{"id":14984200,"url":"https://github.com/googlechrome/lighthouse","last_synced_at":"2025-09-09T20:25:41.868Z","repository":{"id":37444332,"uuid":"53370988","full_name":"GoogleChrome/lighthouse","owner":"GoogleChrome","description":"Automated auditing, performance metrics, and best practices for the web.","archived":false,"fork":false,"pushed_at":"2025-09-03T22:58:06.000Z","size":337643,"stargazers_count":29355,"open_issues_count":499,"forks_count":9557,"subscribers_count":607,"default_branch":"main","last_synced_at":"2025-09-08T10:59:13.006Z","etag":null,"topics":["audit","best-practices","chrome-devtools","developer-tools","performance-analysis","performance-metrics","pwa","web"],"latest_commit_sha":null,"homepage":"https://developer.chrome.com/docs/lighthouse/overview/","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/GoogleChrome.png","metadata":{"files":{"readme":"docs/readme.md","changelog":"changelog-pre10.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2016-03-08T01:03:11.000Z","updated_at":"2025-09-07T17:41:03.000Z","dependencies_parsed_at":"2023-09-22T04:48:15.345Z","dependency_job_id":"5e7673fc-6118-49fe-a69d-ec5550cecd27","html_url":"https://github.com/GoogleChrome/lighthouse","commit_stats":{"total_commits":5864,"total_committers":356,"mean_commits":"16.471910112359552","dds":0.8084924965893587,"last_synced_commit":"240102e547f7d17bb607a3cb314b57ac0ca0225d"},"previous_names":[],"tags_count":147,"template":false,"template_full_name":null,"purl":"pkg:github/GoogleChrome/lighthouse","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoogleChrome%2Flighthouse","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoogleChrome%2Flighthouse/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoogleChrome%2Flighthouse/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoogleChrome%2Flighthouse/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/GoogleChrome","download_url":"https://codeload.github.com/GoogleChrome/lighthouse/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoogleChrome%2Flighthouse/sbom","scorecard":{"id":57438,"data":{"date":"2025-08-11","repo":{"name":"github.com/GoogleChrome/lighthouse","commit":"a7223d70992b085584997f8e656b9ed9b0e7fb5e"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.8,"checks":[{"name":"Maintained","score":10,"reason":"30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":3,"reason":"Found 11/30 approved changesets -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Warn: no topLevel permission defined: .github/workflows/cron-weekly.yml:1","Warn: no topLevel permission defined: .github/workflows/devtools.yml:1","Warn: no topLevel permission defined: .github/workflows/package-test.yml:1","Warn: no topLevel permission defined: .github/workflows/publish.yml:1","Warn: no topLevel permission defined: .github/workflows/smoke.yml:1","Warn: no topLevel permission defined: .github/workflows/unit.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"SAST","score":8,"reason":"SAST tool is not run on all commits -- score normalized to 8","details":["Warn: 25 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":2,"reason":"dependency not pinned by hash detected -- score normalized to 2","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cron-weekly.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/cron-weekly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cron-weekly.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/cron-weekly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cron-weekly.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/cron-weekly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cron-weekly.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/cron-weekly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devtools.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/devtools.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devtools.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/devtools.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devtools.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/devtools.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devtools.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/devtools.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devtools.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/devtools.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devtools.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/devtools.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devtools.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/devtools.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devtools.yml:140: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/devtools.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devtools.yml:145: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/devtools.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devtools.yml:151: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/devtools.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devtools.yml:182: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/devtools.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/package-test.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/package-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/package-test.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/package-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/smoke.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/smoke.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/smoke.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/smoke.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/smoke.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/smoke.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/smoke.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/smoke.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/smoke.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/smoke.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/smoke.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/smoke.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/smoke.yml:147: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/smoke.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/smoke.yml:150: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/smoke.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/smoke.yml:173: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/smoke.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/unit.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/unit.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/unit.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/unit.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/unit.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleChrome/lighthouse/unit.yml/main?enable=pin","Warn: npmCommand not pinned by hash: core/scripts/dogfood-lhci.sh:42","Warn: npmCommand not pinned by hash: core/scripts/gcp-collection/gcp-setup.sh:25","Warn: npmCommand not pinned by hash: core/scripts/lantern/collect/gcp-setup.sh:19","Warn: npmCommand not pinned by hash: core/scripts/release/package-test.sh:22","Warn: npmCommand not pinned by hash: core/scripts/run-git3po.sh:18","Warn: pipCommand not pinned by hash: .github/workflows/unit.yml:49","Warn: pipCommand not pinned by hash: .github/workflows/unit.yml:50","Info:   0 out of  38 GitHub-owned GitHubAction dependencies pinned","Info:   5 out of   5 third-party GitHubAction dependencies pinned","Info:   0 out of   5 npmCommand dependencies pinned","Info:   0 out of   2 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":0,"reason":"58 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw","Warn: Project is vulnerable to: GHSA-wg6g-ppvx-927h","Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c","Warn: Project is vulnerable to: GHSA-r9p9-mrjm-926w","Warn: Project is vulnerable to: GHSA-434g-2637-qmqr","Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m","Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw","Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p","Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747","Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh","Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9","Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6","Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-xffm-g5w8-qvg7","Warn: Project is vulnerable to: GHSA-7v5v-9h63-cj86","Warn: Project is vulnerable to: GHSA-2qqx-w9hr-q5gx","Warn: Project is vulnerable to: GHSA-2vrf-hf26-jrp5","Warn: Project is vulnerable to: GHSA-4w4v-5hc9-xrr2","Warn: Project is vulnerable to: GHSA-j58c-ww9w-pwp5","Warn: Project is vulnerable to: GHSA-m2h2-264f-f486","Warn: Project is vulnerable to: GHSA-m9gf-397r-hwpg","Warn: Project is vulnerable to: GHSA-mqm9-c95h-x2p6","Warn: Project is vulnerable to: GHSA-prc3-vjfx-vhm9","Warn: Project is vulnerable to: GHSA-qwqh-hm9m-p5hr","Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq","Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99","Warn: Project is vulnerable to: GHSA-3wf4-68gx-mph8","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-8mmm-9v2q-x3f9","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-36fh-84j7-cv5h","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55","Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g","Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j","Warn: Project is vulnerable to: GHSA-g954-5hwp-pp24","Warn: Project is vulnerable to: GHSA-h755-8qp9-cq85","Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp","Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6","Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm","Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5","Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3","Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-15T01:03:36.801Z","repository_id":37444332,"created_at":"2025-08-15T01:03:36.801Z","updated_at":"2025-08-15T01:03:36.801Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274300231,"owners_count":25259716,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-09T02:00:10.223Z","response_time":80,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["audit","best-practices","chrome-devtools","developer-tools","performance-analysis","performance-metrics","pwa","web"],"created_at":"2024-09-24T14:08:37.634Z","updated_at":"2025-09-09T20:25:41.821Z","avatar_url":"https://github.com/GoogleChrome.png","language":"JavaScript","readme":"This directory contains useful documentation, examples (keep reading),\nand [recipes](./recipes/) to get you started. For an overview of Lighthouse's\ninternals, see [Lighthouse Architecture](architecture.md).\n\n## Using programmatically\n\nThe example below shows how to run Lighthouse programmatically as a Node module. It\nassumes you've installed Lighthouse as a dependency (`yarn add --dev lighthouse`).\n\n```js\nimport fs from 'fs';\nimport lighthouse from 'lighthouse';\nimport * as chromeLauncher from 'chrome-launcher';\n\nconst chrome = await chromeLauncher.launch({chromeFlags: ['--headless']});\nconst options = {logLevel: 'info', output: 'html', onlyCategories: ['performance'], port: chrome.port};\nconst runnerResult = await lighthouse('https://example.com', options);\n\n// `.report` is the HTML report as a string\nconst reportHtml = runnerResult.report;\nfs.writeFileSync('lhreport.html', reportHtml);\n\n// `.lhr` is the Lighthouse Result as a JS object\nconsole.log('Report is done for', runnerResult.lhr.finalDisplayedUrl);\nconsole.log('Performance score was', runnerResult.lhr.categories.performance.score * 100);\n\nchrome.kill();\n```\n\n### Performance-only Lighthouse run\n\nMany modules consuming Lighthouse are only interested in the performance numbers.\nYou can limit the audits you run to a particular category or set of audits.\n\n```js\nconst flags = {onlyCategories: ['performance']};\nawait lighthouse(url, flags);\n```\n\nYou can also craft your own config (e.g. [experimental-config.js](https://github.com/GoogleChrome/lighthouse/blob/main/core/config/experimental-config.js)) for custom runs. Also see the [basic custom audit recipe](https://github.com/GoogleChrome/lighthouse/tree/main/docs/recipes/custom-audit).\n\n### Differences from CLI flags\n\nNote that some flag functionality is only available to the CLI. The set of shared flags that work in both node and CLI can be found [in our typedefs](https://github.com/GoogleChrome/lighthouse/blob/main/types/lhr/settings.d.ts#:~:text=interface%20SharedFlagsSettings). In most cases, the functionality is not offered in the node module simply because it is easier and more flexible to do it yourself.\n\n| CLI Flag | Differences in Node |\n| - | - |\n| `port` | Only specifies which port to use, Chrome is not launched for you. |\n| `chromeFlags` | Ignored, Chrome is not launched for you. |\n| `outputPath` | Ignored, output is returned as string in `.report` property. |\n| `saveAssets` | Ignored, artifacts are returned in `.artifacts` property. |\n| `view` | Ignored, use the `open` npm module if you want this functionality. |\n| `enableErrorReporting` | Ignored, error reporting is always disabled for node. |\n| `listAllAudits` | Ignored, not relevant in programmatic use. |\n| `listTraceCategories` | Ignored, not relevant in programmatic use. |\n| `configPath` | Ignored, pass the config in as the 3rd argument to `lighthouse`. |\n| `preset` | Ignored, pass the config in as the 3rd argument to `lighthouse`. |\n| `verbose` | Ignored, use `logLevel` instead. |\n| `quiet` | Ignored, use `logLevel` instead. |\n\n### Turn on logging\n\nIf you want to see log output as Lighthouse runs, set an appropriate logging level in your code and pass\nthe `logLevel` flag when calling `lighthouse`.\n\n```javascript\nconst flags = {logLevel: 'info'};\nawait lighthouse('https://example.com', flags);\n```\n\n## Configuration\nIn order to extend the Lighthouse configuration programmatically, you need to pass the config object as the 3rd argument. If omitted, a default configuration is used.\n\n**Example:**\n```js\n{\n  extends: 'lighthouse:default',\n  settings: {\n    onlyAudits: [\n      'first-meaningful-paint',\n      'speed-index',\n      'interactive',\n    ],\n  },\n}\n```\n\nYou can extend base configuration from [lighthouse:default](https://github.com/GoogleChrome/lighthouse/blob/main/core/config/default-config.js), or you can build up your own configuration from scratch to have complete control.\n\nFor more information on the types of config you can provide, see [Lighthouse Configuration](https://github.com/GoogleChrome/lighthouse/blob/main/docs/configuration.md).\n\n## Testing on a site with authentication\n\nWhen installed globally via `npm i -g lighthouse` or `yarn global add lighthouse`,\n`chrome-debug` is added to your `PATH`. This binary launches a standalone Chrome\ninstance with an open debugging port.\n\n1. Run `chrome-debug`. This will log the debugging port of your Chrome instance\n1. Navigate to your site and log in.\n1. In a separate terminal tab, run `lighthouse http://mysite.com --port port-number` using the port number from chrome-debug.\n\n## Testing on a site with an untrusted certificate\n\nWhen testing a site with an untrusted certificate, Chrome will be unable to load the page and so the Lighthouse report will mostly contain errors.\n\nIf this certificate **is one you control** and is necessary for development (for instance, `localhost` with a self-signed certificate for local HTTP/2 testing), we recommend you _add the certificate to your locally-trusted certificate store_. In Chrome, see `Settings` \u003e `Privacy and Security` \u003e `Manage certificates` or consult instructions for adding to the certificate store in your operating system.\n\nAlternatively, you can instruct Chrome to ignore the invalid certificate by adding the Lighthouse CLI flag `--chrome-flags=\"--ignore-certificate-errors\"`. However, you must be as careful with this flag as it's equivalent to browsing the web with TLS disabled. Any content loaded by the test page (e.g. third-party scripts or iframed ads) will *also* not be subject to certificate checks, [opening up avenues for MitM attacks](https://www.chromium.org/Home/chromium-security/education/tls#TOC-What-security-properties-does-TLS-give-me-). For these reasons, we recommend the earlier solution of adding the certificate to your local cert store.\n\n## Testing on a mobile device\n\nLighthouse can run against a real mobile device. You can follow the [Remote Debugging on Android (Legacy Workflow)](https://developer.chrome.com/devtools/docs/remote-debugging-legacy) up through step 3.3, but the TL;DR is install \u0026 run adb, enable USB debugging, then port forward 9222 from the device to the machine with Lighthouse.\n\nYou'll likely want to use the CLI flags `--screenEmulation.disabled --throttling.cpuSlowdownMultiplier=1 --throttling-method=provided` to disable any additional emulation.\n\n```sh\n$ adb kill-server\n\n$ adb devices -l\n* daemon not running. starting it now on port 5037 *\n* daemon started successfully *\n00a2fd8b1e631fcb       device usb:335682009X product:bullhead model:Nexus_5X device:bullhead\n\n$ adb forward tcp:9222 localabstract:chrome_devtools_remote\n\n$ lighthouse --port=9222 --screenEmulation.disabled --throttling.cpuSlowdownMultiplier=1 --throttling-method=provided https://example.com\n```\n\n## Lighthouse as trace processor\n\nLighthouse can be used to analyze trace and performance data collected from other tools (like WebPageTest and ChromeDriver). The `Trace` and `DevtoolsLog` artifact items can be provided using a string for the absolute path on disk if they're saved with `.trace.json` and `.devtoolslog.json` file extensions, respectively. The `DevtoolsLog` array is captured from the `Network` and `Page` domains (a la ChromeDriver's [enableNetwork and enablePage options](https://sites.google.com/a/chromium.org/chromedriver/capabilities#TOC-perfLoggingPrefs-object)).\n\nAs an example, here's a trace-only run that reports on user timings and critical request chains:\n\n### `config.json`\n\n```json\n{\n  \"settings\": {\n    \"auditMode\": \"/User/me/lighthouse/core/test/fixtures/artifacts/perflog/\",\n  },\n  \"audits\": [\n    \"user-timings\",\n    \"critical-request-chains\"\n  ],\n  \"categories\": {\n    \"performance\": {\n      \"name\": \"Performance Metrics\",\n      \"description\": \"These encapsulate your web app's performance.\",\n      \"audits\": [\n        {\"id\": \"user-timings\", \"weight\": 1},\n        {\"id\": \"critical-request-chains\", \"weight\": 1}\n      ]\n    }\n  }\n}\n```\n\nThen, run with: `lighthouse --config-path=config.json http://www.random.url`\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgooglechrome%2Flighthouse","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgooglechrome%2Flighthouse","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgooglechrome%2Flighthouse/lists"}