@playwright/browser-chromium Apache-2.0 16 versions

@playwright/browser-chromium

npm Repository Homepage

Playwright package that automatically installs Chromium

16

Versions

Apache-2.0

License

Yes

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

pavelfeldmanyurysdgozman-msplaywright-bot

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
maintainer-change	maintainer-removed	AI (maintainer-change): Maintainer roster change within Microsoft's Playwright org; not a takeover signal.	ai	2026/04/28
provenance	publisher-changed	AI (provenance): CI migration from playwright-bot to GitHub Actions; both are Microsoft's Playwright CI accounts.	ai	2026/04/28
publish-pattern	dormant-publish	AI (publish-pattern): Browser bundle packages follow Playwright release cadence; gaps between releases are expected and not indicative of takeover.	ai	2026/04/28
install-scripts	install-script:install	AI (install-scripts): Install script downloads Chromium binary — this is the documented and sole purpose of the @playwright/browser-chromium package.	ai	2026/04/25
bogus-package	bogus-package	AI (bogus-package): No-op index.js, short README, no keywords are expected for a browser-download shim package; all value is in the install script.	ai	2026/04/25

Versions (showing 16 of 16)

Version	Deps	Published
1.60.0	1 / 0	2026-05-11
1.59.1	1 / 0	2026-04-01
1.59.0	1 / 0	2026-04-01
1.58.2	1 / 0	2026-02-06
1.58.1	1 / 0	2026-01-30
1.58.0	1 / 0	2026-01-23
1.57.0	1 / 0	2025-11-25
1.56.1	1 / 0	2025-10-17
1.56.0	1 / 0	2025-10-06
1.55.0	1 / 0	2025-08-20
1.54.2	1 / 0	2025-08-01
1.54.1	1 / 0	2025-07-11
1.54.0	1 / 0	2025-07-10
1.53.2	1 / 0	2025-06-30
1.53.1	1 / 0	2025-06-18
1.53.0	1 / 0	2025-06-10

v1.60.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.59.1

2 findings

HIGH Package has 'install' script install-scripts

Script: node install.js

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.59.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.58.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.58.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.58.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.57.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.56.1

2 findings

HIGH Publisher changed: playwright-bot → GitHub Actions (on 2025-10-17) provenance

This version was published by a different npm account than previous versions on 2025-10-17. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.56.0

2 findings

HIGH Publisher changed: playwright-bot → GitHub Actions (on 2025-10-06) provenance

This version was published by a different npm account than previous versions on 2025-10-06. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.55.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.54.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.54.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.54.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.53.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.53.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.53.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.