version
18.20.4
Publised On
11 Nov 2024
Total Downloads
Cumulative downloads
Total Downloads
2,610,200
Last day
12.1%
3,752
Compared to previous day
Last week
14.4%
17,956
Compared to previous week
Last month
56.7%
73,841
Compared to previous month
Last year
13.6%
853,112
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Peer Dependencies
1
Versions
@axe-core/webdriverjs
Provides a chainable axe API for Selenium's WebDriverJS and automatically injects into all frames.
Previous versions of this program were maintained at dequelabs/axe-webdriverjs.
Getting Started
Install Node.js if you haven't already.
Download and install any necessary browser drivers on your machine's PATH. More on Webdriver setup.
To install the latest version of Chromedriver globally, install browser-driver-manager: npm install -g browser-driver-manager. Then run npx browser-driver-manager install chrome.
Install Selenium Webdriver: npm install selenium-webdriver
Install @axe-core/webdriverjs: npm install @axe-core/webdriverjs
Usage
This module uses a chainable API to assist in injecting, configuring, and analyzing axe with WebdriverJS. As such, it is required to pass an instance of WebdriverJS.
Here is an example of a script that will drive WebdriverJS to a page, perform an analysis, and then log results to the console.
1const { AxeBuilder } = require('@axe-core/webdriverjs'); 2const { Builder } = require('selenium-webdriver'); 3const chrome = require('selenium-webdriver/chrome'); 4 5(async () => { 6 const driver = new Builder() 7 .forBrowser('chrome') 8 .setChromeOptions(new chrome.Options().headless()) 9 .build(); 10 await driver.get('https://dequeuniversity.com/demo/mars/'); 11 12 try { 13 const results = await new AxeBuilder(driver).analyze(); 14 console.log(results); 15 } catch (e) { 16 // do something with the error 17 } 18 19 await driver.quit(); 20})();
AxeBuilder(driver: Webdriver.WebDriver[, axeSource: string])
Constructor for the AxeBuilder helper. You must pass an instance of WebdriverJS as the first argument.
1const builder = new AxeBuilder(driver);
If you wish to run a specific version of axe-core, you can pass the source of axe-core source file in as a string. Doing so will mean @axe-core/webdriverjs run this version of axe-core, instead of the one installed as a dependency of @axe-core/webdriverjs.
1const axeSource = fs.readFileSync('./axe-1.0.js', 'utf-8'); 2const builder = new AxeBuilder(driver, axeSource);
AxeBuilder#analyze(): Promise<axe.Results>
Performs analysis and passes any encountered error and/or the result object.
1new AxeBuilder(driver).analyze((err, results) => { 2 if (err) { 3 // Do something with error 4 } 5 console.log(results); 6});
1new AxeBuilder(driver) 2 .analyze() 3 .then(results => { 4 console.log(results); 5 }) 6 .catch(e => { 7 // Do something with error 8 });
AxeBuilder#include(selector: String)
Adds a CSS selector to the list of elements to include in analysis
1new AxeBuilder(driver).include('.results-panel');
AxeBuilder#exclude(selector: String)
Add a CSS selector to the list of elements to exclude from analysis
1new AxeBuilder(driver).include('.some-element').exclude('.another-element');
AxeBuilder#options(options: axe.RunOptions)
Specifies options to be used by axe.run. Will override any other configured options. including calls to AxeBuilder#withRules() and AxeBuilder#withTags(). See axe-core API documentation for information on its structure.
1new AxeBuilder(driver).options({ checks: { 'valid-lang': ['orcish'] } });
AxeBuilder#withRules(rules: String|Array)
Limits analysis to only those with the specified rule IDs. Accepts a String of a single rule ID or an Array of multiple rule IDs. Subsequent calls to AxeBuilder#options, AxeBuilder#withRules or AxeBuilder#withRules will override specified options.
1new AxeBuilder(driver).withRules('html-lang');1new AxeBuilder(driver).withRules(['html-lang', 'image-alt']);AxeBuilder#withTags(tags: String|Array)
Limits analysis to only those with the specified rule IDs. Accepts a String of a single tag or an Array of multiple tags. Subsequent calls to AxeBuilder#options, AxeBuilder#withRules or AxeBuilder#withRules will override specified options.
1new AxeBuilder(driver).withTags('wcag2a');1new AxeBuilder(driver).withTags(['wcag2a', 'wcag2aa']);AxeBuilder#disableRules(rules: String|Array)
Skips verification of the rules provided. Accepts a String of a single rule ID or an Array of multiple rule IDs. Subsequent calls to AxeBuilder#options, AxeBuilder#disableRules will override specified options.
1new AxeBuilder(driver).disableRules('color-contrast');AxeBuilder#configure(config: axe.Spec)
Inject an axe configuration object to modify the ruleset before running Analyze. Subsequent calls to this method will invalidate previous ones by calling axe.configure and replacing the config object. See axe-core API documentation for documentation on the object structure.
1const config = { 2 checks: axe.Check[], 3 rules: axe.Rule[] 4} 5 6new AxeBuilder(driver).configure(config).analyze((err, results) => { 7 if (err) { 8 // Handle error somehow 9 } 10 console.log(results) 11})
AxeBuilder#setLegacyMode(legacyMode: boolean = true)
Set the frame testing method to "legacy mode". In this mode, axe will not open a blank page in which to aggregate its results. This can be used in an environment where opening a blank page is causes issues.
With legacy mode turned on, axe will fall back to its test solution prior to the 4.3 release, but with cross-origin frame testing disabled. The frame-tested rule will report which frames were untested.
Important Use of .setLegacyMode() is a last resort. If you find there is no other solution, please report this as an issue.
1const axe = new AxeBuilder(driver).setLegacyMode(); 2const result = await axe.analyze(); 3axe.setLegacyMode(false); // Disables legacy mode
WebdriverJS Example
We have created an example test suite showcasing the functionality of axe-core WebdriverJS.
To run the test:
- Navigate to:
/webdriverjs/tests/example - Install node modules:
npm install - Run tests:
npm test
No vulnerabilities found.
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
all changesets reviewed
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Mozilla Public License 2.0: LICENSE:0
Reason
dependency not pinned by hash detected -- score normalized to 5
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/auto-patch-release.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/auto-patch-release.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/create-release-candidate.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/create-release-candidate.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/deploy.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/deploy.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/deploy.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/deploy.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/deploy.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/deploy.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/semantic-pr-footer.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/semantic-pr-footer.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/semantic-pr-title.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/semantic-pr-title.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync-master-develop.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/sync-master-develop.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:157: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:158: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:176: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:177: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:190: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:191: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-axe-core.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/update-axe-core.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-axe-core.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/update-axe-core.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-axe-core.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/update-axe-core.yml/develop?enable=pin
- Info: 0 out of 28 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 6 third-party GitHubAction dependencies pinned
- Info: 13 out of 13 npmCommand dependencies pinned
Reason
4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/auto-patch-release.yml:1
- Warn: no topLevel permission defined: .github/workflows/create-release-candidate.yml:1
- Warn: no topLevel permission defined: .github/workflows/deploy.yml:1
- Warn: no topLevel permission defined: .github/workflows/semantic-pr-footer.yml:1
- Warn: no topLevel permission defined: .github/workflows/semantic-pr-title.yml:1
- Warn: no topLevel permission defined: .github/workflows/sync-master-develop.yml:1
- Warn: no topLevel permission defined: .github/workflows/tests.yml:1
- Warn: no topLevel permission defined: .github/workflows/update-axe-core.yml:1
- Info: no jobLevel write permissions found
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Reason
10 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-c76h-2ccp-4975
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
5.1
/10
Last Scanned on 2025-02-03
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More