chromium-bidi — Greenflagged

An implementation of the WebDriver BiDi protocol for Chromium implemented as a JavaScript layer translating between BiDi and CDP, running inside a Chrome tab.

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

mathiasgoogle-wombot

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Google's chromium-bidi migrated from google-wombot bot account to GitHub Actions OIDC publishing — a standard, expected transition for Google OSS packages. SLSA provenance attestation confirms legitimate CI/CD origin.	ai	2026/04/24
semgrep	semgrep:base64-decode	AI (semgrep): Base64 decode is a legitimate utility in a WebDriver BiDi implementation for encoding/decoding protocol data. The code is transparent and non-obfuscated.	ai	2026/04/23
phantom-deps	phantom-dep:puppeteer	AI (phantom-deps): puppeteer is a runtime dep in package.json; phantom-dep fires because it's not directly imported in source, consistent with config-level integration in this Chrome automation library.	ai	2026/04/23

Versions (showing 100 of 137)

Version	Deps	Published
16.0.1	2 / 44	2026-05-12
15.0.0	2 / 44	2026-02-11
14.0.0	2 / 44	2026-02-11
13.1.1	2 / 44	2026-02-02
13.1.0	3 / 44	2026-01-29
13.0.1	2 / 44	2026-01-21
13.0.0	2 / 44	2026-01-20
12.1.0	2 / 44	2026-01-14
12.0.1	2 / 44	2025-12-15
12.0.0	2 / 44	2025-12-12
11.0.1	2 / 44	2025-11-14
11.0.0	2 / 45	2025-11-07
10.6.1	2 / 46	2025-10-31
10.6.0	2 / 46	2025-10-20
10.5.1	2 / 46	2025-10-18
10.5.0	2 / 46	2025-10-17
10.4.0	2 / 46	2025-10-15
10.3.1	2 / 46	2025-10-15
10.3.0	2 / 46	2025-10-14
10.2.0	2 / 46	2025-10-10
10.1.0	2 / 46	2025-10-09
10.0.0	2 / 46	2025-10-07
9.2.1	2 / 46	2025-10-02
9.2.0	2 / 46	2025-09-29
9.1.0	2 / 46	2025-09-23
9.0.0	2 / 46	2025-09-10
8.1.0	2 / 46	2025-09-05
8.0.0	2 / 46	2025-08-13
7.3.2	2 / 46	2025-08-08
7.3.1	2 / 46	2025-08-07
7.3.0	2 / 46	2025-08-07
7.2.0	2 / 46	2025-07-21
7.1.1	2 / 46	2025-07-16
7.1.0	2 / 46	2025-07-10
7.0.0	2 / 46	2025-06-27
6.1.0	2 / 46	2025-06-25
6.0.0	2 / 46	2025-06-17
5.3.1	2 / 46	2025-05-23
5.3.0	2 / 46	2025-05-22
5.2.0	2 / 46	2025-05-15
5.1.0	2 / 48	2025-05-06
5.0.0	2 / 48	2025-05-05
4.2.0	2 / 48	2025-05-02
4.1.1	2 / 48	2025-04-24
4.1.0	2 / 48	2025-04-23
4.0.1	2 / 48	2025-04-17
4.0.0	2 / 48	2025-04-14
3.2.1	2 / 48	2025-04-03
3.2.0	2 / 48	2025-03-31
3.1.0	2 / 48	2025-03-28
3.0.0	2 / 48	2025-03-12
2.1.2	2 / 48	2025-03-03
2.1.1	2 / 48	2025-02-28
2.1.0	2 / 48	2025-02-28
2.0.0	2 / 47	2025-02-19
1.3.0	2 / 47	2025-02-06
1.2.0	2 / 47	2025-01-28
1.1.0	2 / 47	2025-01-17
1.0.0	2 / 47	2025-01-15
0.12.0	2 / 47	2025-01-03
0.11.1	2 / 48	2024-12-18
0.11.0	2 / 48	2024-12-17
0.10.2	2 / 48	2024-12-12
0.10.1	3 / 49	2024-11-25
0.10.0	3 / 49	2024-11-15
0.9.1	3 / 49	2024-11-06
0.9.0	3 / 49	2024-10-23
0.8.1	3 / 49	2024-10-11
0.8.0	3 / 49	2024-09-30
0.7.1	3 / 49	2024-09-16
0.7.0	3 / 50	2024-09-05
0.6.5	3 / 49	2024-08-29
0.6.4	3 / 44	2024-08-05
0.6.3	3 / 44	2024-07-26
0.6.2	3 / 44	2024-07-22
0.6.1	3 / 44	2024-07-12
0.6.0	3 / 44	2024-06-28
0.5.24	3 / 44	2024-06-17
0.5.23	3 / 45	2024-06-11
0.5.22	3 / 45	2024-06-10
0.5.21	3 / 45	2024-06-07
0.5.20	3 / 45	2024-05-31
0.5.19	3 / 45	2024-04-24
0.5.18	3 / 45	2024-04-23
0.5.17	3 / 45	2024-04-10
0.5.16	3 / 45	2024-03-27
0.5.15	3 / 45	2024-03-26
0.5.14	3 / 45	2024-03-21
0.5.13	3 / 47	2024-03-15
0.5.12	2 / 50	2024-02-29
0.5.11	2 / 50	2024-02-23
0.5.10	2 / 49	2024-02-22
0.5.9	2 / 49	2024-02-07
0.5.8	2 / 49	2024-01-31
0.5.7	2 / 49	2024-01-30
0.5.6	2 / 49	2024-01-29
0.5.5	2 / 49	2024-01-25
0.5.4	2 / 48	2024-01-18
0.5.3	2 / 47	2024-01-10
0.5.2	2 / 48	2023-12-15

Showing 100 of 137 Next page →

v16.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v15.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v14.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v13.1.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v13.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v13.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v13.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v12.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v12.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v12.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.6.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.6.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.5.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.5.0

2 findings

HIGH Publisher changed: google-wombot → GitHub Actions (on 2025-10-17) provenance

This version was published by a different npm account than previous versions on 2025-10-17. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.4.0

2 findings

HIGH Publisher changed: google-wombot → GitHub Actions (on 2025-10-15) provenance

This version was published by a different npm account than previous versions on 2025-10-15. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.