agent-browser — Greenflagged

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

matt.strakavercel-release-botzeit-bot

Keywords

browserautomationheadlesschromecdpcliagent

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:silent-process-exec	AI (semgrep): Detached daemon is the documented architecture for this browser automation CLI.	ai	2026/06/01
semgrep	semgrep:silent-process-exec-var	AI (semgrep): Same daemon spawn pattern; expected for background browser service.	ai	2026/06/01
semgrep	semgrep:env-spread	AI (semgrep): Passes session config to daemon subprocess; standard pattern for this package.	ai	2026/06/01
provenance	no-provenance	AI (provenance): Common for this publisher's workflow; low-risk given trusted publisher.	ai	2026/05/31
install-scripts	install-script:postinstall	AI (install-scripts): Postinstall selects platform-appropriate prebuilt binary; consistent with native CLI distribution pattern from Vercel org.	ai	2026/04/29
npm-metadata	bundled-binaries	AI (npm-metadata): Binaries are Rust-compiled platform targets built via documented cargo build scripts in the vercel-labs repo.	ai	2026/04/29

Versions (showing 5 of 5)

Version	Deps	Published
0.26.0	0 / 0	2026-04-16
0.19.0	5 / 11	2026-03-13
0.1.2	2 / 6	2026-01-11
0.1.1	2 / 6	2026-01-11
0.1.0	2 / 5	2026-01-11

v0.1.2

4 findings

HIGH silent-process-exec: src/client.ts:55 semgrep

Silent detached process — runs invisibly in the background (reverse shells, miners) 53 | debug('Starting daemon...'); 54 | const daemonPath = path.join(__dirname, 'daemon.js'); > 55 | const child = spawn(process.execPath, [daemonPath], { 56 | detached: true, 57 | stdio: 'ignore',

HIGH silent-process-exec-var: src/client.ts:55 semgrep

Silent detached process — runs invisibly in the background (reverse shells, miners) 53 | debug('Starting daemon...'); 54 | const daemonPath = path.join(__dirname, 'daemon.js'); > 55 | const child = spawn(process.execPath, [daemonPath], { 56 | detached: true, 57 | stdio: 'ignore',

HIGH env-spread: src/client.ts:58 semgrep

Spreading entire process.env into an object — may capture all secrets 56 | detached: true, 57 | stdio: 'ignore', > 58 | env: { ...process.env, AGENT_BROWSER_DAEMON: '1', AGENT_BROWSER_SESSION: session }, 59 | }); 60 | child.unref();

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.1

4 findings

HIGH silent-process-exec: src/client.ts:55 semgrep

Silent detached process — runs invisibly in the background (reverse shells, miners) 53 | debug('Starting daemon...'); 54 | const daemonPath = path.join(__dirname, 'daemon.js'); > 55 | const child = spawn(process.execPath, [daemonPath], { 56 | detached: true, 57 | stdio: 'ignore',

HIGH silent-process-exec-var: src/client.ts:55 semgrep

Silent detached process — runs invisibly in the background (reverse shells, miners) 53 | debug('Starting daemon...'); 54 | const daemonPath = path.join(__dirname, 'daemon.js'); > 55 | const child = spawn(process.execPath, [daemonPath], { 56 | detached: true, 57 | stdio: 'ignore',

HIGH env-spread: src/client.ts:58 semgrep

Spreading entire process.env into an object — may capture all secrets 56 | detached: true, 57 | stdio: 'ignore', > 58 | env: { ...process.env, AGENT_BROWSER_DAEMON: '1', AGENT_BROWSER_SESSION: session }, 59 | }); 60 | child.unref();

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.0

4 findings

HIGH silent-process-exec: src/client.ts:55 semgrep

Silent detached process — runs invisibly in the background (reverse shells, miners) 53 | debug('Starting daemon...'); 54 | const daemonPath = path.join(__dirname, 'daemon.js'); > 55 | const child = spawn(process.execPath, [daemonPath], { 56 | detached: true, 57 | stdio: 'ignore',

HIGH silent-process-exec-var: src/client.ts:55 semgrep

Silent detached process — runs invisibly in the background (reverse shells, miners) 53 | debug('Starting daemon...'); 54 | const daemonPath = path.join(__dirname, 'daemon.js'); > 55 | const child = spawn(process.execPath, [daemonPath], { 56 | detached: true, 57 | stdio: 'ignore',

HIGH env-spread: src/client.ts:58 semgrep

Spreading entire process.env into an object — may capture all secrets 56 | detached: true, 57 | stdio: 'ignore', > 58 | env: { ...process.env, AGENT_BROWSER_DAEMON: '1', AGENT_BROWSER_SESSION: session }, 59 | }); 60 | child.unref();

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.