Web Automation

What Is rebrowser-patches?

What Is rebrowser-patches? - conceptual illustration
On this page

rebrowser-patches is an open-source set of drop-in patches for Puppeteer and Playwright that changes how those libraries set up their CDP execution contexts. Its focus is the so-called "Runtime.enable leak" - a signal some anti-bot systems check for. The patches can be applied to an existing install through a command-line tool or consumed as pre-patched npm packages (rebrowser-puppeteer, rebrowser-playwright), and they are designed to require no changes to your own code. It is MIT-licensed.

Quick facts

TargetsPuppeteer and Playwright (patch or pre-patched packages)
AddressesThe Runtime.enable CDP execution-context signal
Apply vianpx rebrowser-patches patch --packageName puppeteer-core
LicenseMIT
ScopeCDP context wiring only - not TLS, IP, or JS fingerprint

The Runtime.enable signal

To run JavaScript in a page, Puppeteer and Playwright need to know the page's CDP execution context. By default they obtain it by issuing the CDP command Runtime.enable, which tells Chrome to emit execution-context events. The side effect is that calling Runtime.enable is observable from inside the page, which gives an anti-bot system a signal that a DevTools client is attached - the same leak covered in detail under CDP detection. rebrowser-patches avoids the automatic Runtime.enable on each frame and obtains or creates the execution context by other means.

How the patch works

The patch offers selectable modes for wiring up execution contexts without the default automatic call. In the default addBinding mode it creates a binding in the main world and recovers the context ID that way; an alwaysIsolated mode works only in isolated contexts created via Page.createIsolatedWorld; and an enableDisable mode calls Runtime.enable then immediately Runtime.disable to capture the context events within a narrower window. Functionally the API is unchanged - it is a drop-in replacement - and the only behavioural difference is how and when execution contexts are established at the CDP layer.

What it does and does not cover

rebrowser-patches is narrowly and deliberately scoped: it addresses one specific CDP-layer signal and nothing else. It does not touch the TLS fingerprint, the IP you connect from, or the JavaScript fingerprint surface that a plugin like puppeteer-extra-stealth targets. That focus is a strength - it is current and maintained against recent Puppeteer and Playwright versions - but it means rebrowser is one layer to combine with others rather than a complete approach. A real-world detector weighs many signals, and closing the Runtime.enable one leaves the rest unchanged.

Code example

bash
# rebrowser-patches is applied to an existing Puppeteer/Playwright install
# (or used via the pre-patched npm packages). It changes how CDP execution
# contexts are created so the automatic Runtime.enable call is avoided.

# Patch an existing install:
npx rebrowser-patches@latest patch --packageName puppeteer-core

# Revert:
npx rebrowser-patches@latest unpatch --packageName puppeteer-core

# Or install a pre-patched drop-in instead of the original package:
#   npm install rebrowser-puppeteer
#   npm install rebrowser-playwright
#
# Scope: this addresses ONLY the Runtime.enable signal. TLS, IP, and the JS
# fingerprint surface are unchanged - combine with other layers.

Related terms

What Is CDP Detection?
CDP detection is the family of techniques anti-bot scripts use to tell that a browser is being driven through the Chrome DevTools Protocol (…
What Is Puppeteer?
Puppeteer is Google's Node.js library for driving a Chromium browser from code, over the Chrome DevTools Protocol (CDP) - the same channel C…
What Is Playwright?
Playwright is a cross-browser automation framework from Microsoft that drives Chromium, Firefox, and WebKit through a single API. An automat…
What Is puppeteer-extra-plugin-stealth?
puppeteer-extra-plugin-stealth is an open-source plugin for the puppeteer-extra wrapper that bundles a collection of independent "evasion mo…
What Is Headless Browser Detection?
Headless browser detection is the set of probes anti-bot systems use to distinguish a headless or instrumented Chrome session from a real us…
What Is nodriver?
nodriver is an open-source, asynchronous Python library that drives Chrome directly over the Chrome DevTools Protocol (CDP), with no Seleniu…
What Is undetected-chromedriver?
undetected-chromedriver is an open-source Python library that provides a patched version of Selenium's ChromeDriver. It is a near drop-in re…
What Is zendriver?
zendriver is an open-source, community-maintained fork of nodriver. It keeps the same fundamental design - an async-first Python framework t…
What Is selenium-driverless?
selenium-driverless is an open-source Python framework that drives Chrome over the Chrome DevTools Protocol (CDP) directly, without launchin…

Concept map

How rebrowser-patches connects

The terms most directly tied to this one. Hover a node to see its neighbours, click to preview, drag to rearrange.

0 terms · 0 connections
You are here · Web Automation
Building map…

Frequently asked questions

What is rebrowser-patches?

It is an open-source set of drop-in patches for Puppeteer and Playwright that changes how they create CDP execution contexts in order to address the Runtime.enable leak. It can be applied to an existing install or used as pre-patched npm packages, with no changes to your own code.

What is the Runtime.enable leak?

To execute JavaScript in a page, Puppeteer and Playwright by default issue the CDP command Runtime.enable to learn the page's execution context. That call is observable from inside the page, giving an anti-bot system a signal that a DevTools client is attached. rebrowser avoids the automatic call.

Is rebrowser-patches a complete solution on its own?

No. It is narrowly scoped to one CDP-layer signal. It does not change your TLS fingerprint, your IP, or the JavaScript fingerprint surface, so it is one layer to combine with others rather than a complete approach. A detector weighs many signals.

How do I apply rebrowser-patches?

You can run its CLI against an existing install, for example 'npx rebrowser-patches@latest patch --packageName puppeteer-core', and revert with the unpatch command. Alternatively you can install the pre-patched packages such as rebrowser-puppeteer or rebrowser-playwright. It is MIT-licensed.

Last updated: 2026-06-15