Malware advisories for @browserbasehq/* need version scoping (Shai-Hulud 2.0 remediated) #6993
Description
Summary
Several @browserbasehq/* malware advisories have vulnerableVersionRange: ">= 0" with no firstPatchedVersion, causing all versions to be flagged. Only a single specific version of each package was compromised during the Shai-Hulud 2.0 supply chain attack in November 2025. The malicious versions were removed from npm and current versions are clean.
Since malware advisories don't accept community improvements via the "Suggest improvements" form, I'm filing this issue per the guidance on the advisory pages.
Affected Advisories
| GHSA | Package | Compromised Version | Current Range | Correct Range |
|---|---|---|---|---|
| GHSA-xxg4-p932-cqpg | @browserbasehq/bb9 |
1.2.21 |
>= 0 |
= 1.2.21 |
| GHSA-h638-vgm6-2xm2 | @browserbasehq/director-ai |
1.0.3 |
>= 0 |
= 1.0.3 |
| GHSA-j9hg-hmwf-9qx7 | @browserbasehq/mcp |
2.1.1 |
>= 0 |
= 2.1.1 |
| GHSA-4rjx-92xj-8cj8 | @browserbasehq/stagehand-docs |
1.0.1 |
>= 0 |
= 1.0.1 |
Request
Please update the vulnerableVersionRange on each advisory from >= 0 to only the specific compromised version, and/or set firstPatchedVersion to the next clean release. Alternatively, these advisories could be withdrawn since the malicious versions have been removed from npm entirely.
Impact
Downstream tools that consume GitHub Advisory / OSV data (e.g., Goose by Block, npm audit, etc.) are blocking installation of current clean versions of these packages because the advisory marks all versions as malicious.
A corresponding issue has been filed at ossf/malicious-packages#1138 for the OSV-side entries, which inherit the broad range from these GHSA advisories.
Context
- Attack: Shai-Hulud 2.0 (November 2025)
- The
google-open-source-securityandamazon-inspectorsources in the corresponding OSV entries correctly identify only the single compromised version - The
ghsa-malwaresource is the one contributing the overly broad>= 0range