Skip to content

webpeel/webpeel

v0.10.0 Security

This release includes 3 security fixes for security teams reviewing exposed deployments.

Published 3mo MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 3 known CVEs

Topics

ai-agent ai-agents browser-automation claude-code codex content-extraction
+14 more
cursor firecrawl-alternative mcp mcp-server model-context-protocol llm screenshot structured-data token-efficiency typescript web-crawler web-data web-scraping web-search

Affected surfaces

auth crypto_tls

Summary

AI summary

Browser Profiles, CSS Schema Extraction, LLM Extraction, and Hotel Search are new features.

Full changelog

What's New

🚀 Features

  • Browser Profileswebpeel profile create|list|show|delete manages persistent browser sessions. Pass --profile <name> on fetch or search to reuse cookies, localStorage, and auth state.
  • CSS Schema Extraction — 7 bundled schemas (Booking.com, Amazon, eBay, Yelp, Walmart, HN, Expedia). Auto-detected by domain, --schema <name> to force.
  • LLM Extraction--llm-extract [instruction] extracts structured data from any page using OpenAI-compatible BYOK. Includes per-request cost tracking.
  • Hotel Searchwebpeel hotels "destination" --checkin DATE --sort price runs parallel multi-source hotel searches (Kayak, Booking.com, Google Travel, Expedia).

🛡️ Stealth v2

  • Fixed viewport fingerprint leaks, __pwInitScripts injection artifacts, and Chrome branding leaks.
  • PerimeterX bypass reliable — Expedia confirmed working.
  • Challenge detection wired end-to-end: runs after every fetch, 17 new signals.

🔒 Security

  • PostgreSQL TLS secure-by-default
  • Timing oracle fix (constant-time auth)
  • OAuth rate limiter per-IP (was per-provider)
  • Screenshot route standardized error format

🐛 Fixes

  • Title cleaning (Google Travel suffixes, ad prefixes)
  • Multi-cluster extraction for diverse pages
  • React Error Boundary added to dashboard (was blank page on JS crash)

📊 Stats

  • 497 tests (494 pass, 3 skipped)
  • 7 CSS extraction schemas
  • 4 hotel search sources
npm install -g [email protected]

Full changelog: https://webpeel.dev/changelog

Full Changelog: https://github.com/webpeel/webpeel/compare/v0.9.0...v0.10.0

Security Fixes

  • PostgreSQL TLS now enabled by default.
  • Timing oracle vulnerability fixed via constant-time authentication.
  • OAuth rate limiting changed to per-IP enforcement.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track webpeel/webpeel

Get notified when new releases ship.

Sign up free

About webpeel/webpeel

Smart web fetcher for AI agents with auto-escalation from HTTP to headless browser to stealth mode. Includes 9 MCP tools: fetch, search, crawl, map, extract, batch, screenshot, jobs, and agent. Achieved 100% success rate on a 30-URL benchmark.

All releases →

Related context

Beta — feedback welcome: [email protected]