All devtools versions

[email protected] rejected Risk: 35 MIT

devtools @7.35.0

rejected
This version was rejected. It did not pass GreenFlagged's security review and is not served by the registry. The findings and risk dispositions below explain why.
npm Repository Homepage Tarball
35
Risk Score
MIT
License
No
Install Scripts
13
Dependencies
1
Dev Dependencies
54.8 KB
Package Size
Published

A Chrome DevTools protocol binding that maps WebDriver commands into Chrome DevTools commands using Puppeteer

Maintainers

christian-bromannwdio-userwswebcreation-nl

Keywords

devtoolsdriver

Dependencies (13)

PackageConstraintRegistry Status
uuid ^9.0.0 auto_approved
edge-paths ^2.1.0 auto_approved
@types/node ^18.0.0 auto_approved
@wdio/types 7.33.0 auto_approved
@wdio/utils 7.33.0 auto_approved
@wdio/config 7.33.0 auto_approved
@wdio/logger 7.26.0 auto_approved
ua-parser-js ^1.0.1 auto_approved
puppeteer-core 13.1.3 auto_approved
@wdio/protocols 7.27.0 auto_approved
chrome-launcher ^0.15.0 needs_review
@types/ua-parser-js ^0.7.33 auto_approved
query-selector-shadow-dom ^1.0.0 auto_approved

Dev Dependencies (1)

PackageConstraintRegistry Status
@types/uuid ^9.0.0 auto_approved

Transitive Dependency Tree

91 transitive deps max depth 10
  ├─ @types/node ^18.0.0 → 18.19.130
  ├─ @types/ua-parser-js ^0.7.33 → 0.7.39
  ├─ @wdio/config 7.33.0 → 7.33.0
  ├─ @wdio/logger 7.26.0 → 7.26.0
  ├─ @wdio/protocols 7.27.0 → 7.27.0
  ├─ @wdio/types 7.33.0 → 7.33.0
  ├─ @wdio/utils 7.33.0 → 7.33.0
  ├─ chrome-launcher ^0.15.0
  ├─ edge-paths ^2.1.0 → 2.2.1
  ├─ puppeteer-core 13.1.3 → 13.1.3
  ├─ query-selector-shadow-dom ^1.0.0 → 1.0.1
  ├─ ua-parser-js ^1.0.1 → 1.0.39
├─ uuid ^9.0.0 → 9.0.1
  ├─ @types/glob ^8.1.0 → 8.1.0
  ├─ @types/node ^18.0.0 → 18.19.130
  ├─ @types/which ^1.3.2 → 1.3.2
  ├─ @wdio/logger 7.26.0 → 7.26.0
  ├─ @wdio/types 7.33.0 → 7.33.0
  ├─ @wdio/utils 7.33.0 → 7.33.0
  ├─ chalk ^4.0.0 → 4.1.2
  ├─ debug 4.3.2 → 4.3.2
  ├─ deepmerge ^4.0.0 → 4.3.1
  ├─ devtools-protocol 0.0.948846 → 0.0.948846
  ├─ extract-zip 2.0.1 → 2.0.1
  ├─ glob ^8.0.3 → 8.0.3
  ├─ got ^11.8.1 → 11.8.6
  ├─ https-proxy-agent 5.0.0 → 5.0.0
  ├─ loglevel ^1.6.0 → 1.9.2
  ├─ loglevel-plugin-prefix ^0.8.4 → 0.8.4
  ├─ node-fetch 2.6.7
  ├─ p-iteration ^1.1.8 → 1.1.8
  ├─ pkg-dir 4.2.0 → 4.2.0
  ├─ progress 2.0.3 → 2.0.3
  ├─ proxy-from-env 1.1.0 → 1.1.0
  ├─ rimraf 3.0.2 → 3.0.2
  ├─ strip-ansi ^6.0.0 → 6.0.1
  ├─ tar-fs 2.1.1
  ├─ unbzip2-stream 1.4.3 → 1.4.3
  ├─ undici-types ~5.26.4 → 5.26.5
  ├─ which ^2.0.2 → 2.0.2
├─ ws 8.2.3
  ├─ @sindresorhus/is ^4.0.0
  ├─ @szmarczak/http-timer ^4.0.5
  ├─ @types/cacheable-request ^6.0.1 → 6.0.3
  ├─ @types/minimatch ^5.1.2
  ├─ @types/node * → 25.6.0
  ├─ @types/node ^18.0.0 → 18.19.130
  ├─ @types/responselike ^1.0.0 → 1.0.3
  ├─ @types/yauzl ^2.9.1 → 2.10.3
  ├─ @wdio/logger 7.26.0 → 7.26.0
  ├─ @wdio/types 7.33.0 → 7.33.0
  ├─ agent-base 6 → 6.0.2
  ├─ ansi-regex ^5.0.1 → 5.0.1
  ├─ ansi-styles ^4.1.0 → 4.3.0
  ├─ buffer ^5.2.1 → 5.7.1
  ├─ cacheable-lookup ^5.0.3
  ├─ cacheable-request ^7.0.2 → 7.0.2
  ├─ chalk ^4.0.0 → 4.1.2
  ├─ debug ^4.1.1 → 4.4.3
  ├─ debug 4 → 4.4.3
  ├─ decompress-response ^6.0.0
  ├─ find-up ^4.0.0 → 4.1.0
  ├─ fs.realpath ^1.0.0
  ├─ get-stream ^5.1.0 → 5.2.0
  ├─ glob ^7.1.3 → 7.1.7
  ├─ got ^11.8.1 → 11.8.6
  ├─ http2-wrapper ^1.0.0-beta.5.2
  ├─ inflight ^1.0.4
  ├─ inherits 2 → 2.0.4
  ├─ isexe ^2.0.0 → 2.0.0
  ├─ loglevel ^1.6.0 → 1.9.2
  ├─ loglevel-plugin-prefix ^0.8.4 → 0.8.4
  ├─ lowercase-keys ^2.0.0
  ├─ minimatch ^5.0.1 → 5.1.9
  ├─ ms 2.1.2 → 2.1.2
  ├─ once ^1.3.0 → 1.4.0
  ├─ p-cancelable ^2.0.0
  ├─ p-iteration ^1.1.8 → 1.1.8
  ├─ responselike ^2.0.0
  ├─ strip-ansi ^6.0.0 → 6.0.1
  ├─ supports-color ^7.1.0 → 7.2.0
  ├─ through ^2.3.8 → 2.3.8
  ├─ undici-types ~5.26.4 → 5.26.5
├─ yauzl ^2.10.0 → 2.10.0
  ├─ @sindresorhus/is ^4.0.0
  ├─ @szmarczak/http-timer ^4.0.5
  ├─ @types/cacheable-request ^6.0.1 → 6.0.3
  ├─ @types/http-cache-semantics * → 4.2.0
  ├─ @types/node * → 25.6.0
  ├─ @types/node ^18.0.0 → 18.19.130
  ├─ @types/responselike ^1.0.0 → 1.0.3
  ├─ ansi-regex ^5.0.1 → 5.0.1
  ├─ ansi-styles ^4.1.0 → 4.3.0
  ├─ base64-js ^1.3.1 → 1.5.1
  ├─ brace-expansion ^2.0.1 → 2.1.0
  ├─ buffer-crc32 ~0.2.3 → 0.2.13
  ├─ cacheable-lookup ^5.0.3
  ├─ cacheable-request ^7.0.2 → 7.0.2
  ├─ chalk ^4.0.0 → 4.1.2
  ├─ clone-response ^1.0.2
  ├─ color-convert ^2.0.1
  ├─ debug 4 → 4.4.3
  ├─ decompress-response ^6.0.0
  ├─ fd-slicer ~1.1.0 → 1.1.0
  ├─ fs.realpath ^1.0.0
  ├─ get-stream ^5.1.0 → 5.2.0
  ├─ got ^11.8.1 → 11.8.6
  ├─ has-flag ^4.0.0 → 4.0.0
  ├─ http-cache-semantics ^4.0.0 → 4.2.0
  ├─ http2-wrapper ^1.0.0-beta.5.2
  ├─ ieee754 ^1.1.13 → 1.2.1
  ├─ inflight ^1.0.4
  ├─ inherits 2 → 2.0.4
  ├─ keyv ^4.0.0 → 4.5.4
  ├─ locate-path ^5.0.0 → 5.0.0
  ├─ loglevel ^1.6.0 → 1.9.2
  ├─ loglevel-plugin-prefix ^0.8.4 → 0.8.4
  ├─ lowercase-keys ^2.0.0
  ├─ minimatch ^3.0.4 → 3.1.5
  ├─ ms ^2.1.3 → 2.1.3
  ├─ normalize-url ^6.0.1 → 6.1.0
  ├─ once ^1.3.0 → 1.4.0
  ├─ p-cancelable ^2.0.0
  ├─ path-exists ^4.0.0 → 4.0.0
  ├─ path-is-absolute ^1.0.0 → 1.0.1
  ├─ pump ^3.0.0 → 3.0.4
  ├─ responselike ^2.0.0
  ├─ strip-ansi ^6.0.0 → 6.0.1
  ├─ supports-color ^7.1.0 → 7.2.0
  ├─ undici-types ~7.19.0 → 7.19.2
  ├─ undici-types ~5.26.4 → 5.26.5
├─ wrappy 1 → 1.0.2
  ├─ @sindresorhus/is ^4.0.0
  ├─ @szmarczak/http-timer ^4.0.5
  ├─ @types/cacheable-request ^6.0.1 → 6.0.3
  ├─ @types/http-cache-semantics * → 4.2.0
  ├─ @types/node * → 25.6.0
  ├─ @types/responselike ^1.0.0 → 1.0.3
  ├─ ansi-regex ^5.0.1 → 5.0.1
  ├─ ansi-styles ^4.1.0 → 4.3.0
  ├─ balanced-match ^1.0.0 → 1.0.2
  ├─ brace-expansion ^1.1.7 → 1.1.14
  ├─ cacheable-lookup ^5.0.3
  ├─ cacheable-request ^7.0.2 → 7.0.2
  ├─ clone-response ^1.0.2
  ├─ color-convert ^2.0.1
  ├─ decompress-response ^6.0.0
  ├─ end-of-stream ^1.1.0 → 1.4.5
  ├─ get-stream ^5.1.0 → 5.2.0
  ├─ has-flag ^4.0.0 → 4.0.0
  ├─ http-cache-semantics ^4.0.0 → 4.2.0
  ├─ http2-wrapper ^1.0.0-beta.5.2
  ├─ json-buffer 3.0.1 → 3.0.1
  ├─ keyv ^4.0.0 → 4.5.4
  ├─ lowercase-keys ^2.0.0
  ├─ ms ^2.1.3 → 2.1.3
  ├─ normalize-url ^6.0.1 → 6.1.0
  ├─ once ^1.3.1 → 1.4.0
  ├─ p-cancelable ^2.0.0
  ├─ p-locate ^4.1.0 → 4.1.0
  ├─ pend ~1.2.0 → 1.2.0
  ├─ pump ^3.0.0 → 3.0.4
  ├─ responselike ^2.0.0
  ├─ supports-color ^7.1.0 → 7.2.0
  ├─ undici-types ~7.19.0 → 7.19.2
  ├─ undici-types ~5.26.4 → 5.26.5
├─ wrappy 1 → 1.0.2
  ├─ @types/http-cache-semantics * → 4.2.0
  ├─ @types/node * → 25.6.0
  ├─ @types/responselike ^1.0.0 → 1.0.3
  ├─ balanced-match ^1.0.0 → 1.0.2
  ├─ clone-response ^1.0.2
  ├─ color-convert ^2.0.1
  ├─ concat-map 0.0.1 → 0.0.1
  ├─ end-of-stream ^1.1.0 → 1.4.5
  ├─ get-stream ^5.1.0 → 5.2.0
  ├─ has-flag ^4.0.0 → 4.0.0
  ├─ http-cache-semantics ^4.0.0 → 4.2.0
  ├─ json-buffer 3.0.1 → 3.0.1
  ├─ keyv ^4.0.0 → 4.5.4
  ├─ lowercase-keys ^2.0.0
  ├─ normalize-url ^6.0.1 → 6.1.0
  ├─ once ^1.3.1 → 1.4.0
  ├─ once ^1.4.0 → 1.4.0
  ├─ p-limit ^2.2.0 → 2.2.2
  ├─ pump ^3.0.0 → 3.0.4
  ├─ responselike ^2.0.0
  ├─ undici-types ~7.19.0 → 7.19.2
├─ wrappy 1 → 1.0.2
  ├─ @types/node * → 25.6.0
  ├─ end-of-stream ^1.1.0 → 1.4.5
  ├─ json-buffer 3.0.1 → 3.0.1
  ├─ once ^1.4.0 → 1.4.0
  ├─ once ^1.3.1 → 1.4.0
  ├─ p-try ^2.0.0 → 2.2.0
  ├─ pump ^3.0.0 → 3.0.4
  ├─ undici-types ~7.19.0 → 7.19.2
├─ wrappy 1 → 1.0.2
  ├─ end-of-stream ^1.1.0 → 1.4.5
  ├─ once ^1.3.1 → 1.4.0
  ├─ once ^1.4.0 → 1.4.0
  ├─ undici-types ~7.19.0 → 7.19.2
├─ wrappy 1 → 1.0.2
  ├─ once ^1.4.0 → 1.4.0
├─ wrappy 1 → 1.0.2
  ├─ wrappy 1 → 1.0.2

Changes from v8.31.1

Dependency Changes

ChangePackageVersion
added @types/ua-parser-js ^0.7.33
removed which ^4.0.0
removed import-meta-resolve ^4.0.0
changed edge-paths ^3.0.5 → ^2.1.0
changed @types/node ^20.1.0 → ^18.0.0
changed @wdio/types 8.31.1 → 7.33.0
changed @wdio/utils 8.31.1 → 7.33.0
changed @wdio/config 8.31.1 → 7.33.0
changed @wdio/logger 8.28.0 → 7.26.0
changed ua-parser-js ^1.0.37 → ^1.0.1
changed puppeteer-core 20.3.0 → 13.1.3
changed @wdio/protocols 8.29.7 → 7.27.0
changed chrome-launcher ^1.0.0 → ^0.15.0

File Changes

0 added 7 removed 216 modified size delta: +.4 KB

SAST Findings (1)

HIGH Provenance attestation missing — previous versions had it provenance

This version was published without provenance, but prior versions were published via CI/CD with attestations. This is a strong signal of a potential account compromise or unauthorized publish. The axios attack (March 2026) exhibited exactly this pattern.

Review Summary

Risk score: 35. Findings: 1 high (+25), 1 medium (+10), 2 info (+0).

Commit: 56c8deab3787 Browse source

Published to npm: