Obviously very keen to make sure that we keep an open approach to accepting PRs, but we have to be aware that detect-browser is driven entirely by regexes running in the browser. Regexes are well known to have a significant risk factor around vulnerabilities so I think we need to some kind of testing as part of our CI pipeline.

I need to dig up an email around this where a friendly soul pointed me in the direction of some automated test tools...