Book a demo →
npm package report

Is axios safe?

Checked against the XYZ decision brain: known-malicious corpus, advisories, commit-level findings, dependencies and provenance.

cyberxyz.io/packages/npm/axios
npm packagelast checked 2026-06-10

axios · verdict BLOCK · blocked

9.0/10
XYZ SCORE
SUMMARY

Verdict BLOCK · 40 known dependencies · provenance: verified (sigstore)

Re-check live →

SIGNALS
Known Malicious PackagematchedCRITICAL

Human-verified malicious package in the CyberXYZ corpus (Signal C).

Advisory HistoryclearOK

48 historical advisory record(s) on this package (max severity CRITICAL). Add a version to check whether it is affected.

Commit-Level AnalysistriggeredCRITICAL

docs: clarify package update PR policy (#10992)

Anomaly HistoryclearOK

1 historical anomaly alert(s) (version_jump) on this package. Add a version to check whether it is affected.

DEPENDENCIES
abortcontroller-polyfill@^1.5.0clean
abortcontroller-polyfill@^1.7.3clean
abortcontroller-polyfill@^1.7.5clean
auto-changelog@^2.4.0clean
@babel/core@^7.18.2clean
@babel/core@^7.23.9clean
@babel/preset-env@^7.18.2clean
@babel/preset-env@^7.23.9clean
body-parser@^1.20.0clean
body-parser@^1.20.2clean
bundlesize@^0.17.0clean
bundlesize@^0.5.7clean
chalk@^5.2.0clean
chalk@^5.3.0clean
@commitlint/cli@^17.3.0clean
@commitlint/cli@^17.8.1clean
@commitlint/config-conventional@^17.3.0clean
@commitlint/config-conventional@^17.8.1clean
coveralls@^2.11.2clean
coveralls@^2.11.3clean
PACKAGE axiosECOSYSTEM npmDECISION BLOCK

Baked snapshot · run a live check for the current verdict · browse all packages