🦔 Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-preset-env
Installations
npm install browserslist
Developer
Developer Guide
Module System
UMD
Min. Node Version
^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7
Typescript Support
Yes
Node Version
22.4.1
NPM Version
10.8.1
Statistics
13,047 Stars
1,439 Commits
716 Forks
138 Watching
3 Branches
179 Contributors
Updated on 27 Nov 2024
Bundle Size
76.40 kB
Minified
17.44 kB
Minified + Gzipped
Languages
JavaScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
10,318,974,301
Last day
-3.1%
11,589,305
Compared to previous day
Last week
3.4%
63,166,901
Compared to previous week
Last month
18.3%
253,643,298
Compared to previous month
Last year
15.4%
2,496,329,724
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Browserslist
The config to share target browsers and Node.js versions between different front-end tools. It is used in:
- Autoprefixer
- Babel
- postcss-preset-env
- eslint-plugin-compat
- stylelint-no-unsupported-browser-features
- postcss-normalize
- obsolete-webpack-plugin
All tools will find target browsers automatically,
when you add the following to package.json
:
1 "browserslist": [ 2 "defaults and fully supports es6-module", 3 "maintained node versions" 4 ]
Or in .browserslistrc
config:
1# Browsers that we support 2 3defaults and fully supports es6-module 4maintained node versions
Developers set their version lists using queries like last 2 versions
to be free from updating versions manually.
Browserslist will use caniuse-lite
with Can I Use data for this queries.
You can check how config works at our playground: browsersl.ist
Table of Contents
- Tools
- Best Practices
- Queries
- Config File
- Shareable Configs
- Configuring for Different Environments
- Custom Usage Data
- JS API
- Environment Variables
- Cache
- Security Contact
- For Enterprise
Sponsors
Browserslist needs your support. We are accepting donations at Open Collective.
Tools
Analyze your Browserslist Config
- Run
npx browserslist
in your project directory to see project’s target browsers. This CLI tool is built-in and available in any project with Autoprefixer. browserslist-lint
checks your config for popular mistakes.
Update caniuse-lite
update-browserslist-db
is a CLI tool to update browsers DB for queries likelast 2 version
or>1%
.browserslist-update-action
is a GitHub Action to automatically runupdate-browserslist-db
and proposes a pull request to merge updates.
Show “We do not support your browser” Banner
browserslist-useragent-regexp
compiles Browserslist query to a RegExp to test browser useragent.browserslist-useragent-ruby
is a Ruby library to check browser by user agent string to match Browserslist.
Get Statistics for >5% in my stats
:
browserslist-ga
andbrowserslist-ga-export
download your website browsers statistics to use it in> 0.5% in my stats
query.browserslist-new-relic
generates a custom usage data file for Browserslistbrowserslist-adobe-analytics
uses Adobe Analytics data to target browsers from your New Relic Browser data.
Others
browserslist-rs
is a Browserslist port to Rust.browserslist-browserstack
runs BrowserStack tests for all browsers in Browserslist config.
Text Editors
These extensions will add syntax highlighting for .browserslistrc
files.
Best Practices
-
There is a
defaults
query, which gives a reasonable configuration for most users:1 "browserslist": [ 2 "defaults" 3 ]
-
If you want to change the default set of browsers, we recommend including
last 2 versions, not dead, > 0.2%
. This is becauselast n versions
on its own does not add popular old versions, while only using a percentage of usage numbers above0.2%
will in the long run make popular browsers even more popular. We might run into a monopoly and stagnation situation, as we had with Internet Explorer 6. Please use this setting with caution. -
Select browsers directly (
last 2 Chrome versions
) only if you are making a web app for a kiosk with one browser. There are a lot of browsers on the market. If you are making general web app you should respect browsers diversity. -
Don’t remove browsers just because you don’t know them. Opera Mini has 100 million users in Africa and it is more popular in the global market than Microsoft Edge. Chinese QQ Browsers has more market share than Firefox and desktop Safari combined.
Queries
Browserslist will use browsers and Node.js versions query from one of these sources:
.browserslistrc
config file in current or parent directories.browserslist
key inpackage.json
file in current or parent directories.browserslist
config file in current or parent directories.BROWSERSLIST
environment variable.- If the above methods did not produce a valid result
Browserslist will use defaults:
> 0.5%, last 2 versions, Firefox ESR, not dead
.
Query Composition
An or
combiner can use the keyword or
as well as ,
.
last 1 version or > 1%
is equal to last 1 version, > 1%
.
and
query combinations are also supported to perform an
intersection of all the previous queries:
last 1 version or chrome > 75 and > 1%
will select
(browser last version
or Chrome since 76
) and more than 1% marketshare
.
There are 3 different ways to combine queries as depicted below. First you start with a single query and then we combine the queries to get our final list.
Obviously you can not start with a not
combiner, since there is no left-hand
side query to combine it with. The left-hand is always resolved as and
combiner even if or
is used (this is an API implementation specificity).
Query combiner type | Illustration | Example |
---|---|---|
or /, combiner (union) | > .5% or last 2 versions > .5%, last 2 versions | |
and combiner (intersection) | > .5% and last 2 versions | |
not combiner (relative complement) | These three are equivalent to one another: > .5% and not last 2 versions > .5% or not last 2 versions > .5%, not last 2 versions |
A quick way to test your query is to do npx browserslist '> 0.3%, not dead'
in your terminal.
Full List
You can specify the browser and Node.js versions by queries (case insensitive):
defaults
: Browserslist’s default browsers (> 0.5%, last 2 versions, Firefox ESR, not dead
).- By usage statistics:
> 5%
: browsers versions selected by global usage statistics.>=
,<
and<=
work too.> 5% in US
: uses USA usage statistics. It accepts two-letter country code.> 5% in alt-AS
: uses Asia region usage statistics. List of all region codes can be found atcaniuse-lite/data/regions
.> 5% in my stats
: uses custom usage data.> 5% in browserslist-config-mycompany stats
: uses custom usage data frombrowserslist-config-mycompany/browserslist-stats.json
.cover 99.5%
: most popular browsers that provide coverage.cover 99.5% in US
: same as above, with two-letter country code.cover 99.5% in my stats
: uses custom usage data.
- Last versions:
last 2 versions
: the last 2 versions for each browser.last 2 Chrome versions
: the last 2 versions of Chrome browser.last 2 major versions
orlast 2 iOS major versions
: all minor/patch releases of last 2 major versions.
dead
: browsers without official support or updates for 24 months. Right now it isIE 11
,IE_Mob 11
,BlackBerry 10
,BlackBerry 7
,Samsung 4
,OperaMobile 12.1
and all versions ofBaidu
.- Node.js versions:
node 10
andnode 10.4
: selects latest Node.js10.x.x
or10.4.x
release.last 2 node versions
: select 2 latest Node.js releases.last 2 node major versions
: select 2 latest major-version Node.js releases.current node
: Node.js version used by Browserslist right now.maintained node versions
: all Node.js versions, which are still maintained by Node.js Foundation.
- Browsers versions:
iOS 7
: the iOS browser version 7 directly. Note, thatop_mini
has special versionall
.Firefox > 20
: versions of Firefox newer than 20.>=
,<
and<=
work too. It also works with Node.js.ie 6-8
: selects an inclusive range of versions.Firefox ESR
: the latest Firefox Extended Support Release.PhantomJS 2.1
andPhantomJS 1.9
: selects Safari versions similar to PhantomJS runtime.
extends browserslist-config-mycompany
: take queries frombrowserslist-config-mycompany
npm package.- By browser support:
In these example querieses6
andes6-module
are the thefeat
parameter from the URL of the Can I Use page. A list of all available features can be found atcaniuse-lite/data/features
.fully supports es6
: browsers with full support for specific features. For example,fully supports css-grid
will omit Edge 12-15, as those browser versions are marked as having partial support.partially supports es6-module
orsupports es6-module
: browsers with full or partial support for specific features. For example,partially supports css-grid
will include Edge 12-15 support, as those browser versions are marked as having partial support.
browserslist config
: the browsers defined in Browserslist config. Useful in Differential Serving to modify user’s config likebrowserslist config and fully supports es6-module
.since 2015
orlast 2 years
: all versions released since year 2015 (alsosince 2015-03
andsince 2015-03-10
).unreleased versions
orunreleased Chrome versions
: alpha and beta versions.not ie <= 8
: exclude IE 8 and lower from previous queries.
You can add not
to any query.
Grammar Definition
There is a grammar specification about the query syntax, which may be helpful if you're implementing a parser or something else.
Debug
Run npx browserslist
in a project directory to see which browsers were selected
by your queries.
1$ npx browserslist 2and_chr 61 3and_ff 56 4and_qq 1.2 5and_uc 11.4 6android 56 7baidu 7.12 8bb 10 9chrome 62 10edge 16 11firefox 56 12ios_saf 11 13opera 48 14safari 11 15samsung 5
Browsers
The following table maps browser names & their target devices into identifiers used by browserslist.
Browser Name | Desktop | Android | iOS | Other Mobile |
---|---|---|---|---|
Android (WebView) | Android | |||
Baidu | Baidu | |||
BlackBerry | BlackBerry bb | |||
Chrome | Chrome | ChromeAndroid and_chr | ↪︎ ios_saf 2 | |
Edge | Edge | ↪︎ and_chr | ↪︎ ios_saf 2 | |
Electron | Electron | |||
Firefox | Firefox ff | FirefoxAndroid and_ff | ↪︎ ios_saf 2 | |
Internet Explorer | Explorer ie | ie_mob | ||
Node.js | Node | |||
KaiOS Browser | kaios | |||
Opera | Opera | op_mob 1 | ↪︎ ios_saf 2 | |
Opera Mini3 | OperaMini op_mini | |||
QQ browser | and_qq | |||
Safari | Safari | iOS ios_saf | ||
Samsung Internet | Samsung | |||
UC Browser | UCAndroid and_uc |
↪︎ name
implies that the browser uses the same engine captured byname
- 1 Opera Mobile ≈ Chrome Android
- 2 All iOS browsers use WebKit
- 3 Opera Mini has 2 modes “Extreme” and “High” for data saving.
op_mini
targets at the “Extreme” one. “High” is compatible with the normal Opera Mobile.
Config File
package.json
If you want to reduce config files in project root, you can specify
browsers in package.json
with browserslist
key:
1{ 2 "private": true, 3 "dependencies": { 4 "autoprefixer": "^6.5.4" 5 }, 6 "browserslist": [ 7 "last 1 version", 8 "> 1%", 9 "not dead" 10 ] 11}
.browserslistrc
Separated Browserslist config should be named .browserslistrc
and have browsers queries split by a new line.
Each line is combined with the or
combiner. Comments starts with #
symbol:
1# Browsers that we support 2 3last 1 version 4> 1% 5not dead # no browsers without security updates
Browserslist will check config in every directory in path
.
So, if tool process app/styles/main.css
, you can put config to root,
app/
or app/styles
.
You can specify direct path in BROWSERSLIST_CONFIG
environment variables.
Shareable Configs
You can use the following query to reference an exported Browserslist config from another package:
1 "browserslist": [ 2 "extends browserslist-config-mycompany" 3 ]
For security reasons, external configuration only supports packages that have
the browserslist-config-
prefix. npm scoped packages are also supported, by
naming or prefixing the module with @scope/browserslist-config
, such as
@scope/browserslist-config
or @scope/browserslist-config-mycompany
.
If you don’t accept Browserslist queries from users, you can disable the
validation by using the or BROWSERSLIST_DANGEROUS_EXTEND
environment variable.
1BROWSERSLIST_DANGEROUS_EXTEND=1 npx webpack
Because this uses npm
's resolution, you can also reference specific files
in a package:
1 "browserslist": [ 2 "extends browserslist-config-mycompany/desktop", 3 "extends browserslist-config-mycompany/mobile" 4 ]
When writing a shared Browserslist package, just export an array.
browserslist-config-mycompany/index.js
:
1module.exports = [ 2 'last 1 version', 3 '> 1%', 4 'not dead' 5]
You can also include a browserslist-stats.json
file as part of your shareable
config at the root and query it using
> 5% in browserslist-config-mycompany stats
. It uses the same format
as extends
and the dangerousExtend
property as above.
You can export configs for different environments and select environment
by BROWSERSLIST_ENV
or env
option in your tool:
1module.exports = { 2 development: [ 3 'last 1 version' 4 ], 5 production: [ 6 'last 1 version', 7 '> 1%', 8 'not dead' 9 ] 10}
Configuring for Different Environments
You can also specify different browser queries for various environments.
Browserslist will choose query according to BROWSERSLIST_ENV
or NODE_ENV
variables. If none of them is declared, Browserslist will firstly look
for production
queries and then use defaults.
In package.json
:
1 "browserslist": { 2 "production": [ 3 "> 1%", 4 "not dead" 5 ], 6 "modern": [ 7 "last 1 chrome version", 8 "last 1 firefox version" 9 ], 10 "ssr": [ 11 "node 12" 12 ] 13 }
In .browserslistrc
config:
1[production] 2> 1% 3not dead 4 5[modern] 6last 1 chrome version 7last 1 firefox version 8 9[ssr] 10node 12
Custom Usage Data
If you have a website, you can query against the usage statistics of your site.
browserslist-ga
will ask access to Google Analytics and then generate
browserslist-stats.json
:
npx browserslist-ga
Or you can use browserslist-ga-export
to convert Google Analytics data without giving a password for Google account.
You can generate usage statistics file by any other method. File format should be like:
1{ 2 "ie": { 3 "6": 0.01, 4 "7": 0.4, 5 "8": 1.5 6 }, 7 "chrome": { 8 … 9 }, 10 … 11}
Note that you can query against your custom usage data while also querying
against global or regional data. For example, the query
> 1% in my stats, > 5% in US, 10%
is permitted.
JS API
1const browserslist = require('browserslist') 2 3// Your CSS/JS build tool code 4function process (source, opts) { 5 const browsers = browserslist(opts.overrideBrowserslist, { 6 stats: opts.stats, 7 path: opts.file, 8 env: opts.env 9 }) 10 // Your code to add features for selected browsers 11}
Queries can be a string "> 1%, not dead"
or an array ['> 1%', 'not dead']
.
If a query is missing, Browserslist will look for a config file.
You can provide a path
option (that can be a file) to find the config file
relatively to it.
Options:
path
: file or a directory path to look for config file. Default is.
.env
: what environment section use from config. Default isproduction
.stats
: custom usage statistics data.config
: path to config if you want to set it manually.ignoreUnknownVersions
: do not throw on direct query (likeie 12
). Default isfalse
.dangerousExtend
: Disable security checks forextend
query. Default isfalse
.throwOnMissing
: throw an error if env is not found. Default isfalse
.mobileToDesktop
: Use desktop browsers if Can I Use doesn’t have data about this mobile version. Can I Use has only data about latest versions of mobile browsers. By default,last 2 and_ff versions
returnsand_ff 90
and with this option it returnsand_ff 91, and_ff 90
. This option may lead to unknown browser version error (in example Can I Use doesn’t have data forand_ff 91
yet). Default isfalse
.
For non-JS environment and debug purpose you can use CLI tool:
1browserslist "> 1%, not dead"
You can get total users coverage for selected browsers by JS API:
1browserslist.coverage(browserslist('> 1%')) 2//=> 81.4
1browserslist.coverage(browserslist('> 1% in US'), 'US') 2//=> 83.1
1browserslist.coverage(browserslist('> 1% in my stats'), 'my stats') 2//=> 83.1
1browserslist.coverage(browserslist('> 1% in my stats', { stats }), stats) 2//=> 82.2
Or by CLI:
1$ browserslist --coverage "> 1%" 2These browsers account for 81.4% of all users globally
1$ browserslist --coverage=US "> 1% in US" 2These browsers account for 83.1% of all users in the US
1$ browserslist --coverage "> 1% in my stats" 2These browsers account for 83.1% of all users in custom statistics
1$ browserslist --coverage "> 1% in my stats" --stats=./stats.json 2These browsers account for 83.1% of all users in custom statistics
Environment Variables
If a tool uses Browserslist inside, you can change the Browserslist settings with environment variables:
-
BROWSERSLIST
with browsers queries.1BROWSERSLIST="> 5%" npx webpack
-
BROWSERSLIST_CONFIG
with path to config file.1BROWSERSLIST_CONFIG=./config/browserslist npx webpack
-
BROWSERSLIST_ENV
with environments string.1BROWSERSLIST_ENV="development" npx webpack
-
BROWSERSLIST_STATS
with path to the custom usage data for> 1% in my stats
query.1BROWSERSLIST_STATS=./config/usage_data.json npx webpack
-
BROWSERSLIST_DISABLE_CACHE
if you want to disable config reading cache.1BROWSERSLIST_DISABLE_CACHE=1 npx webpack
-
BROWSERSLIST_DANGEROUS_EXTEND
to disable security shareable config name check.1BROWSERSLIST_DANGEROUS_EXTEND=1 npx webpack
-
BROWSERSLIST_ROOT_PATH
to prevent reading files above this path.1BROWSERSLIST_ROOT_PATH=. npx webpack
browserslist.coverage()
Return browsers market coverage.
1const browsers = browserslist('> 1% in US') 2browserslist.coverage(browsers, 'US') //=> 83.1
browserslist.loadConfig()
It is like calling browserslist()
, but it returns config’s queries,
not browsers.
1browserslist.loadConfig({ path: process.cwd() }) ?? browserslist.defaults
browserslist.defaults
An array with default queries.
Cache
Browserslist caches the configuration it reads from package.json
and
browserslist
files, as well as knowledge about the existence of files,
for the duration of the hosting process.
To clear these caches, use:
1browserslist.clearCaches()
To disable the caching altogether, set the BROWSERSLIST_DISABLE_CACHE
environment variable.
Security Contact
To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.
For Enterprise
Available as part of the Tidelift Subscription.
The maintainers of browserslist
and thousands of other packages are working
with Tidelift to deliver commercial support and maintenance for the open source
dependencies you use to build your applications. Save time, reduce risk,
and improve code health, while paying the maintainers of the exact dependencies
you use. Learn more.
Browsers Data Updating
Stable Version
The latest stable version of the package.
Stable Version
4.24.2
MODERATE
1
5.3/10
Summary
Regular Expression Denial of Service in browserslist
Affected Versions
>= 4.0.0, < 4.16.5
Patched Versions
4.16.5
Reason
no dangerous workflow patterns detected
Reason
16 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
0 existing vulnerabilities detected
Reason
Found 5/28 approved changesets -- score normalized to 1
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/release.yml:7
- Info: topLevel 'contents' permission set to 'read': .github/workflows/test.yml:8
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/browserslist/browserslist/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/browserslist/browserslist/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/browserslist/browserslist/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/browserslist/browserslist/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/browserslist/browserslist/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/browserslist/browserslist/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/browserslist/browserslist/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/browserslist/browserslist/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/browserslist/browserslist/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/browserslist/browserslist/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/browserslist/browserslist/test.yml/main?enable=pin
- Info: 0 out of 7 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 4 third-party GitHubAction dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 7 are checked with a SAST tool
Score
4.5
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn MoreOther packages similar to browserslist
update-browserslist-db
CLI tool to update caniuse-lite to refresh target browsers from Browserslist config
@wordpress/browserslist-config
WordPress Browserslist shared configuration.
@github/browserslist-config
The GitHub browserslist config.
@roots/browserslist-config
Browserslist configuration