mirror of
https://github.com/feder-cr/invisible_playwright.git
synced 2026-06-10 08:45:13 +02:00
df4493d553
Instead of only our hand-rolled signal checks, load the actual MIT detection libraries against the patched binary and assert it isn't flagged: - BotD (the client-side bot detector FingerprintJS Pro itself uses): detect() must return bot=false (no automation/headless tell). - FingerprintJS OSS: visitorId present and stable across two fresh launches with the same seed (drift = per-session entropy = a bot tell). Hermetic: the libs are vendored (tests/vendor/, pinned, MIT) and served from a localhost server — no external CDN (Firefox tracking-protection blocks it anyway), no IP/network dependency, runs identically on a dev box and the GitHub runner. Both green locally against firefox-9. |
||
|---|---|---|
| .. | ||
| botd-2.0.0.esm.js | ||
| fingerprintjs-5.2.0.umd.min.js | ||
| README.md | ||
Vendored detection libraries (test-only)
These are upstream, unmodified, MIT-licensed browser-fingerprinting / bot-detection libraries, vendored so the detector e2e tests run hermetically and identically on a dev box and on a GitHub runner (no external CDN at test time — Firefox tracking-protection blocks the openfpcdn.io CDN anyway, and we want CI offline).
They are served from a localhost HTTP server and loaded into the patched Firefox;
the tests assert the REAL detectors don't flag the stealth build (BotD: bot===false)
and that the fingerprint is stable (FingerprintJS: same visitorId across launches).
| File | Package | Version | Source | License |
|---|---|---|---|---|
botd-2.0.0.esm.js |
@fingerprintjs/botd |
2.0.0 | https://cdn.jsdelivr.net/npm/@fingerprintjs/botd@2.0.0/dist/botd.esm.js | MIT |
fingerprintjs-5.2.0.umd.min.js |
@fingerprintjs/fingerprintjs |
5.2.0 | https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@5.2.0/dist/fp.umd.min.js | MIT |
Both are MIT (Copyright © FingerprintJS, Inc.). To update: download the pinned dist from jsdelivr, drop it here, and bump the version in the filename + this table.