@govtechsg/oobee 0.10.85 → 0.10.86

package/.github/workflows/image.yml

@@ -146,17 +146,18 @@ jobs:
           chmod -R u+w "$GITHUB_WORKSPACE/oobee"
 
           # Sign all Mach-O (exec bits OR dylib OR node native addons)
+          # Search $GITHUB_WORKSPACE (not just oobee/) to cover scripts copied to the parent dir
           while IFS= read -r f; do
             echo "Signing $f"
             codesign --force --options runtime --timestamp --sign "${CERTIFICATE_NAME}" "$f"
           done < <(
-            find "$GITHUB_WORKSPACE/oobee" -type f \
+            find "$GITHUB_WORKSPACE" -type f \
               \( -perm -111 -o -name "*.dylib" -o -name "*.node" \) \
               ! -path "*/.git/*"
           )
 
           echo "Verifying signatures of Mach-O files..."
-          find "$GITHUB_WORKSPACE/oobee" -type f \( -perm -111 -o -name "*.dylib" -o -name "*.node" \) \
+          find "$GITHUB_WORKSPACE" -type f \( -perm -111 -o -name "*.dylib" -o -name "*.node" \) \
             -exec codesign --verify --strict --verbose=2 {} \; || true
           
       - name: Cleanup keychain

package/.github/workflows/publish.yml

@@ -3,6 +3,8 @@ on:
   workflow_dispatch:
   release:
     types: [published]
+permissions:
+  contents: write
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -20,6 +22,14 @@ jobs:
       - run: npm run build
         continue-on-error: false
 
+      - name: Create and push git tag
+        run: |
+          VERSION=$(node -p "require('./package.json').version")
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git tag -af "v${VERSION}" -m "Version ${VERSION}"
+          git push origin "v${VERSION}" --force
+
       - run: npm publish
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

package/DETAILS.md

@@ -195,3 +195,32 @@ Note: Level AAA are disabled by default.  Please specify `enable-wcag-aaa` in ru
 | skip-link                           | Ensure all skip links have a focusable target                                                                                                  | Good to Fix |
 | tabindex                            | Ensures tabindex attribute values are not greater than 0                                                                                       | Good to Fix |
 | table-duplicate-name                | Ensure the `<caption>` element does not contain the same text as the summary attribute                                                         | Good to Fix |
+
+## Additional Information
+### How the Readability Grading Works
+
+#### 1. Text Extraction
+
+During a page scan, Oobee extracts text from all `<p>` elements on the page (via extractAndGradeText.ts or extractText.ts). The raw text is split into individual **sentences** using the pattern `/[^.!?]*[.!?]+/g` — only text segments ending with `.`, `!`, or `?` are kept.
+
+#### 2. Flesch Reading Ease Scoring
+
+The extracted sentences are joined into a single string and word-counted. If the page has **fewer than 20 words**, grading is skipped (score = 0, treated as a pass). Otherwise, the [Flesch Reading Ease](https://en.wikipedia.org/wiki/Flesch%E2%80%93Kincaid_readability_tests) formula is applied via the `text-readability` library in gradeReadability.ts:
+
+| Score Range | Interpretation |
+|---|---|
+| 90–100 | Very easy to read (5th grade) |
+| 60–70 | Easily understood by 13–15 year olds |
+| **≤ 50** | **Difficult — college level or above** |
+| 0–30 | Very difficult — best understood by university graduates |
+
+#### 3. Flagging Criteria
+
+The `oobee-grading-text-contents` rule is **only enabled when WCAG AAA mode is on** (`enableWcagAaa = true`) and violations are flagged under **Manual Review Required** findings. It maps to **WCAG 3.1.5 (Reading Level)**.
+
+A page is **flagged** (incomplete) when the Flesch Reading Ease score is **50 or below**, indicating the text is potentially difficult to understand. The issue message reports the exact score and explains that the target passing score is above 50.
+
+A page **passes** when:
+- The score is **above 50**, or
+- There are fewer than 20 words of paragraph text, or
+- No valid sentences (ending with punctuation) are found

package/dist/combine.js

@@ -77,7 +77,7 @@ const combineRun = async (details, deviceToScan) => {
     let durationExceeded = false;
     switch (type) {
         case ScannerTypes.CUSTOM:
-            const res = await runCustom(url, randomToken, viewportSettings, blacklistedPatterns, includeScreenshots, customFlowLabel && customFlowLabel !== 'None' ? customFlowLabel : '');
+            const res = await runCustom(url, randomToken, browser, userDataDirectory, viewportSettings, blacklistedPatterns, includeScreenshots, customFlowLabel && customFlowLabel !== 'None' ? customFlowLabel : '');
             urlsCrawledObj = res.urlsCrawled;
             uiCustomFlowLabel = res.customFlowLabel;
             break;

package/dist/constants/common.js

@@ -175,6 +175,14 @@ export const validateXML = (content) => {
     });
     return { isValid, parsedContent };
 };
+export const validateTXT = (content) => {
+    // Strip HTML tags first — browsers wrap .txt files in HTML when fetched via Playwright
+    const plainText = content.replace(/<[^>]+>/g, '\n');
+    const lines = plainText.split(/\r?\n/).map(l => l.trim()).filter(l => l.length > 0);
+    // Allow http, https and relative paths (starting with /) for txt sitemaps, as some sitemaps use relative paths and some txt sitemaps are fetched as HTML by Playwright
+    const urlPattern = /^(https?:\/\/|\/)[^\s]+$/i;
+    return { isValid: lines.some(line => urlPattern.test(line)) };
+};
 export const isSkippedUrl = (pageUrl, whitelistedDomains) => {
     const matched = whitelistedDomains.filter(p => {
         const pattern = p.replace(/[\n\r]+/g, '');
@@ -464,13 +472,13 @@ export const isSitemapContent = (content) => {
     }
     const regexForHtml = new RegExp('<(?:!doctype html|html|head|body)+?>', 'gmi');
     const regexForXmlSitemap = new RegExp('<(?:urlset|feed|rss)+?.*>', 'gmi');
-    const regexForUrl = new RegExp('^.*(http|https):/{2}.*$', 'gmi');
     if (content.match(regexForHtml) && content.match(regexForXmlSitemap)) {
         // is an XML sitemap wrapped in a HTML document
         return true;
     }
-    if (!content.match(regexForHtml) && content.match(regexForUrl)) {
-        // treat this as a txt sitemap where all URLs will be extracted for crawling
+    const { isValid: isTxtSitemap } = validateTXT(content);
+    if (isTxtSitemap) {
+        // treat this as a txt sitemap (plain text or browser-wrapped with HTML)
         return true;
     }
     // is HTML webpage
@@ -1603,6 +1611,7 @@ const cacheProxyInfo = getProxyInfo();
 export const getPlaywrightLaunchOptions = (browser) => {
     const channel = browser || undefined;
     const resolution = proxyInfoToResolution(cacheProxyInfo);
+    const shouldIgnoreMuteAudio = process.env.OOBEE_PLAYWRIGHT_IGNORE_DEFAULT_ARGS === '--mute-audio';
     // Start with your base args and sanitise
     const finalArgs = [...constants.launchOptionsArgs].filter(arg => !arg.startsWith('--headless') &&
         !arg.startsWith('--user-agent=') &&
@@ -1630,7 +1639,9 @@ export const getPlaywrightLaunchOptions = (browser) => {
             break;
     }
     const options = {
-        ignoreDefaultArgs: ['--use-mock-keychain'],
+        ignoreDefaultArgs: shouldIgnoreMuteAudio
+            ? ['--use-mock-keychain', '--mute-audio']
+            : ['--use-mock-keychain'],
         args: finalArgs,
         headless: process.env.CRAWLEE_HEADLESS === '1',
         ...(channel && { channel }),