npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

bot-blocker

v1.1.1

Published

uses fingerprinting to stop bots in their tracks

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

tomaitkentomaitken

Keywords

fingerprintingbot-detectionbotsfingerprint

Readme

Bot-Blocker

A browser fingerprinting tool for blocking bot activity that builds on existing open-source tools and projects. In early stages of testing. Defeats the latest version of this: https://www.npmjs.com/package/puppeteer-extra-plugin-stealth (caveat: haven't tested all scenarios).

Overview & Acknowledgments

I decided to start this project upon noticing that most of the open-source projects similar to this have been discontinued or made proprietary. The main purpose of this tool is for web developers to instantly identify non-human clients of all stripes, from elementary bots to clients running Selenium or Puppeteer with the stealth plugin. Used in tandem, the two files in this repo can be used while rendering a given webpage to distinguish a client using a standard browser from a client either making requests outside of a browser context or using tools like Selenium, PhantomJS or Puppeteer. The fpCollect.js program, like the one on which it is based (https://github.com/antoinevastel/fp-collect), can also be used for general user fingerprinting. The properties acquired may be useful for sending specific alerts or checking for a consistent user profile over time.

This project is most influenced by the following two repos, by the same author: https://github.com/antoinevastel/fp-collect and https://github.com/antoinevastel/fpscanner. My fpCollect.js file has only minor modifications from the homonymous file in the first of these, although my fpEvaluate.js file is significantly different from Vastel's fpScanner. I have dramatically simplified the overall structure (with an eye for creating a fast and efficient practical tool), removed some browser tests which seem outdated or are otherwise less solid, and added several large browser tests based on insights from here (https://github.com/LukasDrgon/fingerprintjs2/blob/master/fingerprint2.js) and here (https://github.com/paulirish/headless-cat-n-mouse).

I am early in the testing phase. I need to do more rigorous testing to eliminate false positives (i.e. identifying clients as bots who are using their browser legitimately), but the good news is that I have determined that my evaluation procedure can identify Puppeteer clients using the latest version of this (https://www.npmjs.com/package/puppeteer-extra-plugin-stealth), with all evasions enabled. The bad news is that I know how to improve the Stealth plugin to get around my evaluation... At the same time, there are subtler statistical clues that could be used in fingerprinting which would be much harder to get around through the kinds of techniques used by that plugin. That will be a future direction for development.

Basic Usage

Download Files

See example.html for basic usage with files downloaded.

NPM & CDN

On NPM here: https://www.npmjs.com/package/bot-blocker. Access files statically here (https://unpkg.com/[email protected]/fpEvaluate.js) & here (https://unpkg.com/[email protected]/fpCollect.js).

Strategic Advice

In the project I'm currently working on, I'm using this tool in the context of the following strategy:

upon first request made by unexamined or expired client:
     set client_examined = True somehow (via session or whatever)
     interrupt request & instead serve response similar to example.html ['request_str' parameter stores the intended url, encoded in a hash which uses dynamic info]
     if not bot, then retrieve intended url while processing request to GEN_SESSION_ROUTE and redirect to the destination of the initial request

There are other ways to do similar. This is perhaps the simplest, or close to it.