puppeteer-core — Greenflagged

A high-level API to control headless Chrome over the DevTools Protocol

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

mathiasgoogle-wombot

Keywords

puppeteerchromeheadlessautomation

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Publisher changed from google-wombot to GitHub Actions CI/CD with SLSA provenance attestation — this reflects a legitimate migration to automated, attested releases for the official puppeteer project.	ai	2026/04/24
semgrep	semgrep:child-process-import	AI (semgrep): puppeteer-core legitimately uses child_process to spawn ffmpeg for screen recording; this is a documented, expected feature of the package.	ai	2026/04/24
provenance	no-provenance	AI (provenance): Established Google-maintained package; lack of Sigstore provenance is not a meaningful risk signal here.	ai	2026/04/24
semgrep	semgrep:base64-decode	AI (semgrep): Decodes base64 binary data from Chrome DevTools Protocol event streams — standard, expected behavior for a browser automation library. Not a malicious payload risk.	ai	2026/04/23
semgrep	semgrep:new-function-constructor	AI (semgrep): Core Puppeteer feature for serializing user-supplied JS functions to execute in browser contexts (page.evaluate etc.). Intentional and documented API behavior, not a security risk.	ai	2026/04/23

Versions (showing 100 of 337)

Version	Deps	Published
23.4.0	6 / 7	2024-09-18
23.3.1	6 / 7	2024-09-16
23.3.0	6 / 7	2024-09-04
23.2.2	6 / 7	2024-09-03
23.2.1	6 / 7	2024-08-29
23.2.0	6 / 7	2024-08-26
23.1.1	6 / 7	2024-08-21
23.1.0	6 / 7	2024-08-14
23.0.2	5 / 7	2024-08-08
23.0.1	5 / 7	2024-08-07
23.0.0	5 / 7	2024-08-07
22.15.0	5 / 7	2024-07-31
22.14.0	5 / 7	2024-07-25
22.13.1	5 / 7	2024-07-17
22.13.0	5 / 7	2024-07-11
22.12.1	5 / 7	2024-06-26
22.12.0	5 / 7	2024-06-21
22.11.2	5 / 7	2024-06-18
22.11.1	5 / 7	2024-06-17
22.11.0	5 / 7	2024-06-12
22.10.1	5 / 7	2024-06-11
22.10.0	5 / 7	2024-05-24
22.9.0	5 / 7	2024-05-16
22.8.2	5 / 7	2024-05-15
22.8.1	5 / 7	2024-05-13
22.8.0	5 / 7	2024-05-06
22.7.1	5 / 6	2024-04-25
22.7.0	5 / 6	2024-04-23
22.6.5	5 / 6	2024-04-15
22.6.4	5 / 6	2024-04-11
22.6.3	5 / 6	2024-04-05
22.6.2	5 / 6	2024-04-02
22.6.1	5 / 6	2024-03-25
22.6.0	5 / 6	2024-03-20
22.5.0	5 / 6	2024-03-15
22.4.1	6 / 6	2024-03-08
22.4.0	6 / 6	2024-03-05
22.3.0	6 / 6	2024-02-26
22.2.0	6 / 6	2024-02-22
22.1.0	6 / 6	2024-02-17
22.0.0	6 / 6	2024-02-05
21.11.0	6 / 6	2024-02-02
21.10.0	6 / 6	2024-01-29
21.9.0	6 / 6	2024-01-24
21.8.0	6 / 6	2024-01-24
21.7.0	6 / 6	2024-01-04
21.6.1	6 / 6	2023-12-13
21.6.0	6 / 6	2023-12-06
21.5.2	6 / 6	2023-11-15
21.5.1	6 / 6	2023-11-09
21.5.0	6 / 4	2023-11-02
21.4.1	6 / 4	2023-10-24
21.4.0	6 / 4	2023-10-20
21.3.8	6 / 4	2023-10-06
21.3.7	6 / 4	2023-10-05
21.3.6	6 / 4	2023-09-28
21.3.5	6 / 4	2023-09-26
21.3.4	6 / 4	2023-09-22
21.3.3	6 / 4	2023-09-22
21.3.2	6 / 4	2023-09-22
21.3.1	6 / 3	2023-09-19
21.3.0	6 / 4	2023-09-19
21.2.1	6 / 4	2023-09-13
21.2.0	6 / 4	2023-09-12
21.1.1	6 / 3	2023-08-28
21.1.0	6 / 3	2023-08-18
21.0.3	6 / 3	2023-08-11
21.0.2	6 / 3	2023-08-08
21.0.1	6 / 3	2023-08-03
21.0.0	6 / 3	2023-08-02
20.9.0	6 / 2	2023-07-20
20.8.3	6 / 2	2023-07-18
20.8.2	6 / 2	2023-07-13
20.8.1	6 / 2	2023-07-11
20.8.0	6 / 2	2023-07-06
20.7.4	6 / 2	2023-06-29
20.7.3	6 / 2	2023-06-21
20.7.2	6 / 2	2023-06-16
20.7.1	6 / 2	2023-06-13
20.7.0	6 / 2	2023-06-13
20.6.0	6 / 2	2023-06-12
20.5.0	6 / 2	2023-05-31
20.4.0	6 / 2	2023-05-25
20.3.0	6 / 2	2023-05-22
20.2.1	6 / 2	2023-05-16
20.2.0	6 / 2	2023-05-11
20.1.2	6 / 2	2023-05-08
20.1.1	11 / 2	2023-05-05
20.1.0	11 / 2	2023-05-03
20.0.0	11 / 2	2023-05-02
19.11.1	11 / 2	2023-04-25
19.11.0	11 / 2	2023-04-24
19.10.1	11 / 2	2023-04-21
19.10.0	11 / 2	2023-04-20
19.9.1	11 / 2	2023-04-17
19.9.0	11 / 2	2023-04-13
19.8.5	11 / 2	2023-04-06
19.8.4	11 / 2	2023-04-06
19.8.3	10 / 2	2023-04-03
19.8.1	10 / 2	2023-03-29

Showing 100 of 337 Next page →