freedak/invisible_playwright
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

test: add fpscanner + CreepJS to the offline real-detector gate

Browse Source 
Alongside BotD and FingerprintJS, the detector e2e now runs two more FOSS
client-side detectors against the binary, vendored and served from localhost so it
stays offline on CI. fpscanner: assert its engine-agnostic bot rules (webdriver/
selenium/bot-UA/platform/timezone/language) are clean. CreepJS (the Firefox-aware
one): runs fully offline via window.Fingerprint with every non-loopback request
aborted, asserting headlessRating==0 and no JS-proxy stealth tell. The Chrome-only
and GPU-sensitive signals are logged, not asserted, so a software-WebGL CI host
doesn't false-red. Validated against firefox-10: full e2e 130 green.
This commit is contained in:
feder-cr
2026-06-11 20:19:19 +02:00
parent 3f2834d8c2
commit 090baa6155
4 changed files with 11125 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/vendor/README.md
Vendored
+10 -4
View File
@@ -6,13 +6,19 @@ on a dev box and on a GitHub runner (no external CDN at test time — Firefox
tracking-protection blocks the openfpcdn.io CDN anyway, and we want CI offline).
They are served from a localhost HTTP server and loaded into the patched Firefox;
the tests assert the REAL detectors don't flag the stealth build (BotD: `bot===false`)
and that the fingerprint is stable (FingerprintJS: same `visitorId` across launches).
the tests assert the REAL detectors don't flag the stealth build (BotD: `bot===false`;
fpscanner: engine-agnostic rules clean; CreepJS: `headlessRating===0` + no JS-proxy
tells) and that the fingerprint is stable (FingerprintJS: same `visitorId` across
launches). CreepJS runs fully offline — the tests abort every non-loopback request,
so its optional crowd-comparison POST never fires and the verdict is computed locally.
| File | Package | Version | Source | License |
|---|---|---|---|---|
| `botd-2.0.0.esm.js` | `@fingerprintjs/botd` | 2.0.0 | https://cdn.jsdelivr.net/npm/@fingerprintjs/botd@2.0.0/dist/botd.esm.js | MIT |
| `fingerprintjs-5.2.0.umd.min.js` | `@fingerprintjs/fingerprintjs` | 5.2.0 | https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@5.2.0/dist/fp.umd.min.js | MIT |
| `fpscanner-1.0.6.es.js` | `fpscanner` | 1.0.6 | https://cdn.jsdelivr.net/npm/fpscanner@1.0.6/dist/fpScanner.es.js | MIT |
| `creepjs-10aa672.js` | `abrahamjuliot/creepjs` | git `10aa6724` | https://raw.githubusercontent.com/abrahamjuliot/creepjs/10aa6724cd33a1015db1574211890518cd04f0cc/docs/creep.js | MIT |
Both are MIT (Copyright © FingerprintJS, Inc.). To update: download the pinned
dist from jsdelivr, drop it here, and bump the version in the filename + this table.
All MIT (FingerprintJS Inc. / Antoine Vastel / Abraham Juliot). To update: download
the pinned dist (jsdelivr for npm packages, raw.githubusercontent for CreepJS at a
commit SHA), drop it here, and bump the version in the filename + this table.
tests/vendor/creepjs-10aa672.js
Vendored
+9710
View File
File diff suppressed because one or more lines are too long
tests/vendor/fpscanner-1.0.6.es.js
Vendored
+1253
View File
File diff suppressed because it is too large Load Diff