Gathering detailed insights and metrics for ua-parser-js
Gathering detailed insights and metrics for ua-parser-js
"Unmask Your Traffic" - UAParser.js: The Essential Web Development Tool for User-Agent Detection
Installations
npm install ua-parser-jsDeveloper
Developer Guide
BETA
Module System
CommonJS, ESM, UMD
Min. Node Version
*
Typescript Support
Yes
Node Version
18.20.4
NPM Version
10.9.0
Statistics
9,300 Stars
1,183 Commits
1,195 Forks
129 Watching
9 Branches
132 Contributors
Updated on 28 Nov 2024
Bundle Size
21.93 kB
Minified
9.47 kB
Minified + Gzipped
Languages
JavaScript (98.94%)
TypeScript (0.77%)
Shell (0.29%)
Total Downloads
Cumulative downloads
Total Downloads
2,760,939,565
Last day
-7.7%
2,569,420
Compared to previous day
Last week
1.9%
14,679,410
Compared to previous week
Last month
9.4%
61,113,452
Compared to previous month
Last year
12.2%
649,092,337
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
UAParser.js
The most comprehensive, compact, & up-to-date isomorphic JavaScript library to detect user's Browser, Engine, OS, CPU, and Device type/model. Runs either in browser (client-side) or node.js (server-side).
Demo
- Live demo: https://uaparser.dev
Documentation
version 1.x: https://github.com/faisalman/ua-parser-js/tree/1.0.x#documentationversion 2.x: https://docs.uaparser.dev
Before upgrading from v0.7 / v1.0, please read CHANGELOG to
see what's new & breaking.
License Options
| Open-Source Editions | PRO / Commercial Editions | ||||
|---|---|---|---|---|---|
| License options | MIT (v0.7~v1.0) | AGPL (>=v2.0) | PRO Personal | PRO Business | PRO Enterprise |
| Browser detection | ⚠️ | ✅ | ✅ | ✅ | ✅ |
| CPU detection | ⚠️ | ✅ | ✅ | ✅ | ✅ |
| Device detection | ⚠️ | ✅ | ✅ | ✅ | ✅ |
| Engine detection | ⚠️ | ✅ | ✅ | ✅ | ✅ |
| OS detection | ⚠️ | ✅ | ✅ | ✅ | ✅ |
| Bot detection | ❌ | ✅ | ✅ | ✅ | ✅ |
| AI Bot detection | ❌ | ✅ | ✅ | ✅ | ✅ |
| Extras (Apps, Libs, Emails, Media Players, etc) detection | ❌ | ✅ | ✅ | ✅ | ✅ |
| Enhanced detection result | ❌ | ✅ | ✅ | ✅ | ✅ |
| Client Hints support | ❌ | ✅ | ✅ | ✅ | ✅ |
| CommonJS support | ✅ | ✅ | ✅ | ✅ | ✅ |
| ES modules support | ❌ | ✅ | ✅ | ✅ | ✅ |
| npm module | ✅ | ✅ | ✅ | ✅ | ✅ |
| TypeScript declarations | ⚠️ | ✅ | ✅ | ✅ | ✅ |
| Allows commercial use | ✅ | ✅ | ❌ | ✅ | ✅ |
| Permissive (non-copyleft) license | ✅ | ❌ | ✅ | ✅ | ✅ |
| Unlimited use per 1 license | ✅ | ✅ | ✅ | ❌ | ✅ |
| 1-year product support | ❌ | ❌ | ✅ | ✅ | ✅ |
| Lifetime updates | ✅ | ✅ | ✅ | ✅ | ✅ |
| Price | FREE (License) | FREE (License) | $14 (License) | $29 (License) | $599 (License) |
GET THE PRO PACKAGES 📥 | |||||
Development
Contributors
Please read CONTRIBUTING guide first for the instruction details.
Made with contributors-img.
Backers & Sponsors
Support the open-source editions of UAParser.js on OpenCollective or GitHub Sponsors.
Stable Version
The latest stable version of the package.
Stable Version
2.0.0
HIGH
8
HIGH
7.5/10
Summary
ReDoS Vulnerability in ua-parser-js version
Affected Versions
>= 0.8.0, < 1.0.33
Patched Versions
1.0.33
HIGH
7.5/10
Summary
ReDoS Vulnerability in ua-parser-js version
Affected Versions
< 0.7.33
Patched Versions
0.7.33
HIGH
8.8/10
Summary
Embedded malware in ua-parser-js
Affected Versions
= 1.0.0
Patched Versions
1.0.1
HIGH
8.8/10
Summary
Embedded malware in ua-parser-js
Affected Versions
= 0.8.0
Patched Versions
0.8.1
HIGH
8.8/10
Summary
Embedded malware in ua-parser-js
Affected Versions
= 0.7.29
Patched Versions
0.7.30
HIGH
7.5/10
Summary
Regular Expression Denial of Service in ua-parser-js
Affected Versions
< 0.7.22
Patched Versions
0.7.22
HIGH
7.5/10
Summary
ua-parser-js Regular Expression Denial of Service vulnerability
Affected Versions
< 0.7.23
Patched Versions
0.7.23
HIGH
7.5/10
Summary
Regular Expression Denial of Service (ReDoS) in ua-parser-js
Affected Versions
>= 0.7.14, < 0.7.24
Patched Versions
0.7.24
Reason
no binaries found in the repo
Reason
14 different organizations found -- score normalized to 10
Details
- Info: contributors work for MetaParticle,SpongePowered,WirVsVirus-Hackathon-Corona-Calendar,appmotion,clio-lang,coderwall-beaver,coderwall-lemmings100,cyberssl,google,hflabs,iCasa,kivra ab,starship,texas-robocamp
Reason
no dangerous workflow patterns detected
Reason
update tool detected
Details
- Info: Dependabot detected
Reason
project is fuzzed with [OSSFuzz]
Reason
license file detected
Details
- Info: License file found in expected location: LICENSE.md:1
- Info: FSF or OSI recognized license: LICENSE.md:1
Reason
11 commit(s) out of 30 and 4 issue activity out of 30 found in the last 90 days -- score normalized to 10
Reason
publishing workflow detected
Details
- Info: GitHub publishing workflow used in run https://api.github.com/repos/faisalman/ua-parser-js/actions/runs/7736637718: .github/workflows/publish-npm-packages.yml:8
Reason
security policy file detected
Details
- Info: Found linked content in security policy: SECURITY.md
- Info: Found text in security policy: SECURITY.md
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md
- Info: security policy detected in current repo: SECURITY.md
Reason
dependency not pinned by hash detected -- score normalized to 9
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/analysis-codeql.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/faisalman/ua-parser-js/analysis-codeql.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/analysis-codeql.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/faisalman/ua-parser-js/analysis-codeql.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/analysis-codeql.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/faisalman/ua-parser-js/analysis-codeql.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/analysis-dependency.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/faisalman/ua-parser-js/analysis-dependency.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/analysis-dependency.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/faisalman/ua-parser-js/analysis-dependency.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-github-packages.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/faisalman/ua-parser-js/publish-github-packages.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-github-packages.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/faisalman/ua-parser-js/publish-github-packages.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-npm-packages.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/faisalman/ua-parser-js/publish-npm-packages.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-npm-packages.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/faisalman/ua-parser-js/publish-npm-packages.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-ci.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/faisalman/ua-parser-js/test-ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-ci.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/faisalman/ua-parser-js/test-ci.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/publish-npm-packages.yml:20
- Info: Third-party GitHubActions are pinned
- Info: Dockerfile dependencies are pinned
- Info: no insecure (not pinned by hash) dependency downloads found in Dockerfiles
- Info: no insecure (not pinned by hash) dependency downloads found in shell scripts
Reason
non read-only tokens detected in GitHub workflows
Details
- Info: topLevel permissions set to 'read-all': .github/workflows/analysis-codeql.yml:23
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/analysis-codeql.yml:31
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/analysis-codeql.yml:30
- Info: topLevel 'contents' permission set to 'read': .github/workflows/analysis-dependency.yml:11
- Info: topLevel permissions set to 'read-all': .github/workflows/analysis-scorecard.yml:18
- Warn: no topLevel permission defined: .github/workflows/publish-github-packages.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/faisalman/ua-parser-js/publish-github-packages.yml/master?enable=permissions
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/publish-github-packages.yml:11
- Warn: jobLevel 'packages' permission set to 'write': .github/workflows/publish-github-packages.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/faisalman/ua-parser-js/publish-github-packages.yml/master?enable=permissions
- Warn: no topLevel permission defined: .github/workflows/publish-npm-packages.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/faisalman/ua-parser-js/publish-npm-packages.yml/master?enable=permissions
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/publish-npm-packages.yml:11
- Info: topLevel 'contents' permission set to 'read': .github/workflows/test-ci.yml:6
Reason
4 out of 5 merged PRs checked by a CI test -- score normalized to 8
Reason
SAST tool detected but not run on all commmits
Details
- Warn: 0 commits out of 5 are checked with a SAST tool
- Info: SAST tool detected: CodeQL
Reason
badge detected: passing
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'force pushes' disabled on branch 'master'
- Info: 'allow deletion' disabled on branch 'master'
- Warn: settings do not apply to administrators on branch 'master'
- Info: status checks require up-to-date branches for 'master'
- Warn: 'last push approval' disabled on branch 'master'
- Warn: no status checks found to merge onto branch 'master'
- Warn: number of required reviewers is only 1 on branch 'master'
- Info: stale review dismissal enabled on branch 'master'
- Warn: codeowner review is not required on branch 'master'
Reason
5 out of last 30 changesets reviewed before merge -- score normalized to 1
Score
8.1
/10
Last Scanned on 2024-03-19
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More