Is @browserbasehq/stagehand safe to use?

@browserbasehq/stagehand has no known vulnerabilities on the latest version (3.3.0). DepScope rates its health at 70/100 (moderate risk).

What is the latest version of @browserbasehq/stagehand?

The latest version of @browserbasehq/stagehand is 3.3.0, released 2026-04-27.

Does @browserbasehq/stagehand have known vulnerabilities?

No known vulnerabilities on the latest version of @browserbasehq/stagehand.

Is @browserbasehq/stagehand deprecated?

No, @browserbasehq/stagehand is actively maintained. Latest release: 3.3.0 (2026-04-27).

What are alternatives to @browserbasehq/stagehand?

Popular alternatives to @browserbasehq/stagehand in npm include: minimatch, lru-cache, chalk, commander, @types/node.

What license does @browserbasehq/stagehand use?

@browserbasehq/stagehand is licensed under MIT.

@browserbasehq/stagehand

npmv3.3.0

An AI web browsing framework focused on simplicity and extensibility.

License MITpermissive819 versions8 maintainers15 deps

browserbase/stagehand

/ 100

Health

do not use

Do not install. Package is flagged as malicious (advisory MAL-2025-191198).

Health breakdown0 – 100

25/25

maintenance

0/20

popularity

25/25

security

15/15

maturity

5/15

community

Vulnerabilities

none known

Bundle & TypeScript

🌟

TypeScript

10/10typed

bundled

⚠ Malicious package

This package is flagged as malicious by the OpenSSF/OSV community feed. Do not install.

Advisory: MAL-2025-191198 — Malicious code in @browserbasehq/stagehand (npm)

Health History

Dependency Tree

License Audit

Dependencies (15)

ai ws pino uuid openai pino-pretty fetch-cookie @google/genai @ai-sdk/provider @anthropic-ai/sdk @langchain/openai devtools-protocol @browserbasehq/sdk zod-to-json-schema @modelcontextprotocol/sdk

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/@browserbasehq/stagehand