Update detect-browser method for Browser Meta Data in Client Logs

apache / flagon-useralejs

Apache Flagon UserALE is a comprehensive, thin-client behavioral logging tool

https://flagon.apache.org/

Apache License 2.0

26 stars 26 forks source link

Update detect-browser method for Browser Meta Data in Client Logs #71

Open poorejc opened 3 years ago

poorejc commented 3 years ago

current method is 'detect-browser'. Adds run-time dependencies (overhead).

explore more modern fingerprinting methods as alternative:

example of such a library: fingerprintjs

UncleGedd commented 3 years ago

The detect-browser library currently sits at 25 kb, while fingerprintjs is 256 kb. Is the goal of this ticket to swap detect-browser with something more modern or to roll our own browser detection to remove our one and only runtime dependency?

confusingstraw commented 3 years ago

i think they offer two different things. detect-browser tells us which browser we're running in (mostly via a set of User-Agent regexs), fingerprintjs tries to identify the individual computer that is running the page. it does this by gathering a bunch of runtime info about the browser (which APIs/hardware are available, how do they look, etc.) and generating a fingerprint.

my suggestion before was that we could probably just do our own detect-browser work, and remain dependency-free. the fingerprintjs mention was a bit tangential, as user identification has been of interest to the project before.

UncleGedd commented 3 years ago

Trying a couple of things here:

Using a duck-typing feature detection method to detect the browser (see this SO post). This is fancy and all but it's not accurate on my version of Chrome 90
Basically replicating what detect-browser is doing by looking at the user agent

Jyyjy commented 6 months ago

Anyone opposed to replacing detect-browser with logging the raw user agent?

Most user agent strings are pretty human readable.
There are no edge cases of unconventional user agent strings that may be parsed incorrectly.
Eliminates a dependencies.
There's more info in a user agent string than just browser and version.

UncleGedd commented 6 months ago

Hey @Jyyjy that sounds fine and good. If you didn't want to introduce a breaking change (ie. removing detect-browser) we could create an option (something like rawUserAgent) that could be set in userale.options()

Jyyjy commented 6 months ago

Hey @Jyyjy that sounds fine and good. If you didn't want to introduce a breaking change (ie. removing detect-browser) we could create an option (something like rawUserAgent) that could be set in userale.options()

How about adding the user-agent field to the logs, and marking the detect-browser field as deprecated? Assuming that's what we want in a future release.

If it's important to have the option for a parsed browser field, then I think ua-parser-js is better than detect-browser because it parses all user agent fields.

Also, shouldn't detect-browser as it is now be a dependency, not a devDependency? It's required for the package to run.