apunkt/invisible_playwright
1
0
Fork 0
mirror of https://github.com/feder-cr/invisible_playwright.git synced 2026-06-13 08:55:12 +02:00
Code Issues Projects Releases Packages Wiki Activity
invisible_playwright/tests/vendor
History
feder-cr 090baa6155 test: add fpscanner + CreepJS to the offline real-detector gate 
Alongside BotD and FingerprintJS, the detector e2e now runs two more FOSS
client-side detectors against the binary, vendored and served from localhost so it
stays offline on CI. fpscanner: assert its engine-agnostic bot rules (webdriver/
selenium/bot-UA/platform/timezone/language) are clean. CreepJS (the Firefox-aware
one): runs fully offline via window.Fingerprint with every non-loopback request
aborted, asserting headlessRating==0 and no JS-proxy stealth tell. The Chrome-only
and GPU-sensitive signals are logged, not asserted, so a software-WebGL CI host
doesn't false-red. Validated against firefox-10: full e2e 130 green.
2026-06-11 20:19:19 +02:00
..
botd-2.0.0.esm.js test(e2e): run the real detectors (BotD + FingerprintJS OSS) on CI 2026-06-09 17:53:11 +02:00
creepjs-10aa672.js test: add fpscanner + CreepJS to the offline real-detector gate 2026-06-11 20:19:19 +02:00
fingerprintjs-5.2.0.umd.min.js test(e2e): run the real detectors (BotD + FingerprintJS OSS) on CI 2026-06-09 17:53:11 +02:00
fpscanner-1.0.6.es.js test: add fpscanner + CreepJS to the offline real-detector gate 2026-06-11 20:19:19 +02:00
README.md test: add fpscanner + CreepJS to the offline real-detector gate 2026-06-11 20:19:19 +02:00

README.md

Vendored detection libraries (test-only)

These are upstream, unmodified, MIT-licensed browser-fingerprinting / bot-detection libraries, vendored so the detector e2e tests run hermetically and identically on a dev box and on a GitHub runner (no external CDN at test time — Firefox tracking-protection blocks the openfpcdn.io CDN anyway, and we want CI offline).

They are served from a localhost HTTP server and loaded into the patched Firefox; the tests assert the REAL detectors don't flag the stealth build (BotD: bot===false; fpscanner: engine-agnostic rules clean; CreepJS: headlessRating===0 + no JS-proxy tells) and that the fingerprint is stable (FingerprintJS: same visitorId across launches). CreepJS runs fully offline — the tests abort every non-loopback request, so its optional crowd-comparison POST never fires and the verdict is computed locally.

File Package Version Source License
botd-2.0.0.esm.js @fingerprintjs/botd 2.0.0 https://cdn.jsdelivr.net/npm/@fingerprintjs/botd@2.0.0/dist/botd.esm.js MIT
fingerprintjs-5.2.0.umd.min.js @fingerprintjs/fingerprintjs 5.2.0 https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@5.2.0/dist/fp.umd.min.js MIT
fpscanner-1.0.6.es.js fpscanner 1.0.6 https://cdn.jsdelivr.net/npm/fpscanner@1.0.6/dist/fpScanner.es.js MIT
creepjs-10aa672.js abrahamjuliot/creepjs git 10aa6724 https://raw.githubusercontent.com/abrahamjuliot/creepjs/10aa6724cd33a1015db1574211890518cd04f0cc/docs/creep.js MIT

All MIT (FingerprintJS Inc. / Antoine Vastel / Abraham Juliot). To update: download the pinned dist (jsdelivr for npm packages, raw.githubusercontent for CreepJS at a commit SHA), drop it here, and bump the version in the filename + this table.