← Home

happy-dom

npm Repository Homepage

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. It includes many web standards from WHATWG DOM and HTML.

9
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

davidortner

Keywords

jsdomdombrowsercustomelementswebcomponentshtmlwhatwgw3c

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
semgrep semgrep:child-process-import AI (semgrep): happy-dom uses child_process in SyncFetch.js to implement synchronous HTTP requests via subprocess IPC — a documented, legitimate pattern for this DOM emulation library. ai
semgrep semgrep:base64-decode AI (semgrep): Base64 decode in SyncFetch.js decodes HTTP response body data from child process IPC — standard inter-process communication, not payload obfuscation. ai
semgrep semgrep:new-function-constructor AI (semgrep): new Function('return true;')() in BrowserWindow.js is a hardcoded capability-detection probe, not dynamic user-controlled code execution. Stable false positive for this package. ai
phantom-deps phantom-dep:@types/ws AI (phantom-deps): @types/* packages are TypeScript type declarations; phantom-dep firing on them is a stable false positive for this package. ai
phantom-deps phantom-dep:@types/node AI (phantom-deps): @types/* packages are TypeScript type declarations; phantom-dep firing on them is a stable false positive for this package. ai
phantom-deps phantom-dep:@types/whatwg-mimetype AI (phantom-deps): @types/* packages are TypeScript type declarations; phantom-dep firing on them is a stable false positive for this package. ai

Versions (showing 9 of 9)

Version Deps Published
20.10.6 7 / 5
20.10.5 7 / 5
20.10.4 7 / 5
20.10.3 7 / 5
20.10.2 7 / 5
20.10.1 7 / 5
20.10.0 7 / 5
20.9.0 6 / 5
20.8.9 6 / 5

v20.10.6

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v20.10.5

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v20.10.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v20.10.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v20.10.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v20.10.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v20.10.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.