Web Scanning

网页扫描

Supported Audit Methods

支持的审计方法

Method	Tool	When to Use
Runtime scan	axe-core CLI	Live URL available (dev server or production)
Code review	Agent specialists	Source code available in workspace
Both	axe-core + agents	Most comprehensive - catches issues from both angles

方法	工具	适用场景
运行时扫描	axe-core CLI	有可用的实时URL（开发服务器或生产环境）
代码评审	Agent specialists	工作区存在源代码
两者结合	axe-core + agents	最全面的方案 - 可从两个维度捕获问题

Runtime Scanning Commands

运行时扫描命令

axe-core CLI

bash

undefined

bash

undefined

Single page scan (WCAG 2.2 AA)

npx @axe-core/cli <URL> --tags wcag2a,wcag2aa,wcag21a,wcag21aa

Save results to JSON

npx @axe-core/cli <URL> --tags wcag2a,wcag2aa,wcag21a,wcag21aa --save ACCESSIBILITY-SCAN.json

Multiple pages

npx @axe-core/cli <URL1> <URL2> <URL3> --tags wcag2a,wcag2aa,wcag21a,wcag21aa --save ACCESSIBILITY-SCAN.json

With Chrome flags (headless)

npx @axe-core/cli <URL> --tags wcag2a,wcag2aa,wcag21a,wcag21aa --chrome-flags="--headless --no-sandbox"

undefined

npx @axe-core/cli <URL> --tags wcag2a,wcag2aa,wcag21a,wcag21aa --chrome-flags="--headless --no-sandbox"

undefined

axe-core Tag Reference

axe-core标签参考

Tag	Standard
wcag2a	WCAG 2.0 Level A
wcag2aa	WCAG 2.0 Level AA
wcag21a	WCAG 2.1 Level A
wcag21aa	WCAG 2.1 Level AA
wcag22aa	WCAG 2.2 Level AA
best-practice	Best practices (not WCAG required)

标签	对应标准
wcag2a	WCAG 2.0 Level A
wcag2aa	WCAG 2.0 Level AA
wcag21a	WCAG 2.1 Level A
wcag21aa	WCAG 2.1 Level AA
wcag22aa	WCAG 2.2 Level AA
best-practice	最佳实践（非WCAG强制要求）

Screenshot Capture

截图捕获

capture-website-cli (preferred - lightweight)

capture-website-cli（推荐 - 轻量）

bash

undefined

bash

undefined

Full-page screenshot

npx capture-website-cli "<URL>" --output="screenshots/<page>.png" --full-page --type=png

With viewport

npx capture-website-cli "<URL>" --output="screenshots/<page>.png" --full-page --width=1280 --height=720

Mobile viewport

npx capture-website-cli "<URL>" --output="screenshots/<page>-mobile.png" --full-page --width=375 --height=812

With delay for JS-rendered content

npx capture-website-cli "<URL>" --output="screenshots/<page>.png" --full-page --delay=3

undefined

npx capture-website-cli "<URL>" --output="screenshots/<page>.png" --full-page --delay=3

undefined

Playwright (fallback)

Playwright（备选方案）

bash

npx playwright screenshot --browser chromium --full-page --wait-for-timeout 3000 "<URL>" "screenshots/<page>.png"

bash

npx playwright screenshot --browser chromium --full-page --wait-for-timeout 3000 "<URL>" "screenshots/<page>.png"

Page Discovery for Multi-Page Audits

多页面审计的页面发现

Crawl Depth Modes

爬取深度模式

Mode	Behavior	Max Pages
Current page only	Scan single URL	1
Key pages	User-provided list	User-defined
Full site crawl	Follow internal links	50 (default cap)

模式	行为	最大页面数
仅当前页面	扫描单个URL	1
关键页面	用户提供的URL列表	用户自定义
全站爬取	跟踪所有内部链接	50（默认上限）

Sitemap-based Discovery

基于站点地图的发现

bash

undefined

bash

undefined

Check for sitemap

curl -s <BASE_URL>/sitemap.xml | head -20

Extract URLs from sitemap

curl -s <BASE_URL>/sitemap.xml | grep -oP '<loc>\K[^<]+' | head -50

undefined

curl -s <BASE_URL>/sitemap.xml | grep -oP '<loc>\K[^<]+' | head -50

undefined

Link-based Crawling

基于链接的爬取

When crawling from a start URL:

Follow only same-domain links
Skip anchor links (#), mailto:, tel:, javascript: links
Skip file downloads (.pdf, .zip, .doc, etc.)
Respect robots.txt
Cap at 50 pages unless user overrides
Track visited URLs to avoid duplicates

从起始URL开始爬取时：

仅跟踪同域名链接
跳过锚点链接(#)、mailto:、tel:、javascript:类链接
跳过文件下载链接（.pdf、.zip、.doc等）
遵守robots.txt规则
除非用户另行指定，否则最多爬取50个页面
跟踪已访问URL避免重复爬取

Framework Detection

框架检测

Detect the framework from workspace files to enable framework-specific scanning:

Indicator	Framework
`package.json` contains `react`	React
`package.json` contains `next`	Next.js
`package.json` contains `vue`	Vue
`package.json` contains `@angular/core`	Angular
`package.json` contains `svelte`	Svelte
`.jsx` / `.tsx` files present	React/Next.js
`.vue` files present	Vue
`angular.json` present	Angular
`.svelte` files present	Svelte
Only `.html` files	Vanilla HTML

从工作区文件检测框架，以启用针对特定框架的扫描：

判断标识	框架
`package.json` 包含 `react`	React
`package.json` 包含 `next`	Next.js
`package.json` 包含 `vue`	Vue
`package.json` 包含 `@angular/core`	Angular
`package.json` 包含 `svelte`	Svelte
存在 `.jsx` / `.tsx` 文件	React/Next.js
存在 `.vue` 文件	Vue
存在 `angular.json` 文件	Angular
存在 `.svelte` 文件	Svelte
仅存在 `.html` 文件	原生HTML

Source Code File Patterns

源代码文件匹配规则

When doing code review, scan these file patterns:

bash

undefined

进行代码评审时，扫描以下匹配规则的文件：

bash

undefined

HTML files

**/*.html

Component files (framework-specific)

**/.jsx **/.tsx **/.vue **/.svelte **/.component.ts **/.component.html

Style files (for contrast/visual checks)

**/.css **/.scss **/.less **/.module.css

Config files (for framework detection)

package.json next.config.* nuxt.config.* angular.json svelte.config.* tailwind.config.*

undefined

package.json next.config.* nuxt.config.* angular.json svelte.config.* tailwind.config.*

undefined

Scan Configuration

扫描配置

Web Scan Config File:

.a11y-web-config.json

网页扫描配置文件:

.a11y-web-config.json

json

{
  "profile": "standard",
  "wcagLevel": "AA",
  "wcagVersion": "2.2",
  "axeTags": ["wcag2a", "wcag2aa", "wcag21a", "wcag21aa"],
  "maxPages": 50,
  "screenshots": false,
  "framework": "auto",
  "ignore": {
    "paths": ["node_modules/**", "dist/**", "build/**", ".next/**"],
    "rules": []
  }
}

json

{
  "profile": "standard",
  "wcagLevel": "AA",
  "wcagVersion": "2.2",
  "axeTags": ["wcag2a", "wcag2aa", "wcag21a", "wcag21aa"],
  "maxPages": 50,
  "screenshots": false,
  "framework": "auto",
  "ignore": {
    "paths": ["node_modules/**", "dist/**", "build/**", ".next/**"],
    "rules": []
  }
}

Scan Profiles

扫描配置集

Profile	Phases	Thoroughness
Quick	1, 3, 4, 9	Errors and critical only
Standard	All (1-9)	Errors and warnings
Deep	All + extras	All severities + animation, cognitive, touch

配置集	执行阶段	完备度
快速模式	1, 3, 4, 9	仅检测错误和严重问题
标准模式	全部（1-9）	检测错误和警告
深度模式	全部+额外检查	所有严重级别问题 + 动画、认知、触摸相关问题

web-scanning

Original

Translation

Web Scanning

网页扫描

Supported Audit Methods

支持的审计方法

Runtime Scanning Commands

运行时扫描命令

axe-core CLI

axe-core CLI

Single page scan (WCAG 2.2 AA)

Single page scan (WCAG 2.2 AA)

Save results to JSON

Save results to JSON

Multiple pages

Multiple pages

With Chrome flags (headless)

With Chrome flags (headless)

axe-core Tag Reference

axe-core标签参考

Screenshot Capture

截图捕获

capture-website-cli (preferred - lightweight)

capture-website-cli（推荐 - 轻量）

Full-page screenshot

Full-page screenshot

With viewport

With viewport

Mobile viewport

Mobile viewport

With delay for JS-rendered content

With delay for JS-rendered content

Playwright (fallback)

Playwright（备选方案）

Page Discovery for Multi-Page Audits

多页面审计的页面发现

Crawl Depth Modes

爬取深度模式

Sitemap-based Discovery

基于站点地图的发现

Check for sitemap

Check for sitemap

Extract URLs from sitemap

Extract URLs from sitemap

Link-based Crawling

基于链接的爬取

Framework Detection

框架检测

Source Code File Patterns

源代码文件匹配规则

HTML files

HTML files

Component files (framework-specific)

Component files (framework-specific)

Style files (for contrast/visual checks)

Style files (for contrast/visual checks)

Config files (for framework detection)

Config files (for framework detection)

Scan Configuration

扫描配置

Web Scan Config File: .a11y-web-config.json

网页扫描配置文件: .a11y-web-config.json

Scan Profiles

扫描配置集

Web Scan Config File:
`.a11y-web-config.json`

网页扫描配置文件:
`.a11y-web-config.json`