registry  /  betterwright  /  0.5.0

betterwright@0.5.0

A persistent, policy-guarded Playwright browser for AI agents with network controls, trusted credential filling, proof screenshots, and CAPTCHA helpers.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 14 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 19 file(s), 217 KB of source, external domains: 127.0.0.1, example.com, example.org, site.example

Source & flagged code

5 flagged · loading source
bin/betterwright.mjsView file
10L11: import { spawnSync } from "node:child_process"; L12: import fs from "node:fs";
High
Child Process

Package source references child process execution.

bin/betterwright.mjsView on unpkg · L10
matchType = previous_version_dangerous_delta matchedPackage = betterwright@0.4.0 matchedIdentity = npm:YmV0dGVyd3JpZ2h0:0.4.0 similarity = 0.813 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/betterwright.mjsView on unpkg
20L21: const require = createRequire(import.meta.url); L22:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/betterwright.mjsView on unpkg · L20
src/chrome.mjsView file
59const configuredHome = String( L60: options.home || process.env.BETTERWRIGHT_HOME || path.join(os.homedir(), ".betterwright"), L61: ); L62: const port = Math.max(1024, Math.min(Number(options.port) || DEFAULT_CDP_PORT, 65535)); L63: const endpoint = `http://127.0.0.1:${port}`; L64: if (await endpointReady(endpoint)) { ... L71: fs.mkdirSync(profileDir, { recursive: true, mode: 0o700 }); L72: const child = spawn( L73: executable,
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

src/chrome.mjsView on unpkg · L59
src/worker.mjsView file
44L45: const playwrightCoreDir = process.env.BETTERWRIGHT_PLAYWRIGHT_CORE_PATH || ""; L46: const playwrightModule = playwrightCoreDir ... L127: function send(message) { L128: process.stdout.write(`${JSON.stringify(message)}\n`); L129: } ... L156: L157: function mkdirPrivate(dir) { L158: fs.mkdirSync(dir, { recursive: true, mode: 0o700 }); ... L228: pid: process.pid, L229: hostname: os.hostname(), L230: startedAt: nowIso(),
High
Cloud Metadata Access

Source reaches cloud instance metadata or link-local credential endpoints.

src/worker.mjsView on unpkg · L44

Findings

5 High4 Medium5 Low
HighChild Processbin/betterwright.mjs
HighShell
HighSame File Env Network Executionsrc/chrome.mjs
HighCloud Metadata Accesssrc/worker.mjs
HighPrevious Version Dangerous Deltabin/betterwright.mjs
MediumDynamic Requirebin/betterwright.mjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings