npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

leapfrog-mcp

v0.7.4

Published

Multi-session browser MCP for AI agents — 36 tools, stealth, persistent auth, code-first scripts, API sniffer, agent intelligence

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

leapfrogaileapfrogai

Keywords

mcpbrowserheadlessplaywrightai-agentautomationweb-scrapingmulti-sessionstealthdom-snapshotmodel-context-protocolclaudecursorwindsurfbrowser-automation

Readme

The Problem

Playwright MCP sends ~14,000 tokens for a content-heavy page like Hacker News. Most of that is noise. Your context window fills up. Your agent gets confused. You pay for it.

Leapfrog sends ~1,400 tokens. Same page. Same information. Up to 10x less noise.

┌─────────────────────────────────────────────────────┐
│  Playwright MCP                                     │
│  ████████████████████████████████████████  ~14,000   │
│                                                     │
│  Leapfrog                                           │
│  █████                                    ~1,400    │
└─────────────────────────────────────────────────────┘
          tokens per page (Hacker News, real test)

Savings range from 2-10x depending on page complexity. Content-heavy pages see the biggest wins. Dense forms see the smallest. The median across real-world sites is ~4-5x.

Quick Start

npx leapfrog-mcp --doctor          # verify everything works
npx leapfrog-mcp --stealth-audit   # test all 19 stealth patches
npx leapfrog-mcp --config          # print MCP config to paste

Add to ~/.mcp.json (Claude Code) or your editor's MCP config:

{
  "leapfrog": {
    "command": "npx",
    "args": ["-y", "leapfrog-mcp"],
    "env": {
      "LEAP_MAX_SESSIONS": "15",
      "LEAP_TILE": "true",
      "LEAP_HUD": "true",
      "LEAP_AUTO_CONSENT": "true"
    }
  }
}

Leapfrog uses playwright-core (15MB) instead of playwright (1.6GB) and does not bundle a browser. Either:

  • Set LEAP_CHANNEL=chrome to use your installed Chrome/Chromium (recommended)
  • Or run npx playwright-core install chromium to install the bundled Chromium binary
  • Or set LEAP_CDP_ENDPOINT to connect to an already-running Chrome instance

Feature Matrix

| | Leapfrog | Playwright MCP | agent-browser | |---|:---:|:---:|:---:| | Tokens per page | ~1,200-2,500 | ~3,800-15,000 | ~300 | | Parallel sessions | 15 | 1 | 1 | | Session isolation | Yes | No | No | | Multi-tab / popups | Yes | No | No | | Network intercept | Yes | No | No | | Console capture | Yes | Yes | No | | Stealth / anti-bot | Yes | No | No | | Smart wait (5 types) | Yes | Basic | No | | Crash recovery | Yes | No | No | | Batch actions (100/call) | Yes | No | No | | Init script injection | Yes | Yes | No | | Drag / upload / resize | Yes | Yes | No | | Per-session proxy | Yes | No | No | | Humanization (opt-in) | Yes | No | No | | Auth profile reuse | Yes | No | No | | Cookie persistence | Yes | No | No | | Page classification (18) | Yes | No | No | | Session memory | Yes | No | No | | API intelligence | Yes | No | No | | Adaptive wait + auto-retry | Yes | No | No | | CAPTCHA auto-resolve | Yes | No | No | | Self-improvement (9 dims) | Yes | No | No | | Record / replay | Yes | No | No | | Pagination extraction | Yes | No | No | | Incremental snapshots (diff) | Yes | No | No | | Stealth self-test CLI | Yes | No | No | | SSRF protection | Yes | No | No |

Stealth

Leapfrog ships 19 anti-detection patches enabled by default (LEAP_STEALTH=true). Four modes:

  • true (default) — all 19 patches active
  • passive — removes automation signals only (webdriver, HeadlessChrome). Does NOT fake identity (WebGL, fonts, audio). Better for sites where trust matters more than evasion.
  • auto — per-domain EXP3 bandit selects the optimal stealth configuration based on what's worked before
  • false — no stealth patches

These cover the vectors that fingerprint services like CreepJS and fingerprint-pro actually check:

  • Client Hints brands (strips HeadlessChrome)
  • navigator.webdriver forced to undefined
  • WebGL vendor/renderer (replaces SwiftShader with real GPU strings)
  • Connection RTT (non-zero)
  • Alert dismiss timing (human-speed delay)
  • Window outer/inner height offset
  • MIME type array population
  • Platform inference from user agent
  • chrome.app emulation
  • iframe contentWindow protection
  • Media codec spoofing (canPlayType)
  • document.hasFocus() override
  • Source URL comment stripping
  • Custom UA + stealth coexistence (custom user agents no longer disable stealth context)
  • CDP Runtime.enable detection (Error.prepareStackTrace filter)
  • Permissions API spoofing (20+ permission types)
  • AudioContext fingerprint noise (getChannelData/getFloatFrequencyData)
  • WebRTC IP leak prevention (ICE candidate filtering)
  • Font enumeration fingerprint spoofing

Per-session stealth control: pass stealth: false in session_create to disable for a specific session.

Humanization (Experimental)

Set LEAP_HUMANIZE=true to enable human-like browser interaction. This is opt-in and adds latency in exchange for more realistic behavior. Six modules:

  • Mouse — Bezier curve paths with Fitts's Law timing and micro-tremor jitter
  • Typing — Log-normal inter-key delays (200ms median), key dwell time, bigram-aware speed, rollover typing
  • Scroll — Inertial simulation with ramp-up and momentum decay (touchpad/mouse-wheel physics)
  • Pause — Inter-action "think" delays that simulate cognitive gaps between actions
  • Fingerprint — Coherent browser fingerprint generation (platform, device memory, GPU, timezone)
  • Utils — Shared math primitives (Box-Muller gaussian, distributions)

Page Classification

Every navigate and snapshot call automatically classifies the page type using weighted signal scoring (no LLM required). 18 types:

login · search-results · product · product-list · checkout · article · dashboard · form · error · challenge · landing · documentation · profile · media · feed · qa · ecommerce · unknown

Classification drives smarter snapshot extraction — login pages surface form fields, articles surface content, dashboards surface interactive elements.

Harness Intelligence

The harness tracks every action in a session and classifies outcomes:

  • Action outcome classificationSUCCESS, SILENT_CLICK, NAVIGATION, WRONG_ELEMENT, BLOCKED, ERROR, PENDING
  • Bot redirect detection — detects when a site redirects to a challenge or block page after an action
  • Loop detection — warns when the agent is stuck clicking the same element, ping-ponging between URLs, or repeating actions
  • Session memorysession_memory tool recalls actions after context window compression

Cookie Persistence

Persistent browser profiles now use context.cookies() + addCookies() instead of storageState(), which returns empty on persistent contexts. Auth state survives across sessions.

Adaptive Wait + Stealth Escalation

Navigate automatically retries with fallback strategies when pages fail to load:

  1. Try load (fastest) — if empty, retry with networkidle (10s cap)
  2. If networkidle times out (Amazon, ad-heavy sites), fall back to domcontentloaded
  3. If blocked/challenged, escalate stealth: random delays → wait for JS challenge → rotate session with fresh fingerprint
  4. Profile sessions (auth'd) never have their session destroyed — hard-capped at Level 2

Opt-out with autoRetry: false on navigate. Control max escalation with maxRetryLevel (0-5, default 3).

Record / Replay

Export a session's action history as a replayable recording, then replay it in new sessions:

  • session_export — creates parameterized JSON or Playwright script from session history. @eN refs resolved to stable CSS selectors. Auto-detects emails, passwords, URLs as {{placeholders}}.
  • session_replay — replays a recording with parameter overrides. Supports onError: 'stop' or 'skip'.

Turn one-off agent workflows into reusable automations.

Pagination Extraction

Extract data across multiple pages in a single tool call:

  • Click-next — auto-detects "Next" buttons, pagination links, "Load more" buttons
  • Infinite scroll — scrolls and waits for new content via DOM hash comparison
  • URL pattern — increments ?page={page} or custom patterns

Replaces 3-4 tool calls per page. Cap: 50 pages, 100K total chars. Stops on: no next button, empty page, duplicate content, or bot detection.

Incremental Snapshots

The diff tool returns only what changed since the last snapshot — additions, removals, changes. Massive token savings for monitoring and polling workflows.

HUD Overlays (LEAP_HUD=true)

When running headed, Leapfrog overlays visual feedback on every session:

  • Click ripple — expanding green circle at click coordinates (agent actions only)
  • Zoom-to-target — browser zooms to 1.15x on the clicked element briefly so agents (and humans) can visually track what's happening in tiled windows
  • Scroll-to-target — scrollIntoView before clicks so you can see what the agent is about to click

Minimal by design. No borders, no status bars, no cursor overlay — just the feedback that matters.

Multi-Terminal Tiling (LEAP_TILE=true)

Multiple Leapfrog instances share the screen via file-based coordination. Each instance tracks its own windows and a TilesCoordinator assigns global grid slots — no overlap, no manual arrangement. Set LEAP_TILE=true (or LEAP_TILE=master for the primary instance). Padding between tiles is configurable with LEAP_TILE_PADDING (default 8px).

Human Intervention

Leapfrog auto-detects situations that need a human — CAPTCHAs, login forms, OAuth redirects, Cloudflare challenges — and tries to self-resolve before pausing.

  • Auto-resolves first: clicks reCAPTCHA checkboxes, Cloudflare verify buttons, generic verify/continue buttons, then a second-pass retry — all before asking for help
  • External solvers: set LEAP_CAPTCHA_PROVIDER + LEAP_CAPTCHA_API_KEY for CapSolver, 2Captcha, or NopeCHA integration
  • Learns what works: remembers which resolution method succeeded per domain and tries the known-good method first on revisit
  • Detects reCAPTCHA, hCaptcha, Turnstile, login forms, OAuth redirects, Cloudflare challenges
  • Tab title changes to "NEEDS HUMAN" when intervention is needed
  • wait_for_human tool — agent calls when stuck, blocks until you resolve it or navigate past

Cookie Consent Auto-Dismiss (LEAP_AUTO_CONSENT=true)

Automatically dismisses cookie consent banners across 10 frameworks (OneTrust, CookieBot, TrustArc, Quantcast, Didomi, Cookielaw, Osano, Usercentrics, + generic) plus text-matching fallback. Per-domain selector caching for instant replay on revisit.

Tracing (LEAP_TRACE=true)

Per-session Playwright tracing with screenshots + DOM snapshots. Export ZIP files viewable at trace.playwright.dev via the session_export_trace tool. Auto-saves on session destroy.

Self-Improvement

Leapfrog learns from every visit. Per-domain knowledge persists at ~/.leapfrog/domains/{domain}.json — 9 dimensions, all automatic:

| # | Dimension | What it does | |---|---|---| | 1 | Wait strategies | Learns optimal wait method per domain (networkidle vs domcontentloaded vs load) + running average timing | | 2 | Stealth tiers | Auto-escalates 0→3 when blocks are detected (2+ blocks in 1 hour). Starts at learned tier on revisit | | 3 | Consent selectors | Remembers cookie banner dismiss selectors, auto-clicks on revisit | | 4 | Challenge resolution | Records which CAPTCHA method worked (reCAPTCHA checkbox, Cloudflare verify, etc.), tries known-good method first | | 5 | Stable element suppression | Identifies nav/footer/sidebar elements seen 3+ visits, suppresses from snapshots (30-40% token savings on mature domains) | | 6 | Selector healing | Remembers element fingerprints → selectors, heals broken refs across visits | | 7 | API endpoint caching | Discovered API endpoints persist across sessions | | 8 | Interaction heat maps | Tracks which elements agents actually use, suppresses untouched elements (coming) | | 9 | Strategy selection | Adversarial bandit (EXP3) for stealth config optimization. Use LEAP_STEALTH=auto to enable. |

LRU eviction at 500 domains. Inspect with the domain_knowledge tool.

SSRF Hardening

URL validation blocks hex-encoded IPs (0x7f000001), octal notation (0177.0.0.1), CGNAT ranges (100.64.0.0/10), and redirect chains that resolve to internal addresses. Localhost and 127.0.0.0/8 are allowed by default for local dev workflows — set LEAP_BLOCK_LOCALHOST=true to block them.

The Ecosystem

Leapfrog uses pond metaphors to keep things memorable. Your agent is the frog.

| Concept | Leapfrog term | What it means | |---|---|---| | Sessions | Ponds | Isolated browser contexts — cookies, storage, state | | Tabs | Lily pads | Where the frog lands within a pond | | Navigate | Leap | Jump to a URL, get a compact snapshot back | | Snapshots | Surface | What you see on the surface — interactive @eN refs | | Network traffic | Ripple | HTTP requests flowing under the surface | | Console errors | Croak | Something went wrong in the browser | | Stealth mode | Camouflage | Anti-bot evasion patches |

All 36 Tools

Pond Management (11)

| Tool | What it does | |---|---| | session_create | Open a new pond — isolated cookies, state, viewport, locale, timezone, stealth, proxy | | session_destroy | Drain a pond and free the slot | | session_list | See all active ponds with URLs and idle times | | session_save_profile | Save auth state to disk for future ponds | | session_list_profiles | List saved auth profiles | | pool_status | Pool stats, memory, uptime | | session_health | Is the pond healthy? Browser connected, page responsive? | | profile_list | List saved persistent browser profiles | | profile_delete | Delete a saved persistent browser profile and its data | | profile_import_from_chrome | Import cookies and state from an installed Chrome profile | | profile_warm | Pre-warm a profile by loading key URLs to establish cookies/state |

Navigation & Snapshots (12)

| Tool | What it does | |---|---| | navigate | Leap to a URL, return a compact @eN snapshot. Adaptive wait + stealth escalation built in. | | snapshot | Re-read the surface (scope with CSS selector) | | diff | Incremental snapshot — returns only what changed since last snapshot | | act | Click, fill, type, check, select, press, scroll, hover, mousemove, drag, upload, resize, back, forward | | batch_actions | Up to 100 sequential actions in one MCP call — eliminates round-trip overhead | | paginate | Extract data across multiple pages in one call (click-next, scroll, URL pattern) | | add_init_script | Inject JS that runs before every page load, persists across navigations | | wait_for | Wait for element / text / network idle / navigation / JS expression | | screenshot | Capture PNG (full page or element) | | extract | Pull text, HTML, title, URL, or evaluate JS | | session_memory | Recall actions performed in this session — recovers context after compression | | session_export | Export session history as a replayable JSON recording or Playwright script |

Tab Management (3)

| Tool | What it does | |---|---| | tabs_list | List all pads in a pond | | tab_switch | Hop to another pad (-1 for most recent popup) | | tab_close | Close a pad (can't close the last one) |

Agent Intelligence (3)

| Tool | What it does | |---|---| | wait_for_human | Pause for human intervention — blocks until user clicks Done on the @..@ overlay | | domain_knowledge | Inspect what Leapfrog has learned about a domain (wait strategies, stealth tiers, endpoints) | | session_export_trace | Export a Playwright trace ZIP — viewable at trace.playwright.dev |

Network & API Intelligence (7)

| Tool | What it does | |---|---| | network_log | See HTTP traffic — filter by URL, method, status, content-type | | console_log | Read browser console output, filtered by level | | network_intercept | Block, mock, or log requests by URL pattern | | api_discover | List JSON APIs the page has called, classified by category (data, tracking, auth, cdn, ads) | | api_export | Generate an OpenAPI v3 spec from observed API traffic | | execute | Run a Playwright script in a sandboxed environment — replaces 5-20 sequential MCP round trips | | session_replay | Replay a recording in the current session with parameter overrides |

Environment Variables

| Variable | Default | Description | |---|---|---| | LEAP_MAX_SESSIONS | 15 | Max concurrent sessions | | LEAP_IDLE_TIMEOUT | 1800000 | Session idle timeout in ms (30 min). Set 0 to disable. | | LEAP_HEADLESS | true | Set false to watch the browser | | LEAP_HEADED | false | Set true to watch the browser (positive alternative to LEAP_HEADLESS) | | LEAP_CHANNEL | (bundled chromium) | Set chrome to use your installed Chrome | | LEAP_CDP_ENDPOINT | (none) | Connect to a running Chrome instance (e.g. http://localhost:9222) | | LEAP_EXTENSIONS | (none) | Comma-separated paths to browser extensions to load | | LEAP_ALLOW_JS | true | Allow JS evaluation in extract and wait_for | | LEAP_STEALTH | true | Stealth mode: true | passive | auto | false. See Stealth section. | | LEAP_STEALTH_PROFILES | false | Enable stealth patches on profile (auth'd) sessions | | LEAP_CDP_STEALTH | true | CDP detection evasion (Runtime.enable filtering) | | LEAP_HUMANIZE | false | Experimental. Human-like mouse movement, typing cadence, and scroll behavior. | | LEAP_ALLOW_EXECUTE | true | Allow the execute tool (sandboxed Playwright scripts) | | LEAP_BLOCK_LOCALHOST | false | Block localhost/127.x.x.x (allowed by default for local dev) | | LEAP_PROFILES_DIR | ~/.leapfrog/chrome-profiles | Directory for persistent browser profiles | | LEAP_TILE | false | Tile sessions in a grid (true | master | false) | | LEAP_TILE_PADDING | 8 | Padding between tiled windows (px) | | LEAP_MULTI_TILE | false | Multi-terminal tiling coordination across Leapfrog instances | | LEAP_SCREEN_WIDTH | (auto) | Explicit screen width for tiling calculations | | LEAP_SCREEN_HEIGHT | (auto) | Explicit screen height for tiling calculations | | LEAP_HUD | false | Click ripple, zoom-to-target, scroll-to-target on agent actions | | LEAP_AUTO_CONSENT | true | Auto-dismiss cookie consent banners (10 frameworks + fallback) | | LEAP_TRACE | false | Per-session Playwright tracing (screenshots + DOM snapshots) | | LEAP_RECORD | false | Session recording (action history export) | | LEAP_REBROWSER | false | Enable Rebrowser integration | | LEAP_AUTO_WARM | false | Auto-warm profiles by loading key URLs on session create | | LEAP_CAPTCHA_PROVIDER | (none) | External CAPTCHA solver: capsolver | 2captcha | nopecha | | LEAP_CAPTCHA_API_KEY | (none) | API key for the configured CAPTCHA provider | | LEAP_MAX_SESSIONS_PER_CLIENT | (none) | Per-client session pool limit | | LEAP_LOG_LEVEL | info | debug / info / warn / error |

Tests

 769 passing across 31 suites

Session management, snapshot engine, snapshot differ, network intelligence, tab management, security, SSRF protection, stealth patches (19), stealth enhanced, humanization (mouse, typing, scroll), page classification, harness intelligence, API intelligence, script executor, extended actions, HUD overlays, human intervention, cookie consent, domain knowledge, selector healing, stable elements, tile manager, bug regression, integration smoke, stress tests, benchmarks.

npm test

Requirements

  • Node.js >= 20
  • Chromium — use system Chrome (LEAP_CHANNEL=chrome) or install via npx playwright-core install chromium

License

MIT