Does browserstack-local have any known vulnerabilities?

browserstack-local v1.5.8 has 2 known CVE vulnerabilities. Review the safety scan for severity details and remediation guidance.

What capabilities does browserstack-local have?

browserstack-local has the following detected capabilities: network access, filesystem access, process spawning, environment variable access. Review these before using with AI coding agents.

Can I use browserstack-local safely with AI coding agents?

browserstack-local has been flagged with risk indicators. Review the detected threats and capabilities before using with AI coding agents. Assessments are automated and may contain errors.

browserstack-local

Q: Is browserstack-local safe to use?

browserstack-local v1.5.8 has warnings detected in the latest brin safety scan. Trust score: 65/100. Review the flagged concerns before use. This is an automated assessment.

npm

Is browserstack-local safe to use?

The latest brin safety scan flagged browserstack-local v1.5.8 with risk indicators that warrant review. 2 known CVE vulnerabilities. Trust score: 65/100. Review the findings below before use. This is an automated assessment and may contain errors.

Install (safety-checked)

browserstack-local Has Warnings

Warnings detected due to potential concerns

warning

CVEs

Threats

Install Scripts

Risk Indicators

•GHSA-g4w6-c99w-4wh7: UNKNOWN
•Can spawn child processes

browserstack-local CVE Vulnerabilities (2)

CVE-2025-57283medium

BrowserStack Local vulnerable to Command Injection through logfile variable

GHSA-g4w6-c99w-4wh7CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

BrowserStack Local vulnerable to Command Injection through logfile variable

brin Recommendations

→This package has warnings detected. Evaluate the specific concerns before proceeding.

Install with brin add browserstack-local to automatically apply these checks before installation.

This is an automated, point-in-time assessment and may contain errors. Findings are risk indicators, not confirmed threats. Security posture may change over time. Maintainers can dispute findings via the brin review process.

browserstack-local Capabilities & Permissions

What browserstack-local can access when installed. Review these capabilities before using with AI agents like Cursor, Claude Code, or Codex.

Network Access

This package makes network requests.

hub.browserstack.comwww.browserstack.comwww.google.com

Protocols: http, https

Filesystem Access

Reads and writes to the filesystem.

.env (rw).env (rw).env (rw)package.json (rw)/etc/ (rw)/home/ (rw).env (rw)package.json (rw)+4 more

Process Spawning

This package can spawn child processes.

Environment Variables

Accesses the following environment variables.

BINARY_DOWNLOAD_ERROR_MESSAGEBINARY_DOWNLOAD_FALLBACK_ENABLEDBINARY_DOWNLOAD_SOURCE_URLBROWSERSTACK_ACCESS_KEYBROWSERSTACK_LOCAL_DEBUG_GZIPBROWSERSTACK_USERNAMEUSER_AGENT

AGENTS.md for browserstack-local

Good instructions lead to good results. brin adds browserstack-local documentation to your AGENTS.md so your agent knows how to use it properly—improving both safety and performance.