# browserify@16.5.2 — Threat Briefing

Low risk — threat briefing for npm package browserify@16.5.2. Capabilities, risk paths, and what to check.

- **Ecosystem:** npm
- **Latest version:** 17.0.1
- **License:** MIT

## Risk

- **Level:** low
- **Summary:** No risky changes detected

## Capability Summary

| Capability | Level |
|---|---|
| install scripts | none |
| network access | none |
| filesystem | both |
| shell execution | exec |

## Capabilities

### Execution

- CLI command installation [common]
- Shell execution [unusual]

### Other

- Binary download and execution [common]
- Bulk environment variable access [common]
- Filesystem read from package directory (info-only) [common]
- VM code execution [common]
- Node vm-module / v8 bytecode execution [common]

### Environment

- Environment variable access [common]

### Filesystem

- Filesystem read [common]
- Filesystem write [common]

### System

- Process control [common]

## Key Signals

- ****

## Trust Signals

### Code Safety

- No obfuscated or encoded payloads
- No dynamic code execution
- No access to sensitive paths
- No network activity during install

## Maintainer