npm v12 turns install scripts off by default, so you approve them one by one. CyberXYZ tells you which are safe, and reads the code for the attacks a blocklist can’t see. Check any package against the XYZ decision brain.
// caught recently · live from the XYZ corpus
Live: every check runs against the XYZ decision brain. Famous incidents (axios, Shai-Hulud, event-stream) show our full curated dissections. Book a demo for fleet-wide enforcement. Browse all package reports.