happy-dom
Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. It includes many web standards from WHATWG DOM and HTML.
2
Versions
MIT
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
davidortner
Keywords
jsdomdombrowsercustomelementswebcomponentshtmlwhatwgw3c
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:child-process-import | AI (semgrep): happy-dom uses child_process in SyncFetch.js to implement synchronous HTTP requests via subprocess IPC — a documented, legitimate pattern for this DOM emulation library. | ai | |
| semgrep | semgrep:base64-decode | AI (semgrep): Base64 decode in SyncFetch.js decodes HTTP response body data from child process IPC — standard inter-process communication, not payload obfuscation. | ai | |
| semgrep | semgrep:new-function-constructor | AI (semgrep): new Function('return true;')() in BrowserWindow.js is a hardcoded capability-detection probe, not dynamic user-controlled code execution. Stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@types/ws | AI (phantom-deps): @types/* packages are TypeScript type declarations; phantom-dep firing on them is a stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@types/node | AI (phantom-deps): @types/* packages are TypeScript type declarations; phantom-dep firing on them is a stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@types/whatwg-mimetype | AI (phantom-deps): @types/* packages are TypeScript type declarations; phantom-dep firing on them is a stable false positive for this package. | ai |