@skalaio/browser
v0.1.0
Published
Skala client-side secure fingerprinting and anti-tampering library
Readme
Skala Browser Fingerprint SDK
Secure client-side fingerprinting and anti-tampering library for the Skala fraud detection platform.
Provides robust, privacy-preserving browser fingerprinting, anti-spoofing checks, and seamless integration with the Skala TS/Node SDK.
Install
npm install @skalaio/browserQuick Start
Initialize the browser client to collect high-fidelity client indicators, and feed them into your Skala TS/Node SDK client.
import { SkalaBrowserClient } from '@skalaio/browser';
import { Skala } from '@skalaio/node';
// 1. Collect client-side fingerprint on the browser
const browserClient = new SkalaBrowserClient();
const fingerprint = await browserClient.getFingerprint();
// 2. Score request (using main SDK client)
const skala = new Skala({ apiKey: 'sk_live_...' });
const result = await skala.score({
event_type: 'signup',
ip: req.ip,
email: body.email,
device_id: fingerprint.visitorId,
metadata: {
fingerprint_tampered: fingerprint.tampered,
fingerprint_confidence: fingerprint.confidenceScore,
fingerprint_signals: fingerprint.signals,
thumbmark_id: fingerprint.thumbmarkId,
}
});
if (result.decision === 'block') {
// block request
}Secure Fingerprinting & Anti-Spoofing
@skalaio/browser runs a dual-library fingerprinting engine to calculate high-fidelity client indicators:
- Parallel Execution: Executes FingerprintJS and
thumbmarkjsin parallel to achieve multi-source cross-validation and higher accuracy without increasing latency. - Anti-Anti-Browser Detection: Performs real-time anti-tampering checks to identify spoofed environments:
- Headless Detection: Analyzes webdriver flag parameters and headless browser agents.
- Automation Tool Detection: Checks for Selenium, Puppeteer, PhantomJS, and CDC driver array markers.
- Canvas Noise Detection: Double-renders canvas elements and compares pixel buffers to identify canvas-spoofing extensions.
- WebGL Software Renderer: Detects software rasterizer fallbacks (e.g.
llvmpipe) while preventing Mesa driver false positives on physical Linux machines.
const result = await browserClient.getFingerprint();
console.log(result.visitorId); // Secure combined SHA-256 visitor ID
console.log(result.thumbmarkId); // thumbmarkjs cross-validation ID
console.log(result.tampered); // boolean flag indicating spoofing detection
console.log(result.confidenceScore); // trust rating (0.1 to 1.0)
console.log(result.signals); // raw anti-spoofing checks mapLicense
MIT
