npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

headless-detector

v2.0.1

Published

A comprehensive JavaScript library for detecting headless browsers, automation frameworks, and bot activity

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mcborov01mcborov01

Keywords

headlessbrowserdetectorbotautomationpuppeteerplaywrightseleniumwebdrivercdpfingerprinting

Readme

Headless Browser Detector

License: MIT Version CI Tests npm version

A comprehensive JavaScript library for detecting headless browsers, automation frameworks, and bot activity. Built with the latest 2025/2026 detection techniques from industry leaders like Castle.io, DataDome, and FingerprintJS.

Features

  • 🎯 15+ Detection Vectors - Multi-layered approach using various detection methods
  • 🎭 Playwright Detection - Identifies Playwright bindings and exposed functions (NEW 2026)
  • 🔧 Worker UA Check - Compares User-Agent between main thread and Worker (NEW 2026)
  • 😀 Emoji OS Consistency - Verifies emoji rendering matches OS (NEW 2026)
  • 🎨 WebGL Rendering Test - Complex 3D rendering to detect software renderers (NEW 2026)
  • 🔍 Advanced CDP Detection - Identifies Chrome DevTools Protocol usage
  • 🖌️ Fingerprinting - Canvas, Audio Context, and Font detection
  • 📱 Media Checks - WebRTC and MediaDevices availability
  • 🤖 Automation Detection - Selenium, Puppeteer, Playwright identification
  • 📊 Detailed Reporting - Human-readable explanations and risk assessments
  • Easy Integration - Simple API with multiple access methods

Detection Methods

| Method | Impact | Description | |--------|--------|-------------| | WebDriver Detection | High | Checks for navigator.webdriver and automation properties | | CDP Artifacts | Very High | Detects ChromeDriver and CDP connection signals | | Playwright Bindings | Very High | Detects __playwright__binding__, __pwInitScripts (NEW 2026) | | Playwright Exposed Functions | Very High | Detects functions with __installed property (NEW 2026) | | Worker UA Check | High | Compares User-Agent in main thread vs Worker (NEW 2026) | | Emoji OS Consistency | Medium | Verifies emoji rendering matches declared OS (NEW 2026) | | WebGL Rendering Test | Medium | Complex 3D scene rendering test (NEW 2026) | | User-Agent Analysis | High | Identifies automation patterns in browser identification | | Advanced CDP/Runtime | Very High | Error stack trace and Chrome runtime validation | | WebGL Renderer | Medium | Detects software rendering vs hardware GPU | | Media Devices & WebRTC | Medium | Verifies camera/microphone and WebRTC availability | | Browser Fingerprinting | Medium-High | Canvas, Audio Context, and Font detection | | Automation Flags | High | Scans for framework-specific global variables | | Headless Indicators | Medium | Checks window dimensions and permissions |

Installation

NPM (Recommended)

npm install headless-detector

Using in Node.js

Note: This library is designed for browser environments. For Node.js usage, you need a DOM implementation like jsdom:

// Set up jsdom environment first
const { JSDOM } = require('jsdom');
const dom = new JSDOM('<!DOCTYPE html><html><body></body></html>');
global.window = dom.window;
global.document = window.document;
global.navigator = window.navigator;

// Now you can use the detector
const { detectHeadless } = require('headless-detector');
const results = detectHeadless();
console.log('Headless Score:', results.isHeadless);
console.log('Classification:', results.summary.classification);

Using in Browser

You can use the library directly in the browser via CDN or local installation:

Via CDN (Recommended for quick testing):

<script src="https://unpkg.com/headless-detector@1/scripts/headless-detector.js"></script>
<script>
  const results = detectHeadless();
  console.log('Detection Results:', results);
</script>

Via npm install:

<script src="node_modules/headless-detector/scripts/headless-detector.js"></script>
<script>
  const results = detectHeadless();
  console.log('Detection Results:', results);
</script>

Note: When using via npm, ensure your build process or server makes the file accessible, or use a bundler like Webpack/Rollup.

Clone from GitHub

# Clone the repository
git clone https://github.com/andriyshevchenko/headless-detector.git

# Navigate to the detector directory
cd headless-detector

Usage

Basic Usage

// Run detection
const results = detectHeadless();

console.log('Headless Score:', results.isHeadless); // 0.0 - 1.0
console.log('Classification:', results.summary.classification);
console.log('Risk Level:', results.summary.riskLevel);

With Window Attachment (for automation testing)

// Attach results to window for easy access
const results = detectHeadless(true);

// Access from window object
console.log(window.__headlessDetectionScore); // Quick score access
console.log(window.__headlessDetection.summary); // Full summary

Accessing Individual Checks

// Use the HeadlessDetector namespace
const webdriverDetected = window.HeadlessDetector.checks.webdriver();
const cdpDetected = window.HeadlessDetector.checks.cdp();
const userAgent = window.HeadlessDetector.checks.userAgent();

Using Explanations

const detection = detectHeadless(true);

// Get all detection method explanations
console.log(detection.explanations);

// Get specific explanation
console.log(detection.explanations.cdpArtifacts.purpose);
// "Identifies ChromeDriver/CDP-based automation (Puppeteer, Playwright, Selenium 4+)"

Summary Report

const detection = detectHeadless(true);
const summary = detection.summary;

console.log(`Score: ${summary.score}`);
console.log(`Classification: ${summary.classification}`);
console.log(`Risk Level: ${summary.riskLevel}`);
console.log(`Total Issues: ${summary.totalIssues}`);
console.log(`Recommendation: ${summary.recommendation}`);

// Get specific issues
summary.detections.forEach(d => {
  console.log(`${d.severity.toUpperCase()}: ${d.message}`);
});

API Reference

detectHeadless(attachToWindow)

Main detection function.

Parameters:

  • attachToWindow (boolean, optional) - If true, attaches results to window.__headlessDetection

Returns: Object with detection results

{
  isHeadless: 0.17,                    // Score 0.0-1.0
  webdriver: false,                    // WebDriver detected
  automationFlags: {...},              // Automation framework flags
  cdpArtifacts: {...},                 // CDP detection results
  headlessIndicators: {...},           // Headless mode indicators
  userAgentFlags: {...},               // User-Agent analysis
  webglFlags: {...},                   // WebGL renderer info
  advancedChecks: {...},               // Advanced detection methods
  mediaChecks: {...},                  // Media/WebRTC checks
  fingerprintChecks: {...},            // Fingerprinting results
  explanations: {...},                 // Method explanations
  summary: {...},                      // Detection summary
  timestamp: 1738584000000,
  userAgent: "Mozilla/5.0...",
  detectionVersion: "2.1.0"
}

Window Access

When attachToWindow is true:

window.__headlessDetection        // Full detection object
window.__headlessDetectionScore   // Quick score access
window.HeadlessDetector          // Detection namespace
window.HeadlessDetector.checks   // Individual check functions

DOM Attributes

document.documentElement.getAttribute('data-headless-score')     // "0.170"
document.documentElement.getAttribute('data-headless-detected')  // "false"
document.documentElement.getAttribute('data-detection-version')  // "2.1.0"

Demo

Open client/detectors/index.html in your browser to see the interactive demo with real-time detection results.

Score Interpretation

| Score | Classification | Risk Level | Meaning | |-------|---------------|------------|---------| | 0.0 - 0.15 | Normal Browser | Low | Minimal or no automation signals | | 0.15 - 0.3 | Minor Warnings | Low | Some minor indicators present | | 0.3 - 0.5 | Suspicious | Medium | Multiple automation indicators | | 0.5 - 0.7 | Likely Headless | High | Strong automation signals | | 0.7 - 1.0 | Definitely Headless | High | Confirmed automation/headless |

Project Structure

headless-detector/
├── scripts/
│   ├── headless-detector.js    # Main entry point (backward compatible)
│   ├── modules/
│   │   ├── index.js            # Module aggregator
│   │   ├── webdriver.js        # WebDriver detection
│   │   ├── cdp.js              # CDP artifacts detection
│   │   ├── userAgent.js        # User-Agent analysis
│   │   ├── webgl.js            # WebGL renderer checks
│   │   ├── automation.js       # Automation flags
│   │   ├── media.js            # Media/WebRTC checks
│   │   ├── fingerprint.js      # Canvas/audio/font fingerprinting
│   │   ├── worker.js           # Worker UA mismatch
│   │   └── explanations.js     # Check descriptions
│   └── utils/
│       └── hash.js             # Hashing utility
├── react-app/                  # React demo UI
│   ├── src/
│   │   ├── components/         # UI components
│   │   └── hooks/              # React hooks (useHeadlessDetection)
│   └── public/
│       └── headless-detector.js
└── __tests__/
    ├── headless-detector.test.js
    └── modules/                # Per-module unit tests

Browser Support

  • Chrome/Chromium 90+
  • Firefox 88+
  • Edge 90+
  • Safari 14+
  • Opera 76+

Research & References

This detector is based on the latest research from:

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Acknowledgments

  • Research from Castle.io, DataDome, and FingerprintJS
  • Detection techniques from the bot detection community
  • W3C specifications and guidance

Version History

2.0.0 (2026-02-04)

  • 🏗️ Modular Architecture - Refactored into separate detection modules
  • ⚛️ React Demo App - Modern React-based UI with Vite and modular components
  • 🧪 Modular Tests - Split tests by detection module (115+ tests)
  • Optimized WebGL rendering with fixed canvas size and pixel sampling
  • Fixed emoji check schema consistency
  • Fixed React hook mount state tracking

1.2.0 (2026-02-04)

  • 🎭 Playwright Detection - Detects __playwright__binding__, __pwInitScripts and exposed functions
  • 🔧 Worker UA Check - Compares User-Agent between main thread and Worker
  • 😀 Emoji OS Consistency - Verifies emoji rendering matches OS
  • 🎨 WebGL Rendering Test - Complex 3D scene rendering test
  • 18 new unit tests (46 total)
  • Fixed async Worker checks and infinite loop issues

1.0.0 (2026-02-03)

  • Initial stable release with comprehensive headless browser detection
  • 10+ detection vectors for multi-layered approach
  • WebDriver, CDP, and User-Agent detection
  • Advanced CDP/Runtime checks with error stack trace analysis
  • WebGL renderer analysis (software vs hardware GPU)
  • Media Devices and WebRTC availability checks
  • Canvas, Audio Context, and Font fingerprinting
  • Automation framework detection (Selenium, Puppeteer, Playwright, Cypress)
  • Detection explanations and summary reports
  • Detailed risk assessment and classification
  • NPM package with automated testing and publishing

Made with ❤️ for better bot detection