@niksbanna/bot-detector 1.0.3 → 1.0.4

package/src/signals/automation/PuppeteerSignal.js

@@ -1,123 +0,0 @@
-/**
- * @fileoverview Detects Puppeteer-specific artifacts.
- */
-
-import { Signal } from '../../core/Signal.js';
-
-/**
- * Detects artifacts left by Puppeteer automation.
- * Puppeteer leaves various fingerprints in the browser context.
- */
-class PuppeteerSignal extends Signal {
-  static id = 'puppeteer';
-  static category = 'automation';
-  static weight = 1.0;
-  static description = 'Detects Puppeteer automation artifacts';
-
-  async detect() {
-    const indicators = [];
-    let confidence = 0;
-
-    // Check for Puppeteer evaluation script marker
-    if (window.__puppeteer_evaluation_script__) {
-      indicators.push('puppeteer-evaluation-script');
-      confidence = Math.max(confidence, 1.0);
-    }
-
-    // Check for Puppeteer-injected functions
-    const puppeteerGlobals = [
-      '__puppeteer_evaluation_script__',
-      '__puppeteer',
-      'puppeteer',
-    ];
-
-    for (const global of puppeteerGlobals) {
-      if (global in window) {
-        indicators.push(`global-${global}`);
-        confidence = Math.max(confidence, 1.0);
-      }
-    }
-
-    // Check for HeadlessChrome in user agent (common with Puppeteer)
-    const ua = navigator.userAgent || '';
-    if (ua.includes('HeadlessChrome')) {
-      indicators.push('headless-chrome-ua');
-      confidence = Math.max(confidence, 0.9);
-    }
-
-    // Check for Puppeteer's typical Chrome DevTools Protocol artifacts
-    if (window.cdc_adoQpoasnfa76pfcZLmcfl_Array ||
-        window.cdc_adoQpoasnfa76pfcZLmcfl_Promise ||
-        window.cdc_adoQpoasnfa76pfcZLmcfl_Symbol) {
-      indicators.push('cdp-artifacts');
-      confidence = Math.max(confidence, 1.0);
-    }
-
-    // Check for DevTools protocol detection
-    try {
-      // Puppeteer often leaves eval traces
-      const evalTest = window.eval.toString();
-      if (evalTest.includes('puppeteer')) {
-        indicators.push('eval-puppeteer');
-        confidence = Math.max(confidence, 0.9);
-      }
-    } catch (e) {
-      // Ignore errors
-    }
-
-    // Check for typical Puppeteer page.evaluate patterns in stack traces
-    try {
-      throw new Error('stack trace test');
-    } catch (e) {
-      const stack = e.stack || '';
-      if (stack.includes('puppeteer') || stack.includes('pptr')) {
-        indicators.push('stack-trace-puppeteer');
-        confidence = Math.max(confidence, 0.8);
-      }
-    }
-
-    // Check for Puppeteer's default viewport (800x600)
-    if (window.innerWidth === 800 && window.innerHeight === 600) {
-      // Only weak indicator - could be coincidence
-      indicators.push('default-viewport');
-      confidence = Math.max(confidence, 0.3);
-    }
-
-    // navigator.webdriver is already exclusively checked by WebDriverSignal (environment).
-    // Duplicating it here causes triple-counting of the same property across signals.
-
-    // Check for binding injection pattern
-    // Puppeteer's exposeFunction creates window bindings
-    // (Next.js, webpack, React DevTools, Angular) push __* count past the
-    // old threshold of 5 on perfectly normal pages.
-    const FRAMEWORK_PREFIXES = [
-      '__zone_symbol__',   // Angular / Zone.js
-      '__next',            // Next.js
-      '__webpack',         // webpack
-      '__react',           // React DevTools
-      '__REACT',
-      '__vite',            // Vite
-      '__nuxt',            // Nuxt.js
-    ];
-    const suspiciousBindings = Object.keys(window).filter(key => {
-      if (!key.startsWith('__')) return false;
-      if (typeof window[key] !== 'function') return false;
-      return !FRAMEWORK_PREFIXES.some(prefix => key.startsWith(prefix));
-    });
-
-    if (suspiciousBindings.length > 10) {
-      indicators.push('suspicious-bindings');
-      confidence = Math.max(confidence, 0.5);
-    }
-
-    // window.chrome.runtime is ONLY populated inside Chrome extensions.
-    // Its absence is completely normal for all real Chrome users.
-    // This check was causing every non-extension Chrome user to be flagged as Puppeteer.
-
-    const triggered = indicators.length > 0;
-
-    return this.createResult(triggered, { indicators }, confidence);
-  }
-}
-
-export { PuppeteerSignal };

package/src/signals/automation/SeleniumSignal.js

@@ -1,148 +0,0 @@
-/**
- * @fileoverview Detects Selenium WebDriver artifacts.
- */
-
-import { Signal } from '../../core/Signal.js';
-
-/**
- * Detects artifacts left by Selenium WebDriver.
- * Selenium leaves various fingerprints in the browser context.
- */
-class SeleniumSignal extends Signal {
-  static id = 'selenium';
-  static category = 'automation';
-  static weight = 1.0;
-  static description = 'Detects Selenium WebDriver artifacts';
-
-  async detect() {
-    const indicators = [];
-    let confidence = 0;
-
-    // navigator.webdriver is already exclusively checked by WebDriverSignal (environment).
-    // Duplicating it here causes triple-counting of the same property across signals.
-
-    // Check for Selenium-specific globals
-    const seleniumGlobals = [
-      '_selenium',
-      'callSelenium',
-      '_Selenium_IDE_Recorder',
-      '__selenium_evaluate',
-      '__selenium_unwrap',
-      '__webdriver_evaluate',
-      '__webdriver_unwrap',
-      '__webdriver_script_function',
-      '__webdriver_script_func',
-      '__fxdriver_evaluate',
-      '__fxdriver_unwrap',
-      'webdriver',
-    ];
-
-    for (const global of seleniumGlobals) {
-      if (global in window) {
-        indicators.push(`global-${global}`);
-        confidence = Math.max(confidence, 1.0);
-      }
-    }
-
-    // Check for Selenium document properties
-    const seleniumDocProps = [
-      '__webdriver_script_fn',
-      '__driver_evaluate',
-      '__webdriver_evaluate',
-      '__selenium_evaluate',
-      '__fxdriver_evaluate',
-      '__driver_unwrap',
-      '__webdriver_unwrap',
-      '__selenium_unwrap',
-      '__fxdriver_unwrap',
-    ];
-
-    for (const prop of seleniumDocProps) {
-      if (prop in document) {
-        indicators.push(`document-${prop}`);
-        confidence = Math.max(confidence, 1.0);
-      }
-    }
-
-    // Check for ChromeDriver artifacts ($cdc variables)
-    const windowKeys = Object.keys(window);
-    
-    // ChromeDriver injects variables starting with $cdc_ or $wdc_
-    const cdcVars = windowKeys.filter(key => 
-      key.startsWith('$cdc_') || 
-      key.startsWith('$wdc_') ||
-      key.startsWith('$chrome_asyncScriptInfo')
-    );
-
-    if (cdcVars.length > 0) {
-      indicators.push('chromedriver-variables');
-      confidence = Math.max(confidence, 1.0);
-    }
-
-    // Check for GeckoDriver (Firefox) artifacts
-    if (window.webdriverCallback || document.documentElement.getAttribute('webdriver')) {
-      indicators.push('geckodriver-artifacts');
-      confidence = Math.max(confidence, 1.0);
-    }
-
-    // Check for webdriver in document element attributes
-    try {
-      const docElement = document.documentElement;
-      if (docElement.hasAttribute('webdriver') || 
-          docElement.getAttribute('selenium') ||
-          docElement.getAttribute('driver')) {
-        indicators.push('document-webdriver-attr');
-        confidence = Math.max(confidence, 1.0);
-      }
-    } catch (e) {
-      // Ignore errors
-    }
-
-    // Check for Selenium IDE artifacts
-    if (window.selenium || window.sideex) {
-      indicators.push('selenium-ide');
-      confidence = Math.max(confidence, 1.0);
-    }
-
-    // Check for navigator.webdriver property descriptor anomalies
-    try {
-      const descriptor = Object.getOwnPropertyDescriptor(Navigator.prototype, 'webdriver');
-      if (descriptor) {
-        // Check if the getter has been modified
-        if (descriptor.get) {
-          const getterStr = descriptor.get.toString();
-          if (!getterStr.includes('[native code]')) {
-            indicators.push('webdriver-getter-modified');
-            confidence = Math.max(confidence, 0.7);
-          }
-        }
-      }
-    } catch (e) {
-      // Ignore errors
-    }
-
-    // Check for driver command executor
-    if (window.domAutomation || window.domAutomationController) {
-      indicators.push('dom-automation');
-      confidence = Math.max(confidence, 1.0);
-    }
-
-    // Check for callPhantom alternative used by some Selenium setups
-    if (window.awesomium) {
-      indicators.push('awesomium');
-      confidence = Math.max(confidence, 0.9);
-    }
-
-    // Check for external interface (used by some automation tools)
-    if (window.external && window.external.toString().includes('Selenium')) {
-      indicators.push('external-selenium');
-      confidence = Math.max(confidence, 1.0);
-    }
-
-    const triggered = indicators.length > 0;
-
-    return this.createResult(triggered, { indicators }, confidence);
-  }
-}
-
-export { SeleniumSignal };

package/src/signals/automation/index.js

@@ -1,8 +0,0 @@
-/**
- * @fileoverview Automation signals index.
- */
-
-export { PuppeteerSignal } from './PuppeteerSignal.js';
-export { PlaywrightSignal } from './PlaywrightSignal.js';
-export { SeleniumSignal } from './SeleniumSignal.js';
-export { PhantomJSSignal } from './PhantomJSSignal.js';

package/src/signals/behavior/InteractionTimingSignal.js

@@ -1,170 +0,0 @@
-/**
- * @fileoverview Detects suspicious interaction timing patterns.
- */
-
-import { Signal } from '../../core/Signal.js';
-
-/**
- * Measures timing between page load and first interaction.
- * Bots often interact too fast or with perfect timing patterns.
- */
-class InteractionTimingSignal extends Signal {
-  static id = 'interaction-timing';
-  static category = 'behavior';
-  static weight = 0.6;
-  static description = 'Detects suspicious interaction timing';
-  static requiresInteraction = true;
-
-  constructor(options = {}) {
-    super(options);
-    this._pageLoadTime = performance.now();
-    this._firstInteractionTime = null;
-    this._interactions = [];
-    this._isTracking = false;
-    this._trackingDuration = options.trackingDuration || 5000;
-    this._boundHandler = null;
-  }
-
-  /**
-   * Start tracking interactions.
-   */
-  startTracking() {
-    if (this._isTracking) return;
-    
-    this._interactions = [];
-    this._isTracking = true;
-    
-    const interactionEvents = ['click', 'mousedown', 'touchstart', 'keydown', 'scroll'];
-    
-    this._boundHandler = (e) => {
-      const now = performance.now();
-      if (this._firstInteractionTime === null) {
-        this._firstInteractionTime = now;
-      }
-      this._interactions.push({
-        type: e.type,
-        t: now,
-        timeSinceLoad: now - this._pageLoadTime,
-      });
-    };
-    
-    for (const event of interactionEvents) {
-      document.addEventListener(event, this._boundHandler, { passive: true, capture: true });
-    }
-  }
-
-  /**
-   * Stop tracking interactions.
-   */
-  stopTracking() {
-    if (!this._isTracking) return;
-    
-    this._isTracking = false;
-    const interactionEvents = ['click', 'mousedown', 'touchstart', 'keydown', 'scroll'];
-    
-    if (this._boundHandler) {
-      for (const event of interactionEvents) {
-        document.removeEventListener(event, this._boundHandler, { capture: true });
-      }
-      this._boundHandler = null;
-    }
-  }
-
-  async detect() {
-    const anomalies = [];
-    let confidence = 0;
-
-    // Start tracking if not already
-    if (!this._isTracking && this._interactions.length === 0) {
-      this.startTracking();
-      await new Promise(resolve => setTimeout(resolve, this._trackingDuration));
-      this.stopTracking();
-    }
-
-    const interactions = this._interactions;
-
-    // No interactions - not necessarily suspicious, could be passive viewing
-    if (interactions.length === 0) {
-      return this.createResult(false, { 
-        reason: 'no-interactions',
-      }, 0);
-    }
-
-    // Check time to first interaction
-    const firstInteraction = interactions[0];
-    
-    // Suspiciously fast first interaction (< 100ms after page load)
-    if (firstInteraction.timeSinceLoad < 100) {
-      anomalies.push('instant-interaction');
-      confidence = Math.max(confidence, 0.9);
-    }
-    // Very fast interaction (< 300ms)
-    else if (firstInteraction.timeSinceLoad < 300) {
-      anomalies.push('very-fast-interaction');
-      confidence = Math.max(confidence, 0.6);
-    }
-
-    // Analyze interaction intervals
-    if (interactions.length > 3) {
-      const intervals = [];
-      for (let i = 1; i < interactions.length; i++) {
-        intervals.push(interactions[i].t - interactions[i - 1].t);
-      }
-
-      const avgInterval = intervals.reduce((a, b) => a + b, 0) / intervals.length;
-      const variance = intervals.reduce((acc, t) => 
-        acc + Math.pow(t - avgInterval, 2), 0) / intervals.length;
-
-      // Perfectly timed intervals (robotic)
-      if (variance < 10 && interactions.length > 5) {
-        anomalies.push('robotic-intervals');
-        confidence = Math.max(confidence, 0.8);
-      }
-
-      // Check for burst interactions (many in short time)
-      const burstThreshold = 50; // ms
-      let burstCount = 0;
-      for (const interval of intervals) {
-        if (interval < burstThreshold) burstCount++;
-      }
-      if (burstCount > intervals.length * 0.7) {
-        anomalies.push('burst-interactions');
-        confidence = Math.max(confidence, 0.7);
-      }
-    }
-
-    // Check interaction sequence (bots often follow predictable patterns)
-    const typeSequence = interactions.map(i => i.type).join(',');
-    
-    // Repeated identical sequences
-    if (interactions.length >= 6) {
-      const halfLength = Math.floor(interactions.length / 2);
-      const firstHalf = interactions.slice(0, halfLength).map(i => i.type).join(',');
-      const secondHalf = interactions.slice(halfLength, halfLength * 2).map(i => i.type).join(',');
-      
-      if (firstHalf === secondHalf && firstHalf.length > 0) {
-        anomalies.push('repeated-sequence');
-        confidence = Math.max(confidence, 0.6);
-      }
-    }
-
-    const triggered = anomalies.length > 0;
-
-    return this.createResult(triggered, {
-      anomalies,
-      interactionCount: interactions.length,
-      timeToFirstInteraction: firstInteraction.timeSinceLoad,
-      firstInteractionType: firstInteraction.type,
-    }, confidence);
-  }
-
-  reset() {
-    super.reset();
-    this.stopTracking();
-    this._pageLoadTime = performance.now();
-    this._firstInteractionTime = null;
-    this._interactions = [];
-  }
-}
-
-export { InteractionTimingSignal };

package/src/signals/behavior/KeyboardPatternSignal.js

@@ -1,235 +0,0 @@
-/**
- * @fileoverview Detects non-human keyboard input patterns.
- */
-
-import { Signal } from '../../core/Signal.js';
-
-/**
- * Analyzes keystroke timing patterns.
- * Bots often type with unnatural consistency or inhuman speeds.
- */
-class KeyboardPatternSignal extends Signal {
-  static id = 'keyboard-pattern';
-  static category = 'behavior';
-  static weight = 0.8;
-  static description = 'Detects non-human keystroke patterns';
-  static requiresInteraction = true;
-
-  constructor(options = {}) {
-    super(options);
-    this._keystrokes = [];
-    this._isTracking = false;
-    this._trackingDuration = Math.min(options.trackingDuration || 2500, 2500);
-    this._minKeystrokes = options.minKeystrokes || 10;
-    this._boundKeydownHandler = null;
-    this._boundKeyupHandler = null;
-  }
-
-  /**
-   * Start tracking keyboard events.
-   */
-  startTracking() {
-    if (this._isTracking) return;
-    
-    this._keystrokes = [];
-    this._isTracking = true;
-    
-    this._boundKeydownHandler = (e) => {
-      this._keystrokes.push({
-        type: 'down',
-        key: e.key,
-        code: e.code,
-        t: performance.now(),
-      });
-    };
-
-    this._boundKeyupHandler = (e) => {
-      this._keystrokes.push({
-        type: 'up',
-        key: e.key,
-        code: e.code,
-        t: performance.now(),
-      });
-    };
-    
-    document.addEventListener('keydown', this._boundKeydownHandler, { passive: true });
-    document.addEventListener('keyup', this._boundKeyupHandler, { passive: true });
-  }
-
-  /**
-   * Stop tracking keyboard events.
-   */
-  stopTracking() {
-    if (!this._isTracking) return;
-    
-    this._isTracking = false;
-    if (this._boundKeydownHandler) {
-      document.removeEventListener('keydown', this._boundKeydownHandler);
-      this._boundKeydownHandler = null;
-    }
-    if (this._boundKeyupHandler) {
-      document.removeEventListener('keyup', this._boundKeyupHandler);
-      this._boundKeyupHandler = null;
-    }
-  }
-
-  async detect() {
-    const anomalies = [];
-    let confidence = 0;
-
-    // If no tracking has occurred, start it
-    if (this._keystrokes.length === 0) {
-      this.startTracking();
-      await new Promise(resolve => setTimeout(resolve, this._trackingDuration));
-      this.stopTracking();
-    }
-
-    const keystrokes = this._keystrokes;
-    const keydowns = keystrokes.filter(k => k.type === 'down');
-
-    // No keyboard activity
-    if (keydowns.length < this._minKeystrokes) {
-      // Not necessarily a bot - could just be no typing needed
-      return this.createResult(false, { 
-        reason: 'insufficient-data',
-        keystrokes: keydowns.length 
-      }, 0);
-    }
-
-    const analysis = this._analyzeKeystrokes(keystrokes);
-
-    // Check for inhuman typing speed (> 20 chars/second sustained)
-    if (analysis.avgInterKeystrokeTime < 50 && keydowns.length > 20) {
-      anomalies.push('inhuman-speed');
-      confidence = Math.max(confidence, 0.9);
-    }
-
-    // Check for too-consistent timing (robotic)
-    if (analysis.timingVariance < 5 && keydowns.length > 15) {
-      anomalies.push('robotic-timing');
-      confidence = Math.max(confidence, 0.8);
-    }
-
-    // Check for missing key-up events (programmatic input)
-    if (analysis.missingKeyups > keydowns.length * 0.5) {
-      anomalies.push('missing-keyups');
-      confidence = Math.max(confidence, 0.7);
-    }
-
-    // Check for perfect key hold times
-    if (analysis.holdTimeVariance < 2 && analysis.holdTimes.length > 10) {
-      anomalies.push('constant-hold-time');
-      confidence = Math.max(confidence, 0.6);
-    }
-
-    // Check for sequential key codes (batch input)
-    if (analysis.sequentialKeys > keydowns.length * 0.8 && keydowns.length > 10) {
-      anomalies.push('sequential-input');
-      confidence = Math.max(confidence, 0.5);
-    }
-
-    // Check for no typing rhythm variation
-    if (analysis.rhythmScore < 0.1 && keydowns.length > 20) {
-      anomalies.push('no-rhythm-variation');
-      confidence = Math.max(confidence, 0.6);
-    }
-
-    const triggered = anomalies.length > 0;
-
-    return this.createResult(triggered, {
-      anomalies,
-      keystrokeCount: keydowns.length,
-      analysis,
-    }, confidence);
-  }
-
-  /**
-   * Analyze keystroke patterns.
-   * @param {Array} keystrokes - Array of keystroke events
-   * @returns {Object} Analysis results
-   */
-  _analyzeKeystrokes(keystrokes) {
-    const keydowns = keystrokes.filter(k => k.type === 'down');
-    const keyups = keystrokes.filter(k => k.type === 'up');
-
-    if (keydowns.length < 2) {
-      return {
-        avgInterKeystrokeTime: Infinity,
-        timingVariance: Infinity,
-        missingKeyups: 0,
-        holdTimeVariance: Infinity,
-        holdTimes: [],
-        sequentialKeys: 0,
-        rhythmScore: 1,
-      };
-    }
-
-    // Calculate inter-keystroke times
-    const interTimes = [];
-    for (let i = 1; i < keydowns.length; i++) {
-      interTimes.push(keydowns[i].t - keydowns[i - 1].t);
-    }
-
-    const avgInterKeystrokeTime = interTimes.reduce((a, b) => a + b, 0) / interTimes.length;
-    const timingVariance = interTimes.reduce((acc, t) => 
-      acc + Math.pow(t - avgInterKeystrokeTime, 2), 0) / interTimes.length;
-
-    // Calculate hold times (time between keydown and keyup for same key)
-    const holdTimes = [];
-    for (const down of keydowns) {
-      const up = keyups.find(u => u.key === down.key && u.t > down.t);
-      if (up) {
-        holdTimes.push(up.t - down.t);
-      }
-    }
-
-    const avgHoldTime = holdTimes.length > 0 
-      ? holdTimes.reduce((a, b) => a + b, 0) / holdTimes.length 
-      : 0;
-    const holdTimeVariance = holdTimes.length > 0
-      ? holdTimes.reduce((acc, t) => acc + Math.pow(t - avgHoldTime, 2), 0) / holdTimes.length
-      : Infinity;
-
-    // Count missing keyups
-    const missingKeyups = keydowns.length - holdTimes.length;
-
-    // Count sequential keys (chars typed in order, like 'abc' or '123')
-    let sequentialKeys = 0;
-    for (let i = 1; i < keydowns.length; i++) {
-      const prevCode = keydowns[i - 1].key.charCodeAt(0);
-      const currCode = keydowns[i].key.charCodeAt(0);
-      if (Math.abs(currCode - prevCode) === 1) {
-        sequentialKeys++;
-      }
-    }
-
-    // Calculate typing rhythm score (variation in timing patterns)
-    // Humans have natural rhythm variations (pause after words, faster for common patterns)
-    let rhythmScore = 0;
-    if (interTimes.length > 5) {
-      const sortedTimes = [...interTimes].sort((a, b) => a - b);
-      const median = sortedTimes[Math.floor(sortedTimes.length / 2)];
-      // Count how many timings deviate significantly from median
-      const deviations = interTimes.filter(t => Math.abs(t - median) > median * 0.3).length;
-      rhythmScore = deviations / interTimes.length;
-    }
-
-    return {
-      avgInterKeystrokeTime,
-      timingVariance,
-      missingKeyups,
-      holdTimeVariance,
-      holdTimes,
-      sequentialKeys,
-      rhythmScore,
-    };
-  }
-
-  reset() {
-    super.reset();
-    this.stopTracking();
-    this._keystrokes = [];
-  }
-}
-
-export { KeyboardPatternSignal };