browser-paths 1.0.1

Locate the executable file paths of Chrome and Edge based on the current platform
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

# Security Policy

## Supported Versions

We release patches for security vulnerabilities for the following versions:

| Version | Supported          |
| ------- | ------------------ |
| 1.x.x   | :white_check_mark: |
| < 1.0   | :x:                |

## Reporting a Vulnerability

If you believe you have found a security vulnerability in `browser-paths`, please report it responsibly.

**Please do not open a public GitHub issue for security vulnerabilities.**

1. **Preferred**: Open a [GitHub Security Advisory](https://github.com/betterhyq/browser-paths/security/advisories/new) (repository owners/maintainers can triage and discuss privately).
2. **Alternatively**: Contact the maintainer(s) directly (e.g. via the contact information in [Cargo.toml](Cargo.toml) or the repository profile) with a clear description of the issue and steps to reproduce.

You can expect:

- **Acknowledgment** of your report within a reasonable time.
- **Updates** on the status of the issue and any planned fix.
- **Credit** for the finding in the advisory or release notes (unless you prefer to remain anonymous).

We ask that you allow time for a fix before any public disclosure.

## Scope

`browser-paths` is a small library that **only discovers filesystem paths** to Chrome and Edge executables on the current machine. It:

- Does **not** execute browsers or any other programs.
- Does **not** perform network access.
- Does **not** read or write arbitrary files (it only checks whether expected paths exist).
- Builds paths from fixed patterns and, on Windows, from environment variables (`LOCALAPPDATA`, `PROGRAMFILES`, `ProgramFiles(x86)`).

Security issues in how **your application** uses the returned path (e.g. spawning the browser with untrusted input) are outside the scope of this crate’s security policy but are worth careful design in your own code.

## Dependencies

We keep the dependency set minimal. The only runtime dependency is [which](https://crates.io/crates/which), used on Linux to resolve binary names. We rely on [Dependabot](.github/dependabot.yml) and regular updates to address dependency vulnerabilities.