Skip to main content

Praman 1.3.4: Playwright 1.61, Web Storage Fixture, Native Timestamps, and Security Hardening

· 5 min read
Maheshwar Kanitkar
Creator of Praman

Praman 1.3.4 is now available on npm. This release brings Playwright 1.61 support with 5 new feature flags, a typed Web Storage fixture for localStorage/sessionStorage operations, native screencast frame timestamps, security fixes resolving 5 vulnerabilities, and CI hardening with floor+ceiling Playwright validation.

What changed since v1.3.3

Ten commits landed between v1.3.3 and v1.3.4, covering Playwright 1.61 compatibility, a new Web Storage fixture, screencast precision improvements, security vulnerability resolution, and CI pipeline enhancements.


Playwright 1.61 — 5 New Feature Flags

Praman now detects and gates Playwright 1.61 APIs via 5 new feature flags in the internal PlaywrightFeatures interface:

Feature flagAPI gatedWhat it enables
hasWebAuthnCredentialsbrowserContext.credentialsWebAuthn credential management for passkey testing
hasWebStorageAPIpage.localStorage / sessionStorageTyped access to browser storage without evaluate()
hasSoftPollexpect.soft.poll()Soft assertion polling for non-blocking checks
hasScreencastTimestampNative onFrame timestampsMicrosecond-precise frame timing from the browser
hasVideoRetainModeson-all-retries, retain-on-*Granular video recording retention strategies

All flags are auto-detected at runtime. On Playwright < 1.61, all return false with zero behavior change. The peer dependency range remains ">=1.57.0 <2.0.0" — Playwright 1.61 already falls within range, so no package.json changes are needed.


Web Storage Fixture

The headline feature of this release: a typed fixture for seeding and inspecting browser storage without page.evaluate():

import { test } from 'playwright-praman';

test('configure app via localStorage', async ({ webStorage }) => {
// Bulk seed before navigation
await webStorage.localStorage.seed({
theme: 'dark',
language: 'en',
featureFlags: JSON.stringify({ newUI: true }),
});

// Individual operations
await webStorage.sessionStorage.setItem('sessionToken', 'abc123');
const token = await webStorage.sessionStorage.getItem('sessionToken');

// Inspection
const allLocal = await webStorage.localStorage.items(); // Record<string, string>
const count = await webStorage.localStorage.size(); // number

// Cleanup
await webStorage.localStorage.clear();
});

API Surface

Both webStorage.localStorage and webStorage.sessionStorage expose the same WebStorageHelper interface:

MethodSignatureDescription
setItem(key: string, value: string) => Promise<void>Set a single key-value pair
getItem(key: string) => Promise<string | null>Get value by key
removeItem(key: string) => Promise<void>Remove a single key
items() => Promise<Record<string, string>>Get all entries as a record
seed(entries: Record<string, string>) => Promise<void>Bulk-set multiple pairs
clear() => Promise<void>Clear all entries
size() => Promise<number>Count of stored entries

Feature Gate

The fixture is gated behind hasWebStorageAPI. On Playwright < 1.61, it throws a PramanError with code ERR_COMPAT_FEATURE_UNAVAILABLE and actionable suggestions:

PramanError: Web Storage fixture requires Playwright 1.61+
Suggestions:
- Upgrade Playwright: npm install @playwright/test@latest
- Use page.evaluate() as a fallback for older versions

When to Use

Use the Web Storage fixture instead of page.evaluate() when you need to:

  • Seed configuration before navigating to an SAP Fiori app (theme, language, feature flags)
  • Inject tokens for apps that read auth state from localStorage
  • Verify storage side effects after user interactions (form drafts, preferences)
  • Clear storage between test steps for isolation

The typed API catches key/value type errors at compile time and the fixture integrates with Praman's test lifecycle (placed after auth, before navigation in the fixture chain).


Native Screencast Frame Timestamps

The screencast fixture now uses native browser-provided frame timestamps on Playwright 1.61+. Previously, all frame timestamps were synthetic (Date.now() - startTime). The native timestamps come directly from the browser's rendering pipeline with microsecond alignment.

Impact: More precise timing for frame-level analysis, video synchronization, and performance measurement. The ScreencastFrame.timestamp type and semantics are unchanged (milliseconds since recording start) — this is a transparent precision improvement.

Backward compatible: Falls back to synthetic timestamps on Playwright < 1.61.


Security Hardening

This release resolves 5 security vulnerabilities:

PackageSeverityIssueFix
viteHighWindows server.fs.deny bypassUpgraded 8.0.6 → 8.1.3
esbuildHighArbitrary file read on Windowsnpm override → 0.28.1
undiciHigh7 advisories (TLS, WebSocket, SOCKS)Upgraded 7.24.7 → 7.28.0
linkify-itHighQuadratic complexity DoSUpgraded 5.0.0 → 5.0.2
tarModerateFile smuggling via PAX headersUpgraded 7.5.15 → 7.5.16

The remaining 8 alerts are all in @ui5/mcp-server's transitive @sigstore/core dependency chain — no fix is available until SAP publishes an updated package.


CI Pipeline: Floor + Ceiling Validation

The CI workflow now validates Playwright compatibility at both boundaries:

playwright-floor (1.57.0) → build + full test suite pass
playwright-ceiling (latest) → build + full test suite + verify 1.61 flags active

This ensures every commit maintains backward compatibility with the minimum supported Playwright version while also verifying that new feature flags activate correctly on the latest release.

Additional CI improvements:

  • actions/checkout upgraded v5 → v7 (security hardening for pull_request_target)
  • github/codeql-action upgraded to 4.36.2

New Error Category: Compat

A new error category for feature-availability errors:

throw new PramanError({
code: ErrorCode.ERR_COMPAT_FEATURE_UNAVAILABLE,
message: 'Web Storage fixture requires Playwright 1.61+',
attempted: 'Access page.localStorage / page.sessionStorage API',
retryable: false,
suggestions: [
'Upgrade Playwright: npm install @playwright/test@latest',
'Use page.evaluate() as a fallback for older versions',
],
});

This brings the total to 78 error codes across 18 categories. Every Praman error includes structured metadata: code, attempted, retryable, and suggestions[] — making errors actionable for both humans and AI agents.


Dependency Updates

CategoryPackages
Playwright@playwright/test 1.60.0 → 1.61.1
AI/LLM@anthropic-ai/sdk 0.100.1 → 0.110.0
CLIcommander 14.0.3 → 15.0.0
Testingvitest + @vitest/coverage-v8 → 4.1.9
Telemetry@opentelemetry/* suite upgraded
SAP tooling@ui5/mcp-server 0.2.12 → 0.2.14
Buildesbuild 0.28.0 → 0.28.1 (override for tsup nested dep)
Linting@commitlint/cli 21.0.2 → 21.2.0

35 dev dependencies upgraded in total.


Upgrade Guide

npm install [email protected]

No configuration changes required. All new features are either:

  • Auto-detected (feature flags activate when PW 1.61+ is detected)
  • Opt-in (Web Storage fixture only activates when webStorage is destructured in a test)

If you're on Playwright < 1.61, everything continues to work unchanged. To access the Web Storage fixture, upgrade Playwright:

npm install @playwright/test@latest

What's Next

  • WebAuthn credentials fixture — passkey/FIDO2 testing for SAP systems with biometric auth
  • expect.soft.poll() wrapper — non-blocking assertions that retry without failing the test
  • Playwright 1.62 tracking — compat layer ready for the next release cycle

Praman 1.3.4 is available on npm. Report issues on GitHub.