Gathering detailed insights and metrics for browserslist
Approximately 800 new packages are uploaded to the npm registry every day. This number can vary, but it reflects the active and growing nature of the JavaScript development community.
Gathering detailed insights and metrics for browserslist
Approximately 800 new packages are uploaded to the npm registry every day. This number can vary, but it reflects the active and growing nature of the JavaScript development community.
npm install browserslist
89.2
Supply Chain
90
Quality
88.9
Maintenance
100
Vulnerability
13,029 Stars
1,436 Commits
714 Forks
138 Watching
3 Branches
178 Contributors
Updated on 13 Nov 2024
Minified
Minified + Gzipped
JavaScript (100%)
Cumulative downloads
Total Downloads
Last day
11%
11,133,781
Compared to previous day
Last week
14.3%
58,014,668
Compared to previous week
Last month
14.6%
237,977,763
Compared to previous month
Last year
13.8%
2,456,202,846
Compared to previous year
The config to share target browsers and Node.js versions between different front-end tools. It is used in:
All tools will find target browsers automatically,
when you add the following to package.json
:
1 "browserslist": [ 2 "defaults and fully supports es6-module", 3 "maintained node versions" 4 ]
Or in .browserslistrc
config:
1# Browsers that we support 2 3defaults and fully supports es6-module 4maintained node versions
Developers set their version lists using queries like last 2 versions
to be free from updating versions manually.
Browserslist will use caniuse-lite
with Can I Use data for this queries.
You can check how config works at our playground: browsersl.ist
Browserslist needs your support. We are accepting donations at Open Collective.
npx browserslist
in your project directory to see project’s
target browsers. This CLI tool is built-in and available in any project
with Autoprefixer.browserslist-lint
checks your config for popular mistakes.caniuse-lite
update-browserslist-db
is a CLI tool to update browsers DB for queries
like last 2 version
or >1%
.browserslist-update-action
is a GitHub Action to automatically
run update-browserslist-db
and proposes a pull request to merge updates.browserslist-useragent-regexp
compiles Browserslist query to a RegExp
to test browser useragent.browserslist-useragent-ruby
is a Ruby library to check browser
by user agent string to match Browserslist.>5% in my stats
:browserslist-ga
and browserslist-ga-export
download your website
browsers statistics to use it in > 0.5% in my stats
query.browserslist-new-relic
generates a custom usage data file for Browserslistbrowserslist-adobe-analytics
uses Adobe Analytics data to target browsers
from your New Relic Browser data.browserslist-rs
is a Browserslist port to Rust.browserslist-browserstack
runs BrowserStack tests for all browsers
in Browserslist config.These extensions will add syntax highlighting for .browserslistrc
files.
There is a defaults
query, which gives a reasonable configuration
for most users:
1 "browserslist": [ 2 "defaults" 3 ]
If you want to change the default set of browsers, we recommend including
last 2 versions, not dead, > 0.2%
. This is because last n versions
on its
own does not add popular old versions, while only using a percentage of usage
numbers above 0.2%
will in the long run make popular browsers even more
popular. We might run into a monopoly and stagnation situation, as we had with
Internet Explorer 6. Please use this setting with caution.
Select browsers directly (last 2 Chrome versions
) only if you are making
a web app for a kiosk with one browser. There are a lot of browsers
on the market. If you are making general web app you should respect
browsers diversity.
Don’t remove browsers just because you don’t know them. Opera Mini has 100 million users in Africa and it is more popular in the global market than Microsoft Edge. Chinese QQ Browsers has more market share than Firefox and desktop Safari combined.
Browserslist will use browsers and Node.js versions query from one of these sources:
.browserslistrc
config file in current or parent directories.browserslist
key in package.json
file in current or parent directories.browserslist
config file in current or parent directories.BROWSERSLIST
environment variable.> 0.5%, last 2 versions, Firefox ESR, not dead
.An or
combiner can use the keyword or
as well as ,
.
last 1 version or > 1%
is equal to last 1 version, > 1%
.
and
query combinations are also supported to perform an
intersection of all the previous queries:
last 1 version or chrome > 75 and > 1%
will select
(browser last version
or Chrome since 76
) and more than 1% marketshare
.
There are 3 different ways to combine queries as depicted below. First you start with a single query and then we combine the queries to get our final list.
Obviously you can not start with a not
combiner, since there is no left-hand
side query to combine it with. The left-hand is always resolved as and
combiner even if or
is used (this is an API implementation specificity).
Query combiner type | Illustration | Example |
---|---|---|
or /, combiner (union) | > .5% or last 2 versions > .5%, last 2 versions | |
and combiner (intersection) | > .5% and last 2 versions | |
not combiner (relative complement) | These three are equivalent to one another: > .5% and not last 2 versions > .5% or not last 2 versions > .5%, not last 2 versions |
A quick way to test your query is to do npx browserslist '> 0.3%, not dead'
in your terminal.
You can specify the browser and Node.js versions by queries (case insensitive):
defaults
: Browserslist’s default browsers
(> 0.5%, last 2 versions, Firefox ESR, not dead
).> 5%
: browsers versions selected by global usage statistics.
>=
, <
and <=
work too.> 5% in US
: uses USA usage statistics.
It accepts two-letter country code.> 5% in alt-AS
: uses Asia region usage statistics.
List of all region codes can be found at caniuse-lite/data/regions
.> 5% in my stats
: uses custom usage data.> 5% in browserslist-config-mycompany stats
: uses custom usage data
from browserslist-config-mycompany/browserslist-stats.json
.cover 99.5%
: most popular browsers that provide coverage.cover 99.5% in US
: same as above, with two-letter country code.cover 99.5% in my stats
: uses custom usage data.last 2 versions
: the last 2 versions for each browser.last 2 Chrome versions
: the last 2 versions of Chrome browser.last 2 major versions
or last 2 iOS major versions
:
all minor/patch releases of last 2 major versions.dead
: browsers without official support or updates for 24 months.
Right now it is IE 11
, IE_Mob 11
, BlackBerry 10
, BlackBerry 7
,
Samsung 4
, OperaMobile 12.1
and all versions of Baidu
.node 10
and node 10.4
: selects latest Node.js 10.x.x
or 10.4.x
release.last 2 node versions
: select 2 latest Node.js releases.last 2 node major versions
: select 2 latest major-version Node.js releases.current node
: Node.js version used by Browserslist right now.maintained node versions
: all Node.js versions, which are still maintained
by Node.js Foundation.iOS 7
: the iOS browser version 7 directly. Note, that op_mini
has special version all
.Firefox > 20
: versions of Firefox newer than 20.
>=
, <
and <=
work too. It also works with Node.js.ie 6-8
: selects an inclusive range of versions.Firefox ESR
: the latest Firefox Extended Support Release.PhantomJS 2.1
and PhantomJS 1.9
: selects Safari versions similar
to PhantomJS runtime.extends browserslist-config-mycompany
: take queries from
browserslist-config-mycompany
npm package.es6
and es6-module
are the the feat
parameter
from the URL of the Can I Use page. A list of all available features can be
found at caniuse-lite/data/features
.
fully supports es6
: browsers with full support for specific
features. For example, fully supports css-grid
will omit Edge 12-15, as
those browser versions are marked as having partial support.partially supports es6-module
or supports es6-module
: browsers with
full or partial support for specific features. For example,
partially supports css-grid
will include Edge 12-15 support, as those
browser versions are marked as having partial support.browserslist config
: the browsers defined in Browserslist config. Useful
in Differential Serving to modify user’s config like
browserslist config and fully supports es6-module
.since 2015
or last 2 years
: all versions released since year 2015
(also since 2015-03
and since 2015-03-10
).unreleased versions
or unreleased Chrome versions
:
alpha and beta versions.not ie <= 8
: exclude IE 8 and lower from previous queries.You can add not
to any query.
There is a grammar specification about the query syntax, which may be helpful if you're implementing a parser or something else.
Run npx browserslist
in a project directory to see which browsers were selected
by your queries.
1$ npx browserslist 2and_chr 61 3and_ff 56 4and_qq 1.2 5and_uc 11.4 6android 56 7baidu 7.12 8bb 10 9chrome 62 10edge 16 11firefox 56 12ios_saf 11 13opera 48 14safari 11 15samsung 5
The following table maps browser names & their target devices into identifiers used by browserslist.
Browser Name | Desktop | Android | iOS | Other Mobile |
---|---|---|---|---|
Android (WebView) | Android | |||
Baidu | Baidu | |||
BlackBerry | BlackBerry bb | |||
Chrome | Chrome | ChromeAndroid and_chr | ↪︎ ios_saf 2 | |
Edge | Edge | ↪︎ and_chr | ↪︎ ios_saf 2 | |
Electron | Electron | |||
Firefox | Firefox ff | FirefoxAndroid and_ff | ↪︎ ios_saf 2 | |
Internet Explorer | Explorer ie | ie_mob | ||
Node.js | Node | |||
KaiOS Browser | kaios | |||
Opera | Opera | op_mob 1 | ↪︎ ios_saf 2 | |
Opera Mini3 | OperaMini op_mini | |||
QQ browser | and_qq | |||
Safari | Safari | iOS ios_saf | ||
Samsung Internet | Samsung | |||
UC Browser | UCAndroid and_uc |
↪︎ name
implies that the browser uses the same engine captured by name
op_mini
targets at the “Extreme” one.
“High” is compatible with the normal Opera Mobile.package.json
If you want to reduce config files in project root, you can specify
browsers in package.json
with browserslist
key:
1{ 2 "private": true, 3 "dependencies": { 4 "autoprefixer": "^6.5.4" 5 }, 6 "browserslist": [ 7 "last 1 version", 8 "> 1%", 9 "not dead" 10 ] 11}
.browserslistrc
Separated Browserslist config should be named .browserslistrc
and have browsers queries split by a new line.
Each line is combined with the or
combiner. Comments starts with #
symbol:
1# Browsers that we support 2 3last 1 version 4> 1% 5not dead # no browsers without security updates
Browserslist will check config in every directory in path
.
So, if tool process app/styles/main.css
, you can put config to root,
app/
or app/styles
.
You can specify direct path in BROWSERSLIST_CONFIG
environment variables.
You can use the following query to reference an exported Browserslist config from another package:
1 "browserslist": [ 2 "extends browserslist-config-mycompany" 3 ]
For security reasons, external configuration only supports packages that have
the browserslist-config-
prefix. npm scoped packages are also supported, by
naming or prefixing the module with @scope/browserslist-config
, such as
@scope/browserslist-config
or @scope/browserslist-config-mycompany
.
If you don’t accept Browserslist queries from users, you can disable the
validation by using the or BROWSERSLIST_DANGEROUS_EXTEND
environment variable.
1BROWSERSLIST_DANGEROUS_EXTEND=1 npx webpack
Because this uses npm
's resolution, you can also reference specific files
in a package:
1 "browserslist": [ 2 "extends browserslist-config-mycompany/desktop", 3 "extends browserslist-config-mycompany/mobile" 4 ]
When writing a shared Browserslist package, just export an array.
browserslist-config-mycompany/index.js
:
1module.exports = [ 2 'last 1 version', 3 '> 1%', 4 'not dead' 5]
You can also include a browserslist-stats.json
file as part of your shareable
config at the root and query it using
> 5% in browserslist-config-mycompany stats
. It uses the same format
as extends
and the dangerousExtend
property as above.
You can export configs for different environments and select environment
by BROWSERSLIST_ENV
or env
option in your tool:
1module.exports = { 2 development: [ 3 'last 1 version' 4 ], 5 production: [ 6 'last 1 version', 7 '> 1%', 8 'not dead' 9 ] 10}
You can also specify different browser queries for various environments.
Browserslist will choose query according to BROWSERSLIST_ENV
or NODE_ENV
variables. If none of them is declared, Browserslist will firstly look
for production
queries and then use defaults.
In package.json
:
1 "browserslist": { 2 "production": [ 3 "> 1%", 4 "not dead" 5 ], 6 "modern": [ 7 "last 1 chrome version", 8 "last 1 firefox version" 9 ], 10 "ssr": [ 11 "node 12" 12 ] 13 }
In .browserslistrc
config:
1[production] 2> 1% 3not dead 4 5[modern] 6last 1 chrome version 7last 1 firefox version 8 9[ssr] 10node 12
If you have a website, you can query against the usage statistics of your site.
browserslist-ga
will ask access to Google Analytics and then generate
browserslist-stats.json
:
npx browserslist-ga
Or you can use browserslist-ga-export
to convert Google Analytics data without giving a password for Google account.
You can generate usage statistics file by any other method. File format should be like:
1{ 2 "ie": { 3 "6": 0.01, 4 "7": 0.4, 5 "8": 1.5 6 }, 7 "chrome": { 8 … 9 }, 10 … 11}
Note that you can query against your custom usage data while also querying
against global or regional data. For example, the query
> 1% in my stats, > 5% in US, 10%
is permitted.
1const browserslist = require('browserslist') 2 3// Your CSS/JS build tool code 4function process (source, opts) { 5 const browsers = browserslist(opts.overrideBrowserslist, { 6 stats: opts.stats, 7 path: opts.file, 8 env: opts.env 9 }) 10 // Your code to add features for selected browsers 11}
Queries can be a string "> 1%, not dead"
or an array ['> 1%', 'not dead']
.
If a query is missing, Browserslist will look for a config file.
You can provide a path
option (that can be a file) to find the config file
relatively to it.
Options:
path
: file or a directory path to look for config file. Default is .
.env
: what environment section use from config. Default is production
.stats
: custom usage statistics data.config
: path to config if you want to set it manually.ignoreUnknownVersions
: do not throw on direct query (like ie 12
).
Default is false
.dangerousExtend
: Disable security checks for extend
query.
Default is false
.throwOnMissing
: throw an error if env is not found.
Default is false
.mobileToDesktop
: Use desktop browsers if Can I Use doesn’t have data
about this mobile version. Can I Use has only data about
latest versions of mobile browsers. By default, last 2 and_ff versions
returns and_ff 90
and with this option it returns and_ff 91, and_ff 90
.
This option may lead to unknown browser version error (in example Can I Use
doesn’t have data for and_ff 91
yet). Default is false
.For non-JS environment and debug purpose you can use CLI tool:
1browserslist "> 1%, not dead"
You can get total users coverage for selected browsers by JS API:
1browserslist.coverage(browserslist('> 1%')) 2//=> 81.4
1browserslist.coverage(browserslist('> 1% in US'), 'US') 2//=> 83.1
1browserslist.coverage(browserslist('> 1% in my stats'), 'my stats') 2//=> 83.1
1browserslist.coverage(browserslist('> 1% in my stats', { stats }), stats) 2//=> 82.2
Or by CLI:
1$ browserslist --coverage "> 1%" 2These browsers account for 81.4% of all users globally
1$ browserslist --coverage=US "> 1% in US" 2These browsers account for 83.1% of all users in the US
1$ browserslist --coverage "> 1% in my stats" 2These browsers account for 83.1% of all users in custom statistics
1$ browserslist --coverage "> 1% in my stats" --stats=./stats.json 2These browsers account for 83.1% of all users in custom statistics
If a tool uses Browserslist inside, you can change the Browserslist settings with environment variables:
BROWSERSLIST
with browsers queries.
1BROWSERSLIST="> 5%" npx webpack
BROWSERSLIST_CONFIG
with path to config file.
1BROWSERSLIST_CONFIG=./config/browserslist npx webpack
BROWSERSLIST_ENV
with environments string.
1BROWSERSLIST_ENV="development" npx webpack
BROWSERSLIST_STATS
with path to the custom usage data
for > 1% in my stats
query.
1BROWSERSLIST_STATS=./config/usage_data.json npx webpack
BROWSERSLIST_DISABLE_CACHE
if you want to disable config reading cache.
1BROWSERSLIST_DISABLE_CACHE=1 npx webpack
BROWSERSLIST_DANGEROUS_EXTEND
to disable security shareable config
name check.
1BROWSERSLIST_DANGEROUS_EXTEND=1 npx webpack
BROWSERSLIST_ROOT_PATH
to prevent reading files above this path.
1BROWSERSLIST_ROOT_PATH=. npx webpack
browserslist.coverage()
Return browsers market coverage.
1const browsers = browserslist('> 1% in US') 2browserslist.coverage(browsers, 'US') //=> 83.1
browserslist.loadConfig()
It is like calling browserslist()
, but it returns config’s queries,
not browsers.
1browserslist.loadConfig({ file: process.cwd() }) ?? browserslist.defaults
browserslist.defaults
An array with default queries.
Browserslist caches the configuration it reads from package.json
and
browserslist
files, as well as knowledge about the existence of files,
for the duration of the hosting process.
To clear these caches, use:
1browserslist.clearCaches()
To disable the caching altogether, set the BROWSERSLIST_DISABLE_CACHE
environment variable.
To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.
Available as part of the Tidelift Subscription.
The maintainers of browserslist
and thousands of other packages are working
with Tidelift to deliver commercial support and maintenance for the open source
dependencies you use to build your applications. Save time, reduce risk,
and improve code health, while paying the maintainers of the exact dependencies
you use. Learn more.
1
5.3/10
Summary
Regular Expression Denial of Service in browserslist
Affected Versions
>= 4.0.0, < 4.16.5
Patched Versions
4.16.5
Reason
13 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
Reason
license file detected
Details
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
0 existing vulnerabilities detected
Reason
Found 5/30 approved changesets -- score normalized to 1
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
branch protection not enabled on development/release branches
Details
Reason
security policy file not detected
Details
Reason
project is not fuzzed
Details
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
Score
Last Scanned on 2024-11-11
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn Moreelectron-to-chromium
Provides a list of electron-to-chromium version mappings
update-browserslist-db
CLI tool to update caniuse-lite to refresh target browsers from Browserslist config
caniuse-api
request the caniuse data to check browsers compatibilities
postcss-normalize
Use the parts of normalize.css or sanitize.css you need from your browserslist