Gathering detailed insights and metrics for @fingerprintjs/fingerprintjs
Gathering detailed insights and metrics for @fingerprintjs/fingerprintjs
The most advanced browser fingerprinting library.
Installations
npm install @fingerprintjs/fingerprintjsDeveloper
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
Typescript Support
Yes
Node Version
NPM Version
Statistics
23,285 Stars
855 Commits
2,309 Forks
426 Watching
5 Branches
94 Contributors
Updated on 28 Nov 2024
Languages
TypeScript (98.56%)
HTML (1.44%)
Total Downloads
Cumulative downloads
Total Downloads
40,658,942
Last day
-20.9%
48,988
Compared to previous day
Last week
-6.6%
266,136
Compared to previous week
Last month
14.9%
1,164,358
Compared to previous month
Last year
-14.1%
12,147,653
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Dev Dependencies
29
@fpjs-incubator/broyster@rollup/plugin-json@rollup/plugin-node-resolve@rollup/plugin-terser@rollup/plugin-typescript@types/jasmine@types/ua-parser-js@typescript-eslint/eslint-plugin@typescript-eslint/parsereslinteslint-config-prettiereslint-plugin-prettierfile-loadergothtml-webpack-pluginkarmaprettierrimrafrolluprollup-plugin-dtsrollup-plugin-licenseterser-webpack-plugints-loaderts-nodetypescriptua-parser-jswebpackwebpack-cliwebpack-dev-server
Versions
FingerprintJS is a source-available, client-side, browser fingerprinting library that queries browser attributes and computes a hashed visitor identifier from them. Unlike cookies and local storage, a fingerprint stays the same in incognito/private mode and even when browser data is purged.
FingerprintJS is available under a BSL license for non-production purposes.
FingerprintJS is different from Fingerprint Identification, our more detailed and accurate commercial product. See below for more information.
Demo
Visit https://fingerprintjs.github.io/fingerprintjs to see your visitor identifier.
Now, try visiting the same page in private / incognito mode and notice how the visitor identifier remains the same!
Getting Started
1<script> 2 // Initialize the agent at application startup. 3 // If you're using an ad blocker or Brave/Firefox, this import will not work. 4 // Please use the NPM package instead: https://t.ly/ORyXk 5 const fpPromise = import('https://openfpcdn.io/fingerprintjs/v4') 6 .then(FingerprintJS => FingerprintJS.load()) 7 8 // Get the visitor identifier when you need it. 9 fpPromise 10 .then(fp => fp.get()) 11 .then(result => { 12 // This is the visitor identifier: 13 const visitorId = result.visitorId 14 console.log(visitorId) 15 }) 16</script>
Resources
⚛️ Sample usage with React on the StackBlitz platform
Limitations
Accuracy
Since FingerprintJS processes and generates the fingerprints from within the browser itself, the accuracy is limited (40% - 60%). For example, when 2 different users send requests using identical (i.e. same version, same vendor, same platform), browsers, FingerprintJS will not be able to tell these two browsers apart, primarily because the attributes from these browsers will be identical.
Security
Because of how the fingerprints are processed and generated from within the browser itself, they are vulnerable to spoofing and reverse engineering.
Industry-leading accuracy with Fingerprint Identification
The main difference between FingerprintJS and Fingerprint Identification lies in the number of attributes collected from the browser, how they are processed, and the accuracy in identifying visitors.
Fingerprint Identification is a closed-source, commercial device intelligence platform designed to prevent fraud and improve user experiences. It's an enhanced version of FingerprintJS and has been fully re-designed to solve the most challenging identification use cases. Its source is not available in this or any other public repository.
Unlike FingerprintJS, Fingerprint Identification is able to achieve industry-leading accuracy because it processes the browser attributes on the server and also analyzes vast amounts of auxiliary data (e.g. IP addresses, time of visit patterns, URL changes, etc.). Because of these advanced matching techniques, Fingerprint Identification is able to reliably deduplicate different visitors that have identical devices.
Fingerprint Identification is available for Web, Android, iOS, and other platforms. You can easily get started by signing up for a free, unlimited 14-day trial.
Check out our comparison table for a detailed breakdown of the differences between FingerprintJS and Fingerprint Identification.
Fingerprint Identification resources
🍿 Fingerprint Identification live demo
📕 Fingerprint Identification documentation
▶️ Video: Use Fingerprint Identification to prevent multiple signups by same user
⏱️ How to upgrade from FingerprintJS to Fingerprint Identification in 30 seconds
Migrating to v4
| Migrating from | Migration Guide | Documentation |
|---|---|---|
| v3 | Migrating from v3 to v4 | v3 documentation |
| v2 | Migrating from v2 to v4 | v2 documentation |
| v1 | Migrating from v1 to v4 | v1 documentation |
Version policy
See the compatibility policy for the API and visitor identifiers in the version policy guide.
Supported browsers
The library supports all popular browsers. See more details and learn how to run the library in old browsers in the browser support guide.
Where to get support
Using Issues and Discussions publicly will help the community and other users with similar issues.
You can also join our Discord server to ask questions, share feedback, and connect with other developers.
If you require private support for FignerprintJS, please email us at oss-support@fingerprint.com.
Contributing
See the Contribution guidelines to learn how to contribute to the project or run the project locally. Please read it carefully before making a pull request.
No vulnerabilities found.
Reason
21 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
Found 21/22 approved changesets -- score normalized to 9
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 28 commits out of 29 are checked with a SAST tool
Reason
1 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check_upcoming_browser_versions.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/fingerprintjs/fingerprintjs/check_upcoming_browser_versions.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check_upcoming_browser_versions.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/fingerprintjs/fingerprintjs/check_upcoming_browser_versions.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/check_upcoming_browser_versions.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/fingerprintjs/fingerprintjs/check_upcoming_browser_versions.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/check_upcoming_browser_versions.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/fingerprintjs/fingerprintjs/check_upcoming_browser_versions.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql_analysis.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/fingerprintjs/fingerprintjs/codeql_analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql_analysis.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/fingerprintjs/fingerprintjs/codeql_analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql_analysis.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/fingerprintjs/fingerprintjs/codeql_analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql_analysis.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/fingerprintjs/fingerprintjs/codeql_analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/fingerprintjs/fingerprintjs/demo.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/fingerprintjs/fingerprintjs/demo.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/demo.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/fingerprintjs/fingerprintjs/demo.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm_publish.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/fingerprintjs/fingerprintjs/npm_publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm_publish.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/fingerprintjs/fingerprintjs/npm_publish.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/npm_publish.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/fingerprintjs/fingerprintjs/npm_publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/fingerprintjs/fingerprintjs/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/fingerprintjs/fingerprintjs/test.yml/master?enable=pin
- Info: 0 out of 12 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 4 third-party GitHubAction dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql_analysis.yml:28
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql_analysis.yml:29
- Warn: no topLevel permission defined: .github/workflows/check_upcoming_browser_versions.yml:1
- Warn: no topLevel permission defined: .github/workflows/codeql_analysis.yml:1
- Warn: no topLevel permission defined: .github/workflows/demo.yml:1
- Warn: no topLevel permission defined: .github/workflows/npm_publish.yml:1
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
6.2
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More