@browserbasehq/stagehand
An AI web browsing framework focused on simplicity and extensibility.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:devtools-protocol | AI (phantom-deps): devtools-protocol used as type/protocol reference in CDP integration; phantom-dep heuristic false positive. | ai | |
| phantom-deps | phantom-dep:ws | AI (phantom-deps): ws is a runtime dep used via playwright/CDP internals; phantom-dep heuristic false positive. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Dormancy aligns with documented Browserbase team transition; high-traffic package with org-level maintainer additions. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Size increase matches addition of multiple AI provider integrations and playwright bundling. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Major framework expansion adding LLM providers, playwright integration, MCP SDK — legitimate growth. | ai | |
| provenance | missing-githead | AI (provenance): Published via GitHub Actions with SLSA provenance; gitHead absence likely from monorepo publish flow. | ai | |
| phantom-deps | phantom-dep:pino-pretty | AI (phantom-deps): pino-pretty is a transport loaded at runtime by pino; not directly imported but required. | ai | |
| phantom-deps | phantom-dep:@langchain/openai | AI (phantom-deps): Optional integration dep; referenced in config/dynamic imports, not static imports. | ai | |
| provenance | publisher-changed | AI (provenance): Transition from desaadi to paul-klein-browserbase is an org-internal handoff within Browserbase; both are established accounts. | ai | |
| dependencies | unvetted-dep:anthropic | AI (dependencies): anthropic@^0.0.0 is declared but confirmed not directly imported (phantom-dep finding accepted). The real Anthropic SDK used is @anthropic-ai/sdk. This stub dependency poses no runtime risk for this package. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): Removal of three maintainers alongside an addition is consistent with team restructuring at Browserbase; no signs of hostile takeover. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): @browserbasehq/sdk is the organization's own first-party SDK; adding it to a Browserbase product is expected and low-risk. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): Maintainer addition (anirudhkamath) appears to be a legitimate team change within the Browserbase org; publisher paul-klein-browserbase has strong track record and is the package author. | ai | |
| phantom-deps | phantom-dep:anthropic-ai | AI (phantom-deps): anthropic-ai is a compatibility shim, not directly imported. Stable false positive for this package. | ai | |
| provenance | no-provenance | AI (provenance): Established package from known publisher; lack of provenance is common (~88% of npm) and not a risk signal here. | ai | |
| phantom-deps | phantom-dep:anthropic | AI (phantom-deps): anthropic@^0.0.0 is a placeholder/stub dep; actual SDK is @anthropic-ai/sdk. Not directly imported — stable false positive for this package. | ai |
Versions (showing 31 of 31)
| Version | Deps | Published |
|---|---|---|
| 3.7.0 | 14 / 19 | |
| 3.6.0 | 14 / 19 | |
| 3.5.0 | 14 / 19 | |
| 3.4.0 | 15 / 18 | |
| 3.3.0 | 15 / 16 | |
| 3.2.1 | 15 / 16 | |
| 3.2.0 | 15 / 16 | |
| 3.1.0 | 15 / 16 | |
| 3.0.8 | 15 / 16 | |
| 3.0.7 | 15 / 16 | |
| 3.0.6 | 16 / 14 | |
| 3.0.5 | 15 / 8 | |
| 3.0.3 | 15 / 6 | |
| 3.0.2 | 15 / 6 | |
| 3.0.1 | 15 / 6 | |
| 3.0.0 | 15 / 6 | |
| 2.5.9 | 13 / 28 | |
| 2.5.8 | 13 / 28 | |
| 2.5.7 | 13 / 28 | |
| 2.5.6 | 13 / 28 | |
| 2.5.5 | 13 / 28 | |
| 2.5.4 | 13 / 28 | |
| 2.5.3 | 13 / 28 | |
| 1.3.0 | 6 / 15 | |
| 1.2.0 | 6 / 15 | |
| 1.1.2 | 6 / 15 | |
| 1.1.1 | 6 / 15 | |
| 1.1.0 | 6 / 15 | |
| 1.0.3 | 5 / 15 | |
| 1.0.2 | 5 / 15 | |
| 1.0.1 | 5 / 15 |
v3.7.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.6.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.5.0
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.3.0
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-04-27. This could indicate a legitimate maintainer transition or an account compromise.
v3.2.1
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-04-08. This could indicate a legitimate maintainer transition or an account compromise.
v3.2.0
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-03-18. This could indicate a legitimate maintainer transition or an account compromise.
v3.1.0
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-02-24. This could indicate a legitimate maintainer transition or an account compromise.
v3.0.8
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-01-22. This could indicate a legitimate maintainer transition or an account compromise.
v3.0.7
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2025-12-27. This could indicate a legitimate maintainer transition or an account compromise.
v3.0.6
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2025-12-13. This could indicate a legitimate maintainer transition or an account compromise.
v3.0.5
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2025-11-24. This could indicate a legitimate maintainer transition or an account compromise.
v3.0.3
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: paul-klein-browserbase.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.2
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: paul-klein-browserbase.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.1
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: paul-klein-browserbase.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.0
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: seanmcguire12.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2025-10-29. This could indicate a legitimate maintainer transition or an account compromise.
v2.5.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.5.8
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-02-19. This could indicate a legitimate maintainer transition or an account compromise.
v2.5.7
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-01-22. This could indicate a legitimate maintainer transition or an account compromise.
v2.5.6
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2025-12-09. This could indicate a legitimate maintainer transition or an account compromise.
v2.5.5
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2025-12-09. This could indicate a legitimate maintainer transition or an account compromise.
v2.5.4
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2025-12-05. This could indicate a legitimate maintainer transition or an account compromise.
v2.5.3
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2025-11-17. This could indicate a legitimate maintainer transition or an account compromise.
v1.3.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.3
2 findingsThis version was published by a different npm account than previous versions on 2024-11-01. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.