npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

human-browser

v4.6.0

Published

Stealth browser for AI agents. Bypasses Cloudflare, DataDome, PerimeterX. Residential IPs from 10+ countries. iPhone 15 Pro fingerprint. Drop-in Playwright replacement — launchHuman() just works.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

virix-labsvirix-labs

Keywords

browser-automationstealth-browserresidential-proxyplaywrightcloudflare-bypassanti-botscrapingai-agenthuman-browsermulti-countryinstagram-scrapingweb-scrapingagent-skillbypass-cloudflarebypass-datadomebypass-perimeterxfingerprint-spoofingiphone-fingerprintheadless-detectionproxy-rotationagent-browserplaywright-stealthbot-detection-bypassopenclaw-skillopenai-agent

Readme

Human Browser — Cloud Stealth Browser for AI Agents

No Mac Mini. No local install. Your agent runs it anywhere. Residential IPs from 10+ countries. Bypasses Cloudflare, DataDome, PerimeterX.

🌐 Product page: https://humanbrowser.cloud 🤖 A2A endpoint: https://agent.humanbrowser.cloud/a2a 💬 Support: https://t.me/virixlabs

Why your agent needs this

Regular Playwright on a data-center server gets blocked immediately by:

  • Cloudflare (bot score detection)
  • DataDome (fingerprint analysis)
  • PerimeterX (behavioral analysis)
  • Instagram, LinkedIn, TikTok (residential IP requirement)
  • Google sign-in, Akamai BMP (TLS / WebRTC fingerprint matching)

Local stealth libraries (patchright, undetected-chromedriver, playwright-stealth) close some of these gaps in JS, but leak others — most notably WebRTC ICE candidates that surface the server's real datacenter IP regardless of your proxy.

Human Browser's cloud build runs a custom forked Chromium with C++-source-level fingerprint patches (TLS ja3/ja4 matched to real Chrome, GPU vendor/renderer spoofing, WebRTC IP replacement, canvas/WebGL/audio noise) that you cannot get from any npm package. Plus residential proxies. Plus a live browser viewer. Drive it via the Agent2Agent protocol — no install, no version pinning, no Linux build of Chromium for you to maintain.

Agent2Agent (A2A) — recommended path

Endpoint: https://agent.humanbrowser.cloud/a2a Auth: Authorization: Bearer hb_live_<your-token> Agent card: https://agent.humanbrowser.cloud/.well-known/agent.json

Works with anything that speaks A2A — LangGraph, CrewAI, Google ADK, OpenAI Agents SDK, Claude/Anthropic agents, any hand-rolled JSON-RPC client.

Submit + poll (recommended)

# 1. Submit a goal — get back task_id and viewerUrl
curl -sS https://agent.humanbrowser.cloud/a2a \
  -H "Authorization: Bearer hb_live_<your-token>" \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "id": 1,
    "method": "message/send",
    "params": {
      "message": {
        "role": "user",
        "metadata": { "profile": "main", "model": "anthropic/claude-sonnet-4-6" },
        "parts": [{ "kind": "text", "text": "Log into example.com and report the dashboard total" }]
      }
    }
  }'
# → { "result": {
#       "id": "t_abc...",
#       "metadata": { "viewerUrl": "https://humanbrowser.cloud/a/s_xyz?k=...", "cost": {...} }
#     } }

# 2. Poll task.metadata while running — every 5–10 s.
#    metadata is enriched per step: step_count, current_url, last_thinking,
#    last_eval, last_action, cost.
curl -sS https://agent.humanbrowser.cloud/a2a \
  -H "Authorization: Bearer hb_live_<your-token>" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":2,"method":"tasks/get","params":{"id":"t_abc..."}}'

# 3. When task.state ∈ {completed, failed, canceled} → done.
#    Final outcome is in task.metadata.outcome:
#    { success, result, step_count, duration_ms, cost, files }
#    Full artifact in task.artifacts[0].

Or: webhook callback (no polling)

Pass callback_url in message.metadata and we POST the final Task envelope to that URL when the task hits a terminal state. Signed with X-HB-Signature: sha256=<HMAC> when the server is configured with a webhook secret. Retries 3× on 5xx / network errors with 2 / 8 / 30 s backoff.

{
  "message": {
    "role": "user",
    "metadata": {
      "profile": "main",
      "callback_url": "https://your-agent.host/hb-callback"
    },
    "parts": [{ "kind": "text", "text": "..." }]
  }
}

Or: SSE streaming

method: "message/stream" returns Server-Sent Events; each step pushes a status-update event with the latest task.metadata. Use this if your client can hold a long-lived connection.

Live viewer

Every spawned session ships a viewerUrl in task.metadata. Open it to:

  • Watch the browser live
  • See the agent timeline (👤 you · 🤖 caller-agent like dzeny · 🧠 hb-agent — color-coded)
  • Inject manual goals into a running session via the input box

Important: don't fire-and-await

message/send resolves only on terminal state, and tasks routinely run 5–30 min. Don't hold an HTTP connection that long — NAT / load-balancer / proxy timeouts will sever it and your client loses context while our server keeps running and billing. Use polling or webhooks instead.

Sensitive data handling

Pass logins / passwords / API keys via the A2A DataPart with metadata.sensitive=true — they're injected as task input and are stripped from logs, never written to artifacts, never echoed back in streams.

{
  "message": {
    "role": "user",
    "parts": [
      { "kind": "text", "text": "Log in and download the latest report" },
      { "kind": "data", "data": { "email": "...", "password": "..." }, "metadata": { "sensitive": true } }
    ]
  }
}

Profile persistence + per-token defaults

Each session inherits a named profile that persists cookies / localStorage / IndexedDB / Service Worker storage between spawns. Pass it in message.metadata.profile:

{ "message": { "metadata": { "profile": "polymarket-main" }, "role": "user", "parts": [...] } }

If you don't pass one, the server uses the token's default_profile (configurable per token via admin API) and falls back to "default". Same profile across reconnects → same cookies, same fingerprint, same WebRTC IP. Up to 5 concurrent sessions per token by default.

Library mode (advanced — for self-hosting)

If you want to skip the cloud entirely and drive your own Chromium with a residential proxy you supply yourself, the human-browser npm package exposes launchHuman() — a drop-in Playwright launcher with our humanizer helpers, geo-fingerprint plumbing, and built-in 2captcha integration.

Note: the library does NOT include our forked Chromium with C++ stealth patches — that binary is part of the cloud build only. Library mode is patchright-stealth-plus-helpers; expect lower pass-rate on Cloudflare BM / DataDome / Google sign-in / WebRTC-aware bot scoring than the cloud.

const { launchHuman } = require('human-browser');

// Zero config — auto-fetches trial credentials from humanbrowser.cloud
const { browser, page, humanType, humanClick, humanScroll, sleep } = await launchHuman();

const { page } = await launchHuman({ country: 'us' });      // US residential IP
const { page } = await launchHuman({ mobile: false });      // Desktop Chrome fingerprint
npm install human-browser playwright
npx playwright install chromium --with-deps

For proxy-provider env vars (BYO Decodo / IPRoyal / Bright Data / NodeMaven / Oxylabs), see the proxy setup notes and the env section of scripts/browser-human.js.

Supported countries

| Country | Code | Best for | |---------|------|----------| | 🇷🇴 Romania | ro | Polymarket, Instagram, Binance, Cloudflare | | 🇺🇸 United States | us | Netflix, DoorDash, US banks, Amazon | | 🇬🇧 United Kingdom | gb | Polymarket, Binance, BBC iPlayer | | 🇩🇪 Germany | de | EU services, German e-commerce | | 🇳🇱 Netherlands | nl | Crypto, Polymarket, Web3 | | 🇯🇵 Japan | jp | Japanese e-commerce, Line | | 🇫🇷 France | fr | EU services, luxury brands | | 🇨🇦 Canada | ca | North American services | | 🇸🇬 Singapore | sg | APAC/SEA e-commerce | | 🇦🇺 Australia | au | Oceania content |

Buy a plan + pricing: https://humanbrowser.cloud → Support & questions: https://t.me/virixlabs → Full spec for hand-rolled A2A clients: SKILL.md