← Home

playwright-chromium

npm Repository Homepage

A high-level API to automate Chromium

12
Versions
Apache-2.0
License
Yes
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

pavelfeldmanyurysdgozman-msplaywright-bot

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
publish-pattern dormant-publish AI (publish-pattern): playwright-chromium is an official Microsoft package with SLSA provenance attestation; dormancy between releases is a known pattern for this sub-package and does not indicate account takeover. ai
install-scripts install-script:install AI (install-scripts): Playwright's install script downloads prebuilt Chromium binaries; this is the documented and expected install flow for all playwright-* browser packages. ai
bogus-package bogus-package AI (bogus-package): False positive — playwright-chromium is a major Microsoft package (167k downloads/week). Docs live on playwright.dev; no-keywords/short-README signals are irrelevant. ai

Versions (showing 12 of 12)

Version Deps Published
1.60.0 1 / 0
1.59.1 1 / 0
1.59.0 1 / 0
1.58.2 1 / 0
1.58.1 1 / 0
1.58.0 1 / 0
1.57.0 1 / 0
1.55.0 1 / 0
1.54.2 1 / 0
1.53.2 1 / 0
1.53.1 1 / 0
1.53.0 1 / 0

v1.60.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.59.1

2 findings
HIGH Package has 'install' script install-scripts

Script: node install.js

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.59.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.58.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.58.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.58.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.57.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.55.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.54.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.53.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.53.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.53.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.