npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@inqludeit/cmp-b-gone

v0.2.1

Published

QualWeb plugin to dismiss cookie banners during evaluation.

Downloads

16

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

tellustellus

Keywords

Readme

CMP suppression for QualWeb accessibility evaluator tool and other uses

The purpose of this module is to suppress suppress CMP (Consent Management Platform) banners. These "cookie banner" are required on sites operated in the European Union, and are thus present on tonnes of websites.

It was originally designed for use with the QualWeb Web Accessibility Evaluator, but can probably be used in any Puppeteer-based scenario where you want to dismiss cookie banners.

For QualWeb uses, there are at least two good reasons to use the module:

  1. Some websites hide or completely withhold their actual content until consent to a cookie has been given. This plugin enables evaluating those sites with QualWeb by automating the consent action.
  2. Many CMP banners have accessibility issues that are inherent to the implementation, and not the site itself. This causes a skew in the results of sites, giving the impression, for example, that the website has contrast issues when in fact the only component with contrast issues is the banner.

NOTE: this software was built for the explicit purposes of enabling and enhancing automated accessibility testing, NOT to bypass the CMP banner for otherwise normal use of a website. If you use this software to bypass a banner it is presumed that you have accepted all terms of the site's use, including its cookie policy.

Installation

Install it like any other package:

pnpm install @inqludeit/cmp-b-gone

Using with QualWeb

Sometime before calling QualWeb#evaluate():

import { CMPManager } from '@inqludeit/cmp-b-gone';

const cmpManager = await CMPManager.createManager(srcGlobs, includeBuiltIn)

qualweb.use({
  async afterPageLoad(page) {
    await manager.parsePage(page, {
      failOnMissing: true,
    });
  },
});

This will initialise the plugin with all the descriptors present in the package's descriptors folder.

During evaluation, the plugin will try to identify the CMP in use on a site to be evaluated. If it fails to detect any CMP, the evaluation will also be caused to fail. For this reason, we recommend running single URLs through QualWeb, since any missing descriptors will throw for the entire task.

Beyond basic use

As you can see, the minimal use is just a wrapper around CMPManager#parsePage(), called in the afterPageLoad stage of QualWeb's evaluation.

For more advanced scenarios, build your own plugin with the specific steps you require. A few examples follow.

Storing known descriptors between pages

// Initialise the manager with default/built-in descriptors.
const manager = await CMPManager.createManager();

const descriptorCache: DescriptorConsentData[] = [];

const plugin: QualwebPlugin = {
  // Called *after* navigating to the target URL.
  async afterPageLoad(page, url) {
    // Initially, try to suppress the banner using already seen CMPs.
    for (const cachedDescriptor of descriptorCache) {
      const hit = await manager.parsePage(page, {
        descriptor: cachedDescriptor.descriptor,
      });

      if (hit !== null) {
        // Success! CMP should be suppressed, and we don't need to loop over all possible descriptors.
        return;
      }

      // Otherwise, keep looping.
    }

    // If no cached descriptor matched (or the cache is empty), run as normal.
    const descriptor = await manager.parsePage(page, {
      failOnMissing: false,
    })

    if (descriptor === null) {
      throw new Error(`Failed to find a descriptor on ${url}.`);
    }

    // Otherwise, we've found a working descriptor. Cache it for the next page.
    descriptorCache.push(descriptor);
  },
}

Re-using results

CMPManager#parsePage() returns the name of the detected descriptor along with the cookie data were stored when the banner dismissed (that is, consent was given).

By passing that cookie data into a page before loading a target URL, you can effectively suppress the CMP banner for subsequent loads on the same domain.

// Assume this has been filled previously, in a manner similar to the previous example.
const cache: Protocol.Network.Cookie[] = [];

const plugin: QualwebPlugin = {
  // Called by QualWeb *before* navigating to the target URL.
  beforePageLoad(page, url) {
    page.setCookie(...cache);
  },
}

CMP descriptors

We call the object that can identify and bypass a cookie banner a "descriptor".

Out of the box, this package comes bundled with a bunch of descriptors we've written by hand. They are all "simple" descriptors, based exclusively on CSS selectors.

Defining one of the descriptors is simply a matter of creating a new YAML file in the folder dist/descriptors/yaml and filling it out. See the other files in the folder for examples of how to do it.

It's also possible to add descriptors at run-time, by calling CmpManager#addDescriptors() or CmpManager#addFrom(). Descriptors added from code should extend the class CMPDescriptor, and implement the following:

  • isCMPPresent() should return true if the CMP is detected on a page.
  • isCMPActive() should return true if the CMP is active on a page. This differs from detection in that the banner should be visible/present for the user, not just in the DOM.
  • acceptAll() should perform the actual work of bypassing the CMP banner.

In the basic descriptor SimpleCMPDescriptor, all of these are performed using a combination of CSS selectors and the methods exposed on Puppeteer's Page object.

Future descriptors

It would be nice to create a centralized repository of CMP descriptors, like https://cookiedatabase.org, but usable by code.

A note on Puppeteer versions

This plugin is compiled using the latest version of Puppeteer. This may cause typing issues if you are using an older version of Puppeteer where the interface of the Page type is different. Due to the broad way descriptors are designed, it isn't possible to restrict the typing and make older Puppeteer versions work out of the box.

We suggest using the latest Puppeteer in your own project in order to avoid compilation issues. If this is not possible (for example, if QualWeb depends on an older version than the one currently used in this package), consider using overrides/resolutions in your package.json to force use of the same version across all dependencies.

For PNPM:

{
  // Somewhere in your package.json file
  "resolutions": {
    "puppeteer": "^19.4.0" // Or whichever version you want to lock to
  }
}

For NPM:

{
  // Somewhere in your package.json file
  "overrides": {
    "puppeteer": "^19.4.0" // Or whichever version you want to lock to
  }
}

Then re-run pnpm i/npm i/yarn i to update the dependencies.

NOTE: while this will make all parts of your project use the same version of Puppeteer, it may introduce other unexpected effects.