Gathering detailed insights and metrics for @axe-core/webdriverjs
Gathering detailed insights and metrics for @axe-core/webdriverjs
Installations
npm install @axe-core/webdriverjsDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS, ESM
Node Version
22.16.0
NPM Version
lerna/8.1.3/node@v22.16.0+x64 (linux)
Score
92.3
Supply Chain
96.5
Quality
97.1
Maintenance
100
Vulnerability
79
License
Releases
23
Languages
5
JavaScript
TypeScript
HTML
CSS
Shell
JavaScript (59.3%)
TypeScript (40.49%)
HTML (0.12%)
CSS (0.08%)
Shell (0.01%)
Developer
dequelabs
Download Statistics
Total Downloads
2,892,431
Last Day
595
Last Week
15,826
Last Month
77,185
Last Year
843,852
GitHub Statistics
MPL-2.0 License
661 Stars
620 Commits
73 Forks
12 Watchers
75 Branches
40 Contributors
Updated on Jul 02, 2025
Bundle Size
565.19 kB
Minified
150.36 kB
Minified + Gzipped
Maintainers
4
Package Meta Information
Latest Version
4.10.2
Package Id
@axe-core/webdriverjs@4.10.2
Unpacked Size
77.46 kB
Size
13.67 kB
File Count
8
NPM Version
lerna/8.1.3/node@v22.16.0+x64 (linux)
Node Version
22.16.0
Published on
Jun 03, 2025
Total Downloads
Cumulative downloads
Total Downloads
2,892,431
Last Day
-15.7%
595
Compared to previous day
Last Week
-20.2%
15,826
Compared to previous week
Last Month
0.8%
77,185
Compared to previous month
Last Year
4.5%
843,852
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Peer Dependencies
1
@axe-core/webdriverjs
Provides a chainable axe API for Selenium's WebDriverJS and automatically injects into all frames.
Previous versions of this program were maintained at dequelabs/axe-webdriverjs.
Getting Started
Install Node.js if you haven't already.
Download and install any necessary browser drivers on your machine's PATH. More on Webdriver setup.
To install the latest version of Chromedriver globally, install browser-driver-manager: npm install -g browser-driver-manager. Then run npx browser-driver-manager install chrome.
Install Selenium Webdriver: npm install selenium-webdriver
Install @axe-core/webdriverjs: npm install @axe-core/webdriverjs
Usage
This module uses a chainable API to assist in injecting, configuring, and analyzing axe with WebdriverJS. As such, it is required to pass an instance of WebdriverJS.
Here is an example of a script that will drive WebdriverJS to a page, perform an analysis, and then log results to the console.
1const { AxeBuilder } = require('@axe-core/webdriverjs'); 2const { Builder } = require('selenium-webdriver'); 3const chrome = require('selenium-webdriver/chrome'); 4 5(async () => { 6 const driver = new Builder() 7 .forBrowser('chrome') 8 .setChromeOptions(new chrome.Options().headless()) 9 .build(); 10 await driver.get('https://dequeuniversity.com/demo/mars/'); 11 12 try { 13 const results = await new AxeBuilder(driver).analyze(); 14 console.log(results); 15 } catch (e) { 16 // do something with the error 17 } 18 19 await driver.quit(); 20})();
AxeBuilder(driver: Webdriver.WebDriver[, axeSource: string])
Constructor for the AxeBuilder helper. You must pass an instance of WebdriverJS as the first argument.
1const builder = new AxeBuilder(driver);
If you wish to run a specific version of axe-core, you can pass the source of axe-core source file in as a string. Doing so will mean @axe-core/webdriverjs run this version of axe-core, instead of the one installed as a dependency of @axe-core/webdriverjs.
1const axeSource = fs.readFileSync('./axe-1.0.js', 'utf-8'); 2const builder = new AxeBuilder(driver, axeSource);
AxeBuilder#analyze(): Promise<axe.Results>
Performs analysis and passes any encountered error and/or the result object.
1new AxeBuilder(driver).analyze((err, results) => { 2 if (err) { 3 // Do something with error 4 } 5 console.log(results); 6});
1new AxeBuilder(driver) 2 .analyze() 3 .then(results => { 4 console.log(results); 5 }) 6 .catch(e => { 7 // Do something with error 8 });
AxeBuilder#include(selector: String)
Adds a CSS selector to the list of elements to include in analysis
1new AxeBuilder(driver).include('.results-panel');
AxeBuilder#exclude(selector: String)
Add a CSS selector to the list of elements to exclude from analysis
1new AxeBuilder(driver).include('.some-element').exclude('.another-element');
AxeBuilder#options(options: axe.RunOptions)
Specifies options to be used by axe.run. Will override any other configured options. including calls to AxeBuilder#withRules() and AxeBuilder#withTags(). See axe-core API documentation for information on its structure.
1new AxeBuilder(driver).options({ checks: { 'valid-lang': ['orcish'] } });
AxeBuilder#withRules(rules: String|Array)
Limits analysis to only those with the specified rule IDs. Accepts a String of a single rule ID or an Array of multiple rule IDs. Subsequent calls to AxeBuilder#options, AxeBuilder#withRules or AxeBuilder#withRules will override specified options.
1new AxeBuilder(driver).withRules('html-lang');1new AxeBuilder(driver).withRules(['html-lang', 'image-alt']);AxeBuilder#withTags(tags: String|Array)
Limits analysis to only those with the specified rule IDs. Accepts a String of a single tag or an Array of multiple tags. Subsequent calls to AxeBuilder#options, AxeBuilder#withRules or AxeBuilder#withRules will override specified options.
1new AxeBuilder(driver).withTags('wcag2a');1new AxeBuilder(driver).withTags(['wcag2a', 'wcag2aa']);AxeBuilder#disableRules(rules: String|Array)
Skips verification of the rules provided. Accepts a String of a single rule ID or an Array of multiple rule IDs. Subsequent calls to AxeBuilder#options, AxeBuilder#disableRules will override specified options.
1new AxeBuilder(driver).disableRules('color-contrast');AxeBuilder#configure(config: axe.Spec)
Inject an axe configuration object to modify the ruleset before running Analyze. Subsequent calls to this method will invalidate previous ones by calling axe.configure and replacing the config object. See axe-core API documentation for documentation on the object structure.
1const config = { 2 checks: axe.Check[], 3 rules: axe.Rule[] 4} 5 6new AxeBuilder(driver).configure(config).analyze((err, results) => { 7 if (err) { 8 // Handle error somehow 9 } 10 console.log(results) 11})
AxeBuilder#setLegacyMode(legacyMode: boolean = true)
Set the frame testing method to "legacy mode". In this mode, axe will not open a blank page in which to aggregate its results. This can be used in an environment where opening a blank page is causes issues.
With legacy mode turned on, axe will fall back to its test solution prior to the 4.3 release, but with cross-origin frame testing disabled. The frame-tested rule will report which frames were untested.
Important Use of .setLegacyMode() is a last resort. If you find there is no other solution, please report this as an issue.
1const axe = new AxeBuilder(driver).setLegacyMode(); 2const result = await axe.analyze(); 3axe.setLegacyMode(false); // Disables legacy mode
WebdriverJS Example
We have created an example test suite showcasing the functionality of axe-core WebdriverJS.
To run the test:
- Navigate to:
/webdriverjs/tests/example - Install node modules:
npm install - Run tests:
npm test
No vulnerabilities found.
Reason
all changesets reviewed
Reason
15 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Mozilla Public License 2.0: LICENSE:0
Reason
dependency not pinned by hash detected -- score normalized to 5
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/auto-patch-release.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/auto-patch-release.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/create-release-candidate.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/create-release-candidate.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/deploy.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/deploy.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/deploy.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/deploy.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/deploy.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/deploy.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/semantic-pr-footer.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/semantic-pr-footer.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/semantic-pr-title.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/semantic-pr-title.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync-master-develop.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/sync-master-develop.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:157: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:158: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:176: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:177: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:190: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:191: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/tests.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-axe-core.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/update-axe-core.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-axe-core.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/update-axe-core.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-axe-core.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/dequelabs/axe-core-npm/update-axe-core.yml/develop?enable=pin
- Info: 0 out of 28 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 6 third-party GitHubAction dependencies pinned
- Info: 13 out of 13 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/auto-patch-release.yml:1
- Warn: no topLevel permission defined: .github/workflows/create-release-candidate.yml:1
- Warn: no topLevel permission defined: .github/workflows/deploy.yml:1
- Warn: no topLevel permission defined: .github/workflows/semantic-pr-footer.yml:1
- Warn: no topLevel permission defined: .github/workflows/semantic-pr-title.yml:1
- Warn: no topLevel permission defined: .github/workflows/sync-master-develop.yml:1
- Warn: no topLevel permission defined: .github/workflows/tests.yml:1
- Warn: no topLevel permission defined: .github/workflows/update-axe-core.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Reason
14 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q
- Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
- Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx
- Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v
- Warn: Project is vulnerable to: GHSA-c76h-2ccp-4975
- Warn: Project is vulnerable to: GHSA-cxrh-j4jr-qwg3
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
5.9
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More