Book a demo →
npm package report

Is chai safe?

Checked against the XYZ decision brain: known-malicious corpus, advisories, commit-level findings, dependencies and provenance.

cyberxyz.io/packages/npm/chai
npm packagelast checked 2026-06-10

chai · verdict ALERT · review advised

4.0/10
XYZ SCORE
SUMMARY

Verdict ALERT · 40 known dependencies · provenance: verified (sigstore)

Re-check live →

SIGNALS
Commit-Level AnalysistriggeredHIGH

chore(deps): update dependencies (#1797) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

DEPENDENCIES
assertion-error@1.0.0clean
assertion-error@^1.0.1clean
assertion-error@^1.1.0clean
assertion-error@^2.0.1clean
browserify@^10.2.1clean
browserify@^13.0.1clean
browserify@^14.4.0clean
browserify@^16.0.0clean
browserify@^16.2.3clean
browserify@^16.5.2clean
bump-cli@^1.1.3clean
bump-cli@^2.7.1clean
c8@^10.1.3clean
check-error@^1.0.1clean
check-error@^1.0.2clean
check-error@^1.0.3clean
check-error@^2.0.0clean
check-error@^2.1.1clean
codecov@^3.0.0clean
codecov@^3.8.1clean
PACKAGE chaiECOSYSTEM npmDECISION ALERT

Baked snapshot · run a live check for the current verdict · browse all packages