
Research
/Security News
11 Malicious NuGet Tools Pose as Game Cheats to Drop a Windows Host-Surveillance Payload
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.
browser-use-headless
Advanced tools
Affected versions:
The simplest, thinnest, and most powerful harness to control your real browser with your agent.
The simplest, thinnest, and most powerful harness to control headless Chrome/Chromium with your agent — no display server needed.
A headless adaptation of browser-harness that auto-launches and manages a headless Chrome instance. Perfect for CI pipelines, servers, containers, and any environment without a GUI.
pip install -e .
browser-harness-headless <<'EOF'
new_tab("https://example.com")
print(page_info()["title"])
capture_screenshot("page.png")
EOF
That's it. No Chrome setup, no display, no config. The harness launches headless Chrome automatically on first use.
┌──────────────┐ ┌────────────┐ ┌─────────────────┐
│ Agent Code │──IPC──│ Daemon │──CDP──│ Headless Chrome │
│ (stdin) │ │ (Unix sock)│ │ (--headless=new) │
└──────────────┘ └────────────┘ └─────────────────┘
browser-harness-headless) reads Python from stdin, ensures daemon is running--headless=new (modern headless — full rendering, no GUI)# Run inline code
echo 'new_tab("https://httpbin.org/get"); print(js("document.body.innerText"))' | browser-harness-headless
# Run a script file
browser-harness-headless < my_script.py
# Multi-line heredoc
browser-harness-headless <<'EOF'
new_tab("https://news.ycombinator.com")
wait_for_load()
titles = js("""
Array.from(document.querySelectorAll('.titleline a'))
.slice(0, 5)
.map(a => a.textContent)
""")
print(titles)
EOF
browser-harness-headless --doctor # Diagnostics
browser-harness-headless --status # JSON status
browser-harness-headless --restart # Restart daemon + Chrome
browser-harness-headless --stop # Stop everything
| Env Var | Description |
|---|---|
BHH_CHROME_PATH | Path to Chrome/Chromium binary |
BHH_CDP_WS | Connect to existing CDP WebSocket instead of launching Chrome |
BHH_HOME | Config/runtime directory (default: ~/.config/browser-harness-headless) |
BHH_DOMAIN_SKILLS | Enable domain-specific skills (1 to enable) |
All helpers are pre-imported when code runs via the CLI:
| Helper | Description |
|---|---|
new_tab(url) | Open a new tab and navigate |
goto_url(url) | Navigate current tab |
page_info() | Get URL, title, viewport size, scroll position |
click_at_xy(x, y) | Click at viewport coordinates |
type_text(text) | Insert text at cursor |
fill_input(selector, text) | Framework-aware form filling (React/Vue/Ember) |
press_key(key, modifiers) | Simulate key press |
scroll(x, y, dx, dy) | Mouse wheel scroll |
capture_screenshot(path, full_page) | Take PNG screenshot |
list_tabs() / switch_tab() / close_tab() | Tab management |
js(expression) | Execute JavaScript, return result |
wait_for_load() | Wait for page load |
wait_for_element(selector) | Wait for DOM element |
wait_for_network_idle() | Wait for network quiet |
upload_file(selector, path) | Upload file to input |
http_get(url) | HTTP GET via page's fetch |
cdp(method, **params) | Raw Chrome DevTools Protocol |
src/browser_harness_headless/
├── __init__.py # Package init
├── run.py # CLI entry point
├── admin.py # Chrome launch, daemon lifecycle
├── daemon.py # CDP WebSocket owner, IPC server
├── helpers.py # Agent-facing API (navigation, input, screenshots, etc.)
├── _ipc.py # Unix socket / TCP IPC layer
└── paths.py # Filesystem layout
| Feature | browser-harness | browser-harness-headless |
|---|---|---|
| Browser | Uses your running Chrome | Auto-launches headless Chrome |
| Display | Requires GUI/display | No display needed |
| Setup | Enable remote debugging manually | Zero setup |
| Cloud | Browser Use cloud support | Local-only (or bring your own CDP) |
| Auth | OAuth for cloud | None needed |
| Dependencies | cdp-use, fetch-use | websockets, pillow only |
BHH_CHROME_PATH)MIT
FAQs
The simplest, thinnest, and most powerful harness to control your real browser with your agent.
The pypi package browser-use-headless receives a total of 0 weekly downloads. As such, browser-use-headless popularity was classified as not popular.
We found that browser-use-headless demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.

Research
/Security News
4 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.