← Home

@playwright/browser-firefox

npm Repository Homepage

Playwright package that automatically installs Firefox

10
Versions
Apache-2.0
License
Yes
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

pavelfeldmanyurysdgozman-msplaywright-bot

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
publish-pattern dormant-publish AI (publish-pattern): Browser sub-packages in Playwright may have irregular publish cadences; SLSA provenance attestation confirms CI/CD origin, ruling out account takeover for this package. ai
install-scripts install-script:install AI (install-scripts): Install script downloads Firefox browser binary; this is the documented and expected behavior for @playwright/browser-firefox. ai
bogus-package bogus-package AI (bogus-package): No-op index.js and minimal README are expected — package's purpose is the install script that fetches Firefox, not runtime code. ai

Versions (showing 10 of 10)

Version Deps Published
1.60.0 1 / 0
1.59.1 1 / 0
1.59.0 1 / 0
1.58.2 1 / 0
1.58.1 1 / 0
1.58.0 1 / 0
1.57.0 1 / 0
1.54.2 1 / 0
1.53.2 1 / 0
1.53.0 1 / 0

v1.60.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.59.1

2 findings
HIGH Package has 'install' script install-scripts

Script: node install.js

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.59.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.58.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.58.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.58.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.57.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.54.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.53.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.53.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.