Gathering detailed insights and metrics for pa11y-ci
Gathering detailed insights and metrics for pa11y-ci
Installations
npm install pa11y-ciDeveloper
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
>= 12
Typescript Support
No
Node Version
16.20.2
NPM Version
8.19.4
Statistics
527 Stars
106 Commits
65 Forks
12 Watching
6 Branches
28 Contributors
Updated on 13 Nov 2024
Languages
JavaScript (98.94%)
HTML (1.06%)
Total Downloads
Cumulative downloads
Total Downloads
8,278,470
Last day
-9.4%
6,137
Compared to previous day
Last week
-2.1%
34,710
Compared to previous week
Last month
-3.1%
146,522
Compared to previous month
Last year
-3.5%
2,042,769
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
Pa11y CI
Pa11y CI is an accessibility test runner built using Pa11y, designed to run in Continuous Integration environments. Automated testing of your application can help to prevent accessibility issues reaching production.
Use this tool to test against a list of URLs or a sitemap, and report on issues it finds.
Requirements
This command line tool requires a stable (even-numbered) Node.js version of 18 or above.
Pa11y CI 3 and Ubuntu
To use version 3 of Pa11y CI with a version of Ubuntu above 20.04, a path for the Chrome executable must be defined in your Pa11y CI config, as defaults.chromeLaunchConfig.executablePath. Version 4 of Pa11y CI, which will use Pa11y 7 along with a more recent version of Puppeteer, will resolve this issue.
Usage
Pa11y CI is provided as a command line tool, pa11y-ci. To install it globally with npm:
1npm install -g pa11y-ci
1$ pa11y-ci --help 2 3Usage: pa11y-ci [options] <paths> 4 5Options: 6 -V, --version output the version number 7 -c, --config <path> the path to a JSON or JavaScript config file 8 -s, --sitemap <url> the path to a sitemap 9 -f, --sitemap-find <pattern> a pattern to find in sitemaps. Use with --sitemap-replace 10 -r, --sitemap-replace <string> a replacement to apply in sitemaps. Use with --sitemap-find 11 -x, --sitemap-exclude <pattern> a pattern to find in sitemaps and exclude any url that matches 12 -j, --json Output results as JSON 13 -T, --threshold <number> permit this number of errors, warnings, or notices, otherwise fail with exit code 2 14 (default: "0") 15 --reporter <reporter> the reporter to use. Can be a npm module or a path to a local file. 16 -h, --help display help for command
Configuration
Pa11y CI checks the current working directory for a JSON config file named .pa11yci. An example:
1{ 2 "urls": [ 3 "https://pa11y.org/", 4 "https://pa11y.org/contributing" 5 ] 6}
Pa11y CI will visit each URL in the urls array, together with any path provided as a CLI argument. A path can be relative, absolute, or a glob pattern.
Specify a different configuration file, JSON or JavaScript, using the command-line parameter --config:
1pa11y-ci --config path/to/config.json
Default configuration
You can specify a default set of pa11y configurations that should be used for each test run. Attach this to a defaults property in your config; for example:
1{ 2 "defaults": { 3 "timeout": 1000, 4 "viewport": { 5 "width": 320, 6 "height": 480 7 } 8 }, 9 "urls": [ 10 "https://pa11y.org/", 11 "https://pa11y.org/contributing" 12 ] 13}
Pa11y CI supports two additional options here:
concurrency: The number of tests that should be run in parallel. Defaults to1.useIncognitoBrowserContext: Run test with an isolated incognito browser context; stops cookies being shared and modified between tests. Defaults totrue.
URL configuration
A URL can be a string, or an object; in its object form, part or all of the default pa11y configuration can be overridden per URL. For example, this allows the timeout to be increased for a slow-loading page, or to take a screenshot for a page of particular interest:
1{ 2 "defaults": { 3 "timeout": 1000 4 }, 5 "urls": [ 6 "https://pa11y.org/", 7 { 8 "url": "https://pa11y.org/contributing", 9 "timeout": 50000, 10 "screenCapture": "myDir/my-screen-capture.png" 11 } 12 ] 13}
Using a JavaScript configuration file
If a JavaScript configuration file is used, it should be a CommonJS module that exports a configuration object. This can be used to dynamically update configuration parameters, for example taking data from environment variables as shown in the example below.
1module.exports = { 2 defaults: { 3 timeout: 1000, 4 headers: { 5 token: process.env.TOKEN 6 } 7 }, 8 urls: [ 9 "https://pa11y.org/" 10 ] 11};
Sitemaps
Provide a --sitemap argument to retrieve a sitemap and then test each URL within:
1pa11y-ci --sitemap https://pa11y.org/sitemap.xml
Pa11y will be run against the text content of each <loc/> in the sitemap's XML.
[!NOTE] Providing a sitemap will cause the
urlsproperty in your JSON config to be ignored.
Transforming URLs retrieved from a sitemap before testing
Pa11y CI can replace a string within each URL found in a sitemap, before beginning to test. This can be useful when your sitemap contains production URLs, but you'd actually like to test
those pages in another environment. Use the flags --sitemap-find and sitemap-replace:
1pa11y-ci --sitemap https://pa11y.org/sitemap.xml --sitemap-find pa11y.org --sitemap-replace localhost
Excluding URLs
Exclude URLs from the test run with the flag --sitemap-exclude.
Reporters
Pa11y CI includes two reporters:
- (default)
cli, a reporter that outputs pa11y results to the console json, which outputs JSON-formatted results, either to the console or a file
Custom reporters are also supported.
Choose a specific reporter with the flag --reporter. The value of this flag can also be:
- a path to a locally installed npm package (ie:
pa11y-reporter-html) - a path to a local node module; either an absolute path, or one relative to the current working directory (for example
./reporters/my-reporter.js)
Example:
1npm install pa11y-reporter-html --save 2pa11y-ci https://pa11y.org/ --reporter=pa11y-reporter-html
Use multiple reporters
You can use multiple reporters by setting them on the defaults.reporters array in your config. The shorthand cli and json can be included to select the included reporters.
1{ 2 "defaults": { 3 "reporters": [ 4 "cli", // <-- this is the default reporter 5 "pa11y-reporter-html", 6 "./my-local-reporter.js" 7 ] 8 }, 9 "urls": [ 10 "https://pa11y.org/", 11 { 12 "url": "https://pa11y.org/contributing", 13 "timeout": 50000, 14 "screenCapture": "myDir/my-screen-capture.png" 15 } 16 ] 17}
[!NOTE] If the
--reporterflag is provided on the command line, all appearances ofreportersin the config file will be overridden.
Reporter options
Reporters can be configured, when supported, by settings the reporter as an array with its options as the second item:
1{ 2 "defaults": { 3 "reporters": [ 4 "pa11y-reporter-html", 5 ["./my-local-reporter.js", { "option1": true }] // <-- note that this is an array 6 ] 7 }, 8 "urls": [ 9 "https://pa11y.org/", 10 { 11 "url": "https://pa11y.org/contributing", 12 "timeout": 50000, 13 "screenCapture": "myDir/my-screen-capture.png" 14 } 15 ] 16}
The included CLI reporter does not support any options.
The included JSON reporter outputs the results to the console by default. It can also accept a fileName with a relative or absolute file name where the JSON results will be written. Relative file name will be resolved from the current working directory.
1{ 2 "defaults": { 3 "reporters": [ 4 ["json", { "fileName": "./results.json" }] // <-- note that this is an array 5 ] 6 }, 7 "urls": [ 8 "https://pa11y.org/" 9 ] 10}
Write a custom reporter
Pa11y CI reporters use an interface similar to pa11y reporters and support the following optional methods:
beforeAll(urls): called at the beginning of the process.urlsis the URLs array defined in your configafterAll(report)called at the very end of the process with the following arguments:report: pa11y-ci report objectconfig: pa11y-ci configuration object
begin(url): called before processing each URL.urlis the URL being processedresults(results, config)called after pa11y test run with the following arguments:results: pa11y results object URL configuration objectconfig: the current URL configuration object
error(error, url, config): called when a test run fails with the following arguments:error: pa11y error messageurl: the URL being processedconfig: the current URL configuration object
Here is an example of a custom reporter writing pa11y-ci report and errors to files:
1const fs = require('fs'); 2const { createHash } = require('crypto'); 3 4// create a unique filename from URL 5function fileName(url: any, prefix = '') { 6 const hash = createHash('md5').update(url).digest('hex'); 7 return `${prefix}${hash}.json`; 8} 9 10exports.afterAll = function (report) { 11 return fs.promises.writeFile('report.json', JSON.stringify(report), 'utf8'); 12} 13 14// write error details to an individual log for each URL 15exports.error = function (error, url) { 16 const data = JSON.stringify({url, error}); 17 return fs.promises.writeFile(fileName(url, 'error-'), data, 'utf8'); 18}
Configurable reporters
A configurable reporter is a special kind of pa11y-ci reporter exporting a single factory function as its default export.
When initialized, the function receives the user configured options (if any) and pa11y-ci configuration object as argument.
For example, here is a reporter writing all results to a single configurable file:
1// ./my-reporter.js 2 3const fs = require('fs'); 4 5module.exports = function (options) { 6 // initialize an empty report data 7 const customReport = { 8 results: {}, 9 errors: [], 10 violations: 0, 11 } 12 13 const fileName = options.fileName 14 15 return { 16 // add results to the report 17 results(results) { 18 customReport.results[results.pageUrl] = results; 19 customReport.violations += results.issues.length; 20 }, 21 22 // add errors too 23 error(error, url) { 24 customReport.errors.push({ error, url }); 25 }, 26 27 // write everything to a file 28 afterAll() { 29 const data = JSON.stringify(customReport); 30 return fs.promises.writeFile(fileName, data, 'utf8'); 31 } 32 } 33};
1// configuration file 2{ 3 "defaults": { 4 "reporters": [ 5 ["./my-reporter.js", { "fileName": "./my-report.json" }] 6 ] 7 }, 8 "urls": [ 9 ... 10 ] 11}
Docker
If you want to run pa11y-ci in a Docker container then you can use the buildkite/puppeteer image as this installs Chrome and all the required libs to run headless chrome on Linux.
You will need a config.json that sets the --no-sandbox Chromium launch arguments:
1{ 2 "defaults": { 3 "chromeLaunchConfig": { 4 "args": [ 5 "--no-sandbox" 6 ] 7 } 8 }, 9 "urls": [ 10 "https://pa11y.org/", 11 "https://pa11y.org/contributing" 12 ] 13}
And then a Dockerfile that installs pa11y-ci and adds the config.json
1FROM buildkite/puppeteer:v1.15.0 2 3RUN npm install --global --unsafe-perm pa11y-ci 4ADD config.json /usr/config.json 5 6ENTRYPOINT ["pa11y-ci", "-c", "/usr/config.json"]
Tutorials and articles
Here are some useful articles written by Pa11y users and contributors:
Contributing
There are many ways to contribute to Pa11y CI, some of which we describe in the contributing guide for this repo.
If you're ready to contribute some code, clone this repo locally and commit your code on a new branch.
Please write unit tests for your code, and check that everything works by running the following before opening a pull request:
1npm run lint # Lint the code 2npm test # Run every test, reporting coverage
You can also run verifications and tests individually:
1npm run test-unit # Run only the unit tests 2npm run coverage # Run the unit tests, reporting coverage 3npm run test-integration # Run only the integration tests
Support and migration
[!NOTE] We maintain a migration guide to help you migrate between major versions.
When we release a new major version we will continue to support the previous major version for 6 months. This support will be limited to fixes for critical bugs and security issues. If you're opening an issue related to this project, please mention the specific version that the issue affects.
The following table lists the major versions available and, for each previous major version, its end-of-support date, and its final minor version released.
| Major version | Final minor release | Node.js LTS support | Support end date |
|---|---|---|---|
🔜 4 | >= 18 | ||
3 | Imminent | >= 12 (Ubuntu caveat) | May 2024 |
2 | 2.4.2 | >= 8 | 2022-05-26 |
1 | 1.3 | >= 4 | 2018-04-18 |
Licence
Licensed under the Lesser General Public License (LGPL-3.0-only).
Copyright © 2016-2023, Team Pa11y and contributors
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: GNU Lesser General Public License v3.0: LICENSE:0
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/publish.yml:13
Reason
Found 19/22 approved changesets -- score normalized to 8
Reason
6 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-gmwp-3pwc-3j3g
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/pa11y/pa11y-ci/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/pa11y/pa11y-ci/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/pa11y/pa11y-ci/tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/pa11y/pa11y-ci/tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/pa11y/pa11y-ci/tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/pa11y/pa11y-ci/tests.yml/main?enable=pin
- Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
- Info: 3 out of 3 npmCommand dependencies pinned
Reason
SAST tool is not run on all commits -- score normalized to 2
Details
- Warn: 8 commits out of 27 are checked with a SAST tool
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/publish.yml:1
- Warn: no topLevel permission defined: .github/workflows/tests.yml:1
- Info: no jobLevel write permissions found
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
4.7
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More