barebrowse 0.5.4 → 0.5.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/CHANGELOG.md +18 -0
  2. package/README.md +1 -1
  3. package/barebrowse.context.md +3 -2
  4. package/mcp-server.js +2 -1
  5. package/package.json +1 -1
  6. package/src/chromium.js +1 -0
package/CHANGELOG.md CHANGED
@@ -1,5 +1,23 @@
1
1
  # Changelog
2
2
 
3
+ ## 0.5.5
4
+
5
+ Fix assess tab leak and Linux shared memory crash.
6
+
7
+ ### Assess tab leak (`mcp-server.js`)
8
+ - Fixed: successful assess calls never closed the tab — tabs accumulated, eating RAM until Chromium crashed
9
+ - `tab.close()` now called in the success path (was only in error/timeout paths)
10
+ - This was the root cause of crashes on heavy EU cookie consent sites (zalando.de, otto.de, etc.) — not the CMPs themselves
11
+
12
+ ### Chromium launch (`src/chromium.js`)
13
+ - Added `--disable-dev-shm-usage` flag — prevents shared memory crashes on Linux systems with limited `/dev/shm`
14
+
15
+ ### Tests
16
+ - New: `createTab()` suite in browse.test.js (2 tests)
17
+ - Creates 5 tabs, navigates each, closes all, verifies no zombie tabs remain
18
+ - Tab close is idempotent (double-close doesn't throw)
19
+ - 71/71 passing (was 69)
20
+
3
21
  ## 0.5.4
4
22
 
5
23
  Assess tool hardened: session reuse, concurrency, self-healing.
package/README.md CHANGED
@@ -139,7 +139,7 @@ Everything the agent can do through barebrowse:
139
139
  | **Upload** | Set files on a file input element |
140
140
  | **Screenshot** | Page capture as base64 PNG/JPEG/WebP |
141
141
  | **PDF** | Export page as PDF |
142
- | **Assess** | Privacy scan: score (0-100), risk level, 10-category breakdown. Reuses session browser via tabs (max 3 concurrent), auto-retries on CDP crash, 30s timeout per scan. Requires `npm install wearehere`. |
142
+ | **Assess** | Privacy scan: score (0-100), risk level, 10-category breakdown. Reuses session browser via tabs (max 3 concurrent, properly closed after each scan), auto-retries on CDP crash, 30s timeout per scan. Requires `npm install wearehere`. |
143
143
  | **Tabs** | List open tabs, switch between them |
144
144
  | **Wait for content** | Poll for text or CSS selector to appear on page |
145
145
  | **Wait for navigation** | SPA-aware: works for full page loads and pushState |
package/barebrowse.context.md CHANGED
@@ -1,7 +1,7 @@
1
1
  # barebrowse -- Integration Guide
2
2
 
3
3
  > For AI assistants and developers wiring barebrowse into a project.
4
- > v0.5.4 | Node.js >= 22 | 0 required deps | MIT
4
+ > v0.5.5 | Node.js >= 22 | 0 required deps | MIT
5
5
 
6
6
  ## What this is
7
7
 
@@ -157,6 +157,7 @@ barebrowse can inject cookies from the user's real browser sessions, bypassing l
157
157
  | Bot detection | Hybrid fallback: detects challenge pages, error pages, and near-empty responses, then switches to headed | Hybrid |
158
158
  | `navigator.webdriver` | Stealth patches in headless (webdriver, plugins, chrome obj) | Headless |
159
159
  | Profile locking | Unique temp dir per headless instance | Headless |
160
+ | Shared memory crash (Linux) | `--disable-dev-shm-usage` flag prevents `/dev/shm` exhaustion | Headless |
160
161
  | ARIA noise | 9-step pruning: wrapper collapse, noise removal, landmark promotion | Both |
161
162
 
162
163
  ## bareagent wiring
@@ -242,7 +243,7 @@ Action tools return `'ok'` -- the agent calls `snapshot` explicitly to observe.
242
243
 
243
244
  Session runs in hybrid mode (headless with automatic headed fallback on bot detection). `goto` injects cookies from the user's browser before navigation for authenticated access.
244
245
 
245
- Session tools share a singleton page, lazy-created on first use. Assess runs in isolated tabs within the session (max 3 concurrent, with retry and CDP crash recovery).
246
+ Session tools share a singleton page, lazy-created on first use. Assess runs in isolated tabs within the session (max 3 concurrent, with retry and CDP crash recovery). Tabs are closed after every assess (success, error, and timeout paths).
246
247
 
247
248
  ## Architecture
248
249
 
package/mcp-server.js CHANGED
@@ -312,6 +312,7 @@ async function handleToolCall(name, args) {
312
312
  }),
313
313
  ]);
314
314
  clearTimeout(timer);
315
+ await tab.close().catch(() => {});
315
316
  return JSON.stringify(result, null, 2);
316
317
  } catch (err) {
317
318
  clearTimeout(timer);
@@ -355,7 +356,7 @@ async function handleMessage(msg) {
355
356
  return jsonrpcResponse(id, {
356
357
  protocolVersion: '2024-11-05',
357
358
  capabilities: { tools: {} },
358
- serverInfo: { name: 'barebrowse', version: '0.5.4' },
359
+ serverInfo: { name: 'barebrowse', version: '0.5.5' },
359
360
  });
360
361
  }
361
362
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "barebrowse",
3
- "version": "0.5.4",
3
+ "version": "0.5.5",
4
4
  "description": "Authenticated web browsing for autonomous agents via CDP. URL in, pruned ARIA snapshot out.",
5
5
  "type": "module",
6
6
  "main": "src/index.js",
package/src/chromium.js CHANGED
@@ -82,6 +82,7 @@ export async function launch(opts = {}) {
82
82
  '--use-fake-device-for-media-stream',
83
83
  '--use-fake-ui-for-media-stream',
84
84
  '--disable-features=MediaRouter',
85
+ '--disable-dev-shm-usage',
85
86
  ];
86
87
 
87
88
  if (opts.proxy) {