← Home

agent-browser

npm Repository Homepage
7
Versions
License
Yes
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

matheussmatt.strakavercel-release-botzeit-bot

Keywords

browserautomationheadlesschromecdpcliagent

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): Vercel org migrated CI from vercel-release-bot to GitHub Actions; SLSA provenance confirms legitimate pipeline. ai
semgrep semgrep:silent-process-exec AI (semgrep): Detached daemon is the documented architecture for this browser automation CLI. ai
semgrep semgrep:silent-process-exec-var AI (semgrep): Same daemon spawn pattern; expected for background browser service. ai
semgrep semgrep:env-spread AI (semgrep): Passes session config to daemon subprocess; standard pattern for this package. ai
provenance no-provenance AI (provenance): Common for this publisher's workflow; low-risk given trusted publisher. ai
npm-metadata bundled-binaries AI (npm-metadata): Binaries are Rust-compiled platform targets built via documented cargo build scripts in the vercel-labs repo. ai
install-scripts install-script:postinstall AI (install-scripts): Postinstall selects platform-appropriate prebuilt binary; consistent with native CLI distribution pattern from Vercel org. ai

Versions (showing 7 of 7)

Version Deps Published
0.27.1 0 / 0
0.26.0 0 / 0
0.19.0 5 / 11
0.7.0 3 / 10
0.1.2 2 / 6
0.1.1 2 / 6
0.1.0 2 / 5

v0.27.1

2 findings
HIGH Publisher changed: vercel-release-bot → GitHub Actions (on 2026-06-01) provenance

This version was published by a different npm account than previous versions on 2026-06-01. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.2

4 findings
HIGH silent-process-exec: src/client.ts:55 semgrep

Silent detached process — runs invisibly in the background (reverse shells, miners) 53 | debug('Starting daemon...'); 54 | const daemonPath = path.join(__dirname, 'daemon.js'); > 55 | const child = spawn(process.execPath, [daemonPath], { 56 | detached: true, 57 | stdio: 'ignore',

HIGH silent-process-exec-var: src/client.ts:55 semgrep

Silent detached process — runs invisibly in the background (reverse shells, miners) 53 | debug('Starting daemon...'); 54 | const daemonPath = path.join(__dirname, 'daemon.js'); > 55 | const child = spawn(process.execPath, [daemonPath], { 56 | detached: true, 57 | stdio: 'ignore',

HIGH env-spread: src/client.ts:58 semgrep

Spreading entire process.env into an object — may capture all secrets 56 | detached: true, 57 | stdio: 'ignore', > 58 | env: { ...process.env, AGENT_BROWSER_DAEMON: '1', AGENT_BROWSER_SESSION: session }, 59 | }); 60 | child.unref();

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.1

4 findings
HIGH silent-process-exec: src/client.ts:55 semgrep

Silent detached process — runs invisibly in the background (reverse shells, miners) 53 | debug('Starting daemon...'); 54 | const daemonPath = path.join(__dirname, 'daemon.js'); > 55 | const child = spawn(process.execPath, [daemonPath], { 56 | detached: true, 57 | stdio: 'ignore',

HIGH silent-process-exec-var: src/client.ts:55 semgrep

Silent detached process — runs invisibly in the background (reverse shells, miners) 53 | debug('Starting daemon...'); 54 | const daemonPath = path.join(__dirname, 'daemon.js'); > 55 | const child = spawn(process.execPath, [daemonPath], { 56 | detached: true, 57 | stdio: 'ignore',

HIGH env-spread: src/client.ts:58 semgrep

Spreading entire process.env into an object — may capture all secrets 56 | detached: true, 57 | stdio: 'ignore', > 58 | env: { ...process.env, AGENT_BROWSER_DAEMON: '1', AGENT_BROWSER_SESSION: session }, 59 | }); 60 | child.unref();

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.0

4 findings
HIGH silent-process-exec: src/client.ts:55 semgrep

Silent detached process — runs invisibly in the background (reverse shells, miners) 53 | debug('Starting daemon...'); 54 | const daemonPath = path.join(__dirname, 'daemon.js'); > 55 | const child = spawn(process.execPath, [daemonPath], { 56 | detached: true, 57 | stdio: 'ignore',

HIGH silent-process-exec-var: src/client.ts:55 semgrep

Silent detached process — runs invisibly in the background (reverse shells, miners) 53 | debug('Starting daemon...'); 54 | const daemonPath = path.join(__dirname, 'daemon.js'); > 55 | const child = spawn(process.execPath, [daemonPath], { 56 | detached: true, 57 | stdio: 'ignore',

HIGH env-spread: src/client.ts:58 semgrep

Spreading entire process.env into an object — may capture all secrets 56 | detached: true, 57 | stdio: 'ignore', > 58 | env: { ...process.env, AGENT_BROWSER_DAEMON: '1', AGENT_BROWSER_SESSION: session }, 59 | }); 60 | child.unref();

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.