webdriverio — Greenflagged

Next-gen browser and mobile automation test framework for Node.js

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

christian-bromannwdio-userwswebcreation-nl

Keywords

webdriveriowebdriverseleniumappiumsaucelabssaucelabsmochanodeUnitbusterpuppeteervowsjasmineassertcucumbertestingbot

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	net-exec-file:build/commands/browser/debug.js	AI (source-diff): This is webdriverio's documented browser.debug() REPL command for interactive test debugging, not a dropper. Stable false positive for this package.	ai	2026/04/24
provenance	publisher-changed	AI (provenance): Publisher changed from personal account to GitHub Actions CI/CD with SLSA provenance. This is a best-practice transition for a major OSS project.	ai	2026/04/23
phantom-deps	phantom-dep:resq	AI (phantom-deps): resq is a declared dependency used at runtime via config/dynamic loading in webdriverio's shadow DOM querying.	ai	2026/04/23
phantom-deps	phantom-dep:@types/node	AI (phantom-deps): TypeScript type package loaded by convention; standard for Node.js projects.	ai	2026/04/23
phantom-deps	phantom-dep:query-selector-shadow-dom	AI (phantom-deps): Declared dependency loaded dynamically via config for shadow DOM selector support.	ai	2026/04/23
phantom-deps	phantom-dep:@types/sinonjs__fake-timers	AI (phantom-deps): TypeScript type package loaded by convention; stable pattern for this package.	ai	2026/04/23

Versions (showing 51 of 669)

View all versions

Version	Deps	Published
9.27.2	25 / 7	2026-05-26
9.27.1	25 / 7	2026-04-30
9.27.0	25 / 7	2026-03-23
9.26.1	25 / 7	2026-03-15
9.26.0	25 / 7	2026-03-15
9.25.0	25 / 7	2026-03-10
9.24.0	25 / 7	2026-02-10
9.23.3	25 / 7	2026-02-01
9.23.2	25 / 7	2026-01-18
9.23.1	25 / 7	2026-01-18
9.23.0	25 / 7	2026-01-03
9.22.0	25 / 7	2025-12-24
9.21.0	25 / 7	2025-11-29
9.10.1	25 / 7	2025-02-25
9.8.0	27 / 7	2025-02-06
9.7.3	27 / 7	2025-02-05
9.7.2	27 / 7	2025-01-29
9.7.1	27 / 7	2025-01-25
9.7.0	27 / 7	2025-01-24
9.6.4	27 / 7	2025-01-24
9.6.3	27 / 7	2025-01-23
9.6.2	27 / 7	2025-01-23
9.5.7	27 / 7	2025-01-12
9.5.4	27 / 7	2025-01-10
9.5.0	27 / 7	2024-12-30
9.4.3	27 / 7	2024-12-17
9.4.2	27 / 7	2024-12-12
9.4.1	27 / 7	2024-11-27
9.4.0	27 / 7	2024-11-26
9.3.1	27 / 7	2024-11-22
9.3.0	27 / 7	2024-11-20
9.2.14	27 / 7	2024-11-14
9.2.12	27 / 7	2024-11-11
9.2.11	27 / 7	2024-11-07
9.2.8	27 / 7	2024-11-01
9.2.6	27 / 7	2024-10-30
9.2.5	27 / 7	2024-10-29
9.2.4	27 / 7	2024-10-28
9.2.2	27 / 7	2024-10-28
9.2.1	27 / 7	2024-10-12
9.2.0	27 / 7	2024-10-12
9.1.5	27 / 7	2024-10-10
9.1.4	27 / 7	2024-10-09
9.1.3	27 / 7	2024-10-08
9.1.2	27 / 7	2024-09-28
9.1.1	27 / 7	2024-09-26
9.1.0	27 / 7	2024-09-24
9.0.9	27 / 7	2024-09-05
9.0.8	27 / 7	2024-09-05
9.0.7	27 / 7	2024-08-21
9.0.6	27 / 7	2024-08-21

v9.27.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.27.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.27.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.26.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.26.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.25.0

2 findings

HIGH Publisher changed: wdio-user → GitHub Actions (on 2026-03-10) provenance

This version was published by a different npm account than previous versions on 2026-03-10. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.24.0

2 findings

HIGH Publisher changed: wdio-user → GitHub Actions (on 2026-02-10) provenance

This version was published by a different npm account than previous versions on 2026-02-10. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.23.3

2 findings

HIGH Publisher changed: wdio-user → GitHub Actions (on 2026-02-01) provenance

This version was published by a different npm account than previous versions on 2026-02-01. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.23.2

2 findings

HIGH Publisher changed: wdio-user → GitHub Actions (on 2026-01-18) provenance

This version was published by a different npm account than previous versions on 2026-01-18. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.23.1

2 findings

HIGH Publisher changed: wdio-user → GitHub Actions (on 2026-01-18) provenance

This version was published by a different npm account than previous versions on 2026-01-18. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.23.0

2 findings

HIGH Publisher changed: wdio-user → GitHub Actions (on 2026-01-03) provenance

This version was published by a different npm account than previous versions on 2026-01-03. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.22.0

2 findings

HIGH Publisher changed: wdio-user → GitHub Actions (on 2025-12-24) provenance

This version was published by a different npm account than previous versions on 2025-12-24. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.21.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.