chromeless 正在参加 2021 年度 OSC 中国开源项目评选,请投票支持!
chromeless 在 2021 年度 OSC 中国开源项目评选 中已获得 {{ projectVoteCount }} 票,请投票支持!
2021 年度 OSC 中国开源项目评选 正在火热进行中,快来投票支持你喜欢的开源项目!
2021 年度 OSC 中国开源项目评选 >>> 中场回顾
chromeless 获得 2021 年度 OSC 中国开源项目评选「最佳人气项目」 !
授权协议 MIT License
开发语言 JavaScript
操作系统 跨平台
软件类型 开源软件
所属分类 云计算Serverless 系统
地区 不详
投 递 者 首席测试
适用人群 未知
收录时间 2021-12-02


This project is deprecated in favor for Puppeteer. Thanks to all the contributors who made this project possible.


npm downloads circleci codecov dependencies node semantic-release

Chrome automation made simple. Runs locally or headless on AWS Lambda. (See Demo)

Chromeless can be used to...

  • Run 1000s of browser integration tests in parallel ⚡️
  • Crawl the web & automate screenshots
  • Write bots that require a real browser
  • Do pretty much everything you've used PhantomJS, NightmareJS or Selenium for before


▶️ Try it out

You can try out Chromeless and explore the API in the browser-based demo playground (source).


  1. How it works
  2. Installation
  3. Usage
  4. API Documentation
  5. Configuring Development Environment
  6. FAQ
  7. Contributors
  8. Credits
  9. Help & Community

How it works

With Chromeless you can control Chrome (open website, click elements, fill out forms...) using an elegant API. This is useful for integration tests or any other scenario where you'd need to script a real browser.

There are 2 ways to use Chromeless

  1. Running Chrome on your local computer
  2. Running Chrome on AWS Lambda and controlling it remotely

1. Local Setup

For local development purposes where a fast feedback loop is necessary, the easiest way to use Chromeless is by controlling your local Chrome browser. Just follow the usage guide to get started.

2. Remote Proxy Setup

You can also run Chrome in headless-mode on AWS Lambda. This way you can speed up your tests by running them in parallel. (In Graphcool's case this decreased test durations from ~20min to a few seconds.)

Chromeless comes out of the box with a remote proxy built-in - the usage stays completely the same. This way you can write and run your tests locally and have them be executed remotely on AWS Lambda. The proxy connects to Lambda through a Websocket connection to forward commands and return the evaluation results.


npm install chromeless

Proxy Setup

The project contains a Serverless service for running and driving Chrome remotely on AWS Lambda.

  1. Deploy The Proxy service to AWS Lambda. More details here
  2. Follow the usage instructions here.


Using Chromeless is similar to other browser automation tools. For example:

const { Chromeless } = require('chromeless')

async function run() {
  const chromeless = new Chromeless()

  const screenshot = await chromeless
    .type('chromeless', 'input[name="q"]')

  console.log(screenshot) // prints local file path or S3 url

  await chromeless.end()


Local Chrome Usage

To run Chromeless locally, you need a recent version of Chrome or Chrome Canary installed (version 60 or greater). By default, chromeless will start Chrome automatically and will default to the most recent version found on your system if there's multiple. You can override this behavior by starting Chrome yourself, and passing a flag of launchChrome: false in the Chromeless constructor.

To launch Chrome yourself, and open the port for chromeless, follow this example:

alias canary="/Applications/Google\ Chrome\\ Chrome\ Canary"
canary --remote-debugging-port=9222

Or run Chrome Canary headless-ly:

canary --remote-debugging-port=9222 --disable-gpu --headless

Or run Chrome headless-ly on Windows:

cd "C:\Program Files (x86)\Google\Chrome\Application"
chrome --remote-debugging-port=9222 --disable-gpu --headless

Proxy Usage

Follow the setup instructions here.

Then using Chromeless with the Proxy service is the same as running it locally with the exception of the remote option. Alternatively you can configure the Proxy service's endpoint with environment variables. Here's how.

const chromeless = new Chromeless({
  remote: {
    endpointUrl: '',
    apiKey: 'your-api-key-here',

API Documentation

Chromeless constructor options

Chromeless methods

Chrome methods

Configuring Development Environment


  • NodeJS version 8.2 and greater
  1. Clone this repository
  2. Run npm install
  3. To build: npm run build

Linking this NPM repository

  1. Go to this repository locally
  2. Run npm link
  3. Go to the folder housing your chromeless scripts
  4. Run npm link chromeless

Now your local chromeless scripts will use your local development of chromeless.


How is this different from NightmareJS, PhantomJS or Selenium?

The Chromeless API is very similar to NightmareJS as their API is pretty awesome. The big difference is that Chromeless is based on Chrome in headless-mode, and runs in a serverless function in AWS Lambda. The advantage of this is that you can run hundreds of browsers in parallel, without having to think about parallelisation. Running integration Tests for example is much faster.

I'm new to AWS Lambda, is this still for me?

You still can use this locally without Lambda, so yes. Besides that, here is a simple guide on how to set the lambda function up for Chromeless.

How much does it cost to run Chromeless in production?

The compute price is $0.00001667 per GB-s and the free tier provides 400,000 GB-s. The request price is $0.20 per 1 million requests and the free tier provides 1M requests per month.

This means you can easily execute > 100.000 tests for free in the free tier.

Are there any limitations?

If you're running Chromeless on AWS Lambda, the execution cannot take longer than 5 minutes which is the current limit of Lambda. Besides that, every feature that's supported in Chrome is also working with Chromeless. The maximal number of concurrent function executions is 1000. AWS API Limits

Are there commercial options?

Although Chromeless is the easiest way to get started running Chrome on Lambda, you may not have time to build and manage your own visual testing toolkit. Commercial options include:


Error: Unable to get presigned websocket URL and connect to it.

In case you get an error like this when running the Chromeless client:

{ HTTPError: Response code 403 (Forbidden)
    at (/code/chromeless/node_modules/got/index.js:182:13)
    at process._tickDomainCallback (internal/process/next_tick.js:129:7)
  name: 'HTTPError',
Error: Unable to get presigned websocket URL and connect to it.

Make sure that you're running at least version 1.19.0 of serverless. It is a known issue, that the API Gateway API keys are not setup correctly in older Serverless versions. Best is to run npm run deploy within the project as this will use the local installed version of serverless.

Resource ServerlessDeploymentBucket does not exist for stack chromeless-serverless-dev

In case the deployment of the serverless function returns an error like this:

  Serverless Error ---------------------------------------

  Resource ServerlessDeploymentBucket does not exist for stack chromeless-serverless-dev

Please check, that there is no stack with the name chromeless-serverless-dev existing yet, otherwise serverless can't correctly provision the bucket.

No command gets executed

In order for the commands to be processed, make sure, that you call one of the commands screenshot, evaluate, cookiesGetAll or end at the end of your execution chain.


A big thank you to all contributors and supporters of this repository 💚

joelgriffith adieuadieu schickling timsuchanek Chrisgozd criticalbh d2s emeth- githubixx hax Hazealign joeyvandijk liady matthewmueller seangransee sorenbs toddwprice vladgolubev


Help & Community Slack Status

Join our Slack community if you run into issues or have questions. We love talking to you!





点击引领话题📣 发布并加入讨论🔥
{{o.pubDate | formatDate}}


{{parseInt(o.replyCount) | bigNumberTransform}}
{{parseInt(o.viewCount) | bigNumberTransform}}
{{o.pubDate | formatDate}}


{{parseInt(o.replyCount) | bigNumberTransform}}
{{parseInt(o.viewCount) | bigNumberTransform}}
Async 安全漏洞
Async是英国Caolan McMahon个人开发者的一个实用模块。用于使用异步 JavaScript。 Async 3.2.1 及之前版本存在安全漏洞,该漏洞源于 mapValues() 方法。攻击者可通过 mapValues() 方法获取权限。
CVE-2021-43138 MPS-2021-34434
2022-08-08 19:09
handlebars 安全漏洞
handlebars是一款语义化的Web模板系统。 handlebars 4.7.7之前版本存在安全漏洞,该漏洞源于当选择某些编译选项来编译来自不可信源的模板时,容易受到原型污染的影响。
CVE-2021-23383 MPS-2021-6180
2022-08-08 19:09
handlebars 存在MAID漏洞
handlebars 是 Mustache 模板语言的扩展。此软件包的受影响版本容易受到原型污染。
2022-08-08 19:09
lodash 存在拒绝服务漏洞
lodash 是一个现代 JavaScript 实用程序库,提供模块化、性能和附加功能。由于对 CVE-2020-8203 的修复不完整,此软件包的受影响版本容易受到 zipObjectDeep 中的原型污染。
2022-08-08 19:09
Joyent Node.js atob 安全漏洞
Joyent Node.js是美国Joyent公司的一套建立在Google V8 JavaScript引擎之上的网络应用平台。atob是其中的一个使用Buffer模拟浏览器ATOB功能的模块。 Joyent Node.js 4.x及之前版本上的atob 2.0.3及之前版本中存在安全漏洞,该漏洞源于程序分配了未初始化的缓冲区。攻击者可利用该漏洞从未初始化的内存中提取敏感信息或造成拒绝服务。
CVE-2018-3745 MPS-2018-6615
2022-08-08 19:09
npm node-fetch 安全漏洞
node-fetch 2.6.1和3.0.0-beta版本中存在安全漏洞。该漏洞源于内容大小超过限制时,将永远不会抛出FetchError。
CVE-2020-15168 MPS-2020-12719
2022-08-08 19:09
stevemao trim-off-newlines 处理逻辑错误漏洞
trim-off-newlines是NPM的用于删除换行符。 stevemao trim-off-newlines存在处理逻辑错误漏洞,该漏洞源于所有版本的 trim-off-newlines 都容易通过字符串处理受到正则表达式拒绝服务 (ReDoS) 的攻击。
CVE-2021-23425 MPS-2021-17627
2022-08-08 19:09
extend module 输入验证错误漏洞
extend module是一个jQuery的经典extend()方法的端口。 deep-extend node模块0.5.0及之前版本中的‘utilities’函数存在输入验证错误漏洞。攻击者可利用该漏洞造成服务器崩溃或返回500。
CVE-2018-3750 MPS-2018-8705
2022-08-08 19:09
mixin-deep 参数注入漏洞
mixin-deep是一款能够将对象属性混合到第一个对象中的模块。 mixin-deep 1.3.2之前版本和2.0.0版本中存在参数注入漏洞。该漏洞源于外部输入数据构造命令参数的过程中,网络系统或产品未正确过滤参数中的特殊字符。攻击者可利用该漏洞执行非法命令。
CVE-2019-10746 MPS-2019-10507
2022-08-08 19:09
marked 存在拒绝服务漏洞
标记是一个低级编译器,用于解析降价而不需要长时间缓存或阻塞。此软件包的受影响版本容易受到正则表达式拒绝服务 (ReDoS) 的攻击。
2022-08-08 19:09
marked 存在拒绝服务漏洞
标记是一个低级编译器,用于解析降价而不需要长时间缓存或阻塞。此软件包的受影响版本容易受到正则表达式拒绝服务 (ReDoS) 的攻击。
2022-08-08 19:09
mem 存在拒绝服务漏洞
mem 是一种优化,用于通过缓存具有相同输入的调用结果来加速连续函数调用。此软件包的受影响版本容易受到拒绝服务 (DoS) 的攻击。
2022-08-08 19:09
js-yaml 存在代码注入漏洞
js-yaml 是一种人性化的数据序列化语言。此软件包的受影响版本容易受到任意代码执行的影响。
2022-08-08 19:09
extend module 注入漏洞
extend module是一个jQuery的经典extend()方法的端口。 extend 2.0.2之前版本和3.0.0版本至3.0.2版本中存在注入漏洞,该漏洞源于用户输入构造命令、数据结构或记录的操作过程中,网络系统或产品缺乏对用户输入数据的正确验证,未过滤或未正确过滤掉其中的特殊元素,导致系统或产品产生解析或解释方式错误。
CVE-2018-16492 MPS-2019-1232
2022-08-08 19:09
Npm Braces资源管理错误漏洞
Npm Braces是美国Npm公司的一个应用程序。Bash的括号扩展,以JavaScript实现。 Braces 2.3.1之前版本存在安全漏洞,攻击者可利用该漏洞使用正则表达式拒绝服务(ReDoS)攻击。
CVE-2018-1109 MPS-2021-3692
2022-08-08 19:09
github ws 资源管理错误漏洞
github ws是一个应用软件。一种易于使用,运行迅速且经过全面测试的WebSocket客户端和服务器实现的方法。 漏洞版本中“Sec-Websocket-Protocol”标头的一个特殊的值可以用来显著降低ws服务器的速度,从而导致拒绝服务漏洞。
CVE-2021-32640 MPS-2021-7109
2022-08-08 19:09
npm bl 缓冲区错误漏洞
npm bl 4.x系列中4.0.3之前版本,3.x系列中3.0.1之前版本,2.x系列中2.2.1之前版本存在安全漏洞,攻击者可以通过恶意输入导致越界读。
CVE-2020-8244 MPS-2020-12199
2022-08-08 19:09
Google chrome-launcher 操作系统命令注入漏洞
Google chrome-launcher是美国谷歌(Google)公司的一款用于从Node.js启动Chrome浏览器的启动器。 Google chrome-launcher(所有版本)中存在操作系统命令注入漏洞。攻击者可通过控制Linux操作系统中的$ HOME环境变量利用该漏洞执行任意命令。
CVE-2020-7645 MPS-2020-6969
2022-08-08 19:09
handlebars 存在拒绝服务漏洞
handlebars 是 Mustache 模板语言的扩展。此软件包的受影响版本容易受到原型污染。
2022-08-08 19:09
lodash node模块安全漏洞
lodash node module是一款开源的JavaScript实用程序库,它主要提供模块化等功能。 lodash node模块4.17.5之前版本中存在安全漏洞。远程攻击者可借助‘defaultsDeep’、‘merge’和‘mergeWith’函数利用该漏洞造成拒绝服务(崩溃或返回500错误)并可能执行代码。
CVE-2018-3721 MPS-2018-7315
2022-08-08 19:09
0 评论
0 收藏