Git Product home page Git Product logo

browser-compat-data's Introduction

@mdn/browser-compat-data

https://github.com/mdn/browser-compat-data

This repository contains compatibility data for Web technologies. Browser compatibility data describes which platforms (where "platforms" are usually, but not always, web browsers) support particular Web APIs.

This data can be used in documentation, to build compatibility tables listing browser support for APIs. For example: Browser support for WebExtension APIs.

Read how this project is governed.

Chat on chat.mozilla.org#mdn.

Installation

You can install @mdn/browser-compat-data as a node package.

npm install @mdn/browser-compat-data

Usage

const bcd = require('@mdn/browser-compat-data');
bcd.css.properties.background;
// returns a compat data object (see schema)

Package contents

The @mdn/browser-compat-data package contains a tree of objects, with support and browser data objects at their leaves. There are over 12,000 features in the dataset; this documentation highlights significant portions, but many others exist at various levels of the tree.

The definitive description of the format used to represent individual features and browsers is the schema definitions.

Apart from the explicitly documented objects below, feature-level support data may change at any time. See Semantic versioning policy for details.

The package contains the following top-level objects:

api

Data for Web API features.

browsers

Data for browser and engine releases. See the browser schema for details.

css

Data for CSS features, including:

  • at-rules - at-rules
  • properties - properties
  • selectors - selectors (such as basic selectors, combinators, or pseudo elements)
  • types - types for rule values

html

Data for HTML features, including:

  • elements - Elements
  • global_attributes - Global attributes
  • manifest - Web App manifest keys

http

Data for HTTP features, including:

  • headers - Request and response headers
  • methods - Request methods
  • status - Status codes

javascript

Data for JavaScript language features, including:

  • builtins - Built-in objects
  • classes - Class definition features
  • functions - Function features
  • grammar - Language grammar
  • operators - Mathematical and logical operators
  • statements - Language statements and expressions

mathml

Data for MathML features, including:

  • elements - Elements

svg

Data for SVG features, including:

  • attributes - Attributes
  • elements - Elements

webdriver

Data for WebDriver features.

webextensions

Data for WebExtensions features, including:

  • api - WebExtension-specific APIs
  • manifest - manifest.json keys

Semantic versioning policy

For the purposes of semantic versioning (SemVer), the public API consists of:

  • The high-level namespace objects documented in Package contents
  • The schema definitions for browser and support data structures

The details of browser compatibility change frequently, as browsers ship new features, standards organizations revise specifications, and Web developers discover new bugs. We routinely publish updates to the package to reflect these changes.

You should expect lower-level namespaces, feature data, and browser data to be added, removed, or modified at any time. That said, we strive to communicate changes and preserve backward compatibility; if you rely on a currently undocumented portion of the package and want SemVer to apply to it, please open an issue.

Issues?

If you find a problem, please file a bug.

Contributing

We're very happy to accept contributions to this data. See Contributing to browser-compat-data for more information.

Projects using the data

Here are some projects using the data, as an npm module or directly:

  • Add-ons Linter - the Add-ons Linter is used on addons.mozilla.org and the web-ext tool. It uses browser-compat-data to check that the Firefox version that the add-on lists support for does in fact support the APIs used by the add-on.
  • caniuse - In addition to the existing caniuse database, caniuse includes features from the MDN BCD project, formatted and interactive like any other caniuse support table.
  • CanIUse Embed - Thanks to the inclusion of MDN BCD data in caniuse, this embed tool allows for embedding BCD data into any project.
  • Compat Report - Firefox Add-on that shows compatibility data for the current site in the developer tools.
  • compat-tester - Scan local documents for compatibility issues.
  • Visual Studio Code - Shows the compatibility information in the code completion popup.
  • webhint.io - Hints to check if your CSS HTML and JavaScript have deprecated or not broadly supported features.
  • WebStorm - JavaScript IDE allowing you to check whether all CSS properties you use are supported in the target browser version.
  • Hexo Plugin: hexo-compat-report - Allows to embed MDN's compatibility table in a hexo blog post.

Acknowledgments

Thanks to:

BrowserStack

The BrowserStack Open Source Program for testing services

Testing Powered By Sauce Labs

Sauce Labs Open Source for testing services

browser-compat-data's People

Contributors

a2sheppy avatar adarosecannon avatar bershanskiy avatar bunnybooboo avatar caugner avatar chrisdavidmills avatar connorshea avatar ddbeck avatar dependabot-preview[bot] avatar dependabot[bot] avatar dontcallmedom avatar elchi3 avatar exe-boss avatar flashyincceo avatar foolip avatar germain-gg avatar hamishwillee avatar jeremiepat avatar jpmedley avatar lucalves avatar lukewarlow avatar maboa avatar queengooborg avatar rachelandrew avatar rebloor avatar saschanaz avatar sideshowbarker avatar snoack avatar solfen avatar teoli2003 avatar

Watchers

avatar

browser-compat-data's Issues

CVE-2021-23807 (High) detected in jsonpointer-4.1.0.tgz - autoclosed

CVE-2021-23807 - High Severity Vulnerability

Vulnerable Library - jsonpointer-4.1.0.tgz

Simple JSON Addressing.

Library home page: https://registry.npmjs.org/jsonpointer/-/jsonpointer-4.1.0.tgz

Path to dependency file: browser-compat-data/package.json

Path to vulnerable library: browser-compat-data/node_modules/jsonpointer/package.json

Dependency Hierarchy:

  • better-ajv-errors-0.7.0.tgz (Root Library)
    • jsonpointer-4.1.0.tgz (Vulnerable Library)

Found in HEAD commit: 10df392b36d7242dbaac34a7dbac2eeb7b7066ff

Found in base branch: main

Vulnerability Details

This affects the package jsonpointer before 5.0.0. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays.

Publish Date: 2021-11-03

URL: CVE-2021-23807

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23807

Release Date: 2021-11-03

Fix Resolution: jsonpointer - 5.0.0

Step up your Open Source Security Game with WhiteSource here

CVE-2021-3807 (High) detected in ansi-regex-3.0.0.tgz, ansi-regex-5.0.0.tgz - autoclosed

CVE-2021-3807 - High Severity Vulnerability

Vulnerable Libraries - ansi-regex-3.0.0.tgz, ansi-regex-5.0.0.tgz

ansi-regex-3.0.0.tgz

Regular expression for matching ANSI escape codes

Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.0.tgz

Path to dependency file: browser-compat-data/package.json

Path to vulnerable library: browser-compat-data/node_modules/ansi-regex/package.json

Dependency Hierarchy:

  • mocha-9.1.1.tgz (Root Library)
    • wide-align-1.1.3.tgz
      • string-width-2.1.1.tgz
        • strip-ansi-4.0.0.tgz
          • ansi-regex-3.0.0.tgz (Vulnerable Library)
ansi-regex-5.0.0.tgz

Regular expression for matching ANSI escape codes

Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.0.tgz

Path to dependency file: browser-compat-data/package.json

Path to vulnerable library: browser-compat-data/node_modules/wrap-ansi/node_modules/ansi-regex/package.json,browser-compat-data/node_modules/cliui/node_modules/ansi-regex/package.json,browser-compat-data/node_modules/string-width/node_modules/ansi-regex/package.json

Dependency Hierarchy:

  • yargs-17.2.0.tgz (Root Library)
    • cliui-7.0.4.tgz
      • strip-ansi-6.0.0.tgz
        • ansi-regex-5.0.0.tgz (Vulnerable Library)

Found in HEAD commit: 2ce65095801361b4cb8922bf5229e6d128c48500

Found in base branch: main

Vulnerability Details

ansi-regex is vulnerable to Inefficient Regular Expression Complexity

Publish Date: 2021-09-17

URL: CVE-2021-3807

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994/

Release Date: 2021-09-17

Fix Resolution: ansi-regex - 5.0.1,6.0.1

Step up your Open Source Security Game with WhiteSource here

CVE-2021-23566 (Medium) detected in nanoid-3.1.25.tgz - autoclosed

CVE-2021-23566 - Medium Severity Vulnerability

Vulnerable Library - nanoid-3.1.25.tgz

A tiny (108 bytes), secure URL-friendly unique string ID generator

Library home page: https://registry.npmjs.org/nanoid/-/nanoid-3.1.25.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/nanoid/package.json

Dependency Hierarchy:

  • mocha-9.1.3.tgz (Root Library)
    • nanoid-3.1.25.tgz (Vulnerable Library)

Found in base branch: main

Vulnerability Details

The package nanoid before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.

Publish Date: 2022-01-14

URL: CVE-2021-23566

CVSS 3 Score Details (5.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23566

Release Date: 2022-01-14

Fix Resolution: nanoid - 3.1.31

Step up your Open Source Security Game with WhiteSource here

[DepShield] (CVSS 4.3) Vulnerability due to usage of bl:4.1.0

Vulnerabilities

DepShield reports that this application's usage of bl:4.1.0 results in the following vulnerability(s):

Occurrences

bl:4.1.0 is a transitive dependency introduced by the following direct dependency(s):

ora:5.4.1
        └─ bl:4.1.0

This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.