Is chokidar safe? npm package security report

cyberxyz.io/packages/npm/chokidar

npm packagelast checked 2026-06-10

chokidar · verdict ALERT · review advised

4.0/10

XYZ SCORE

SUMMARY

Verdict ALERT · 40 known dependencies · provenance: verified (sigstore)

Re-check live →

SIGNALS

Commit-Level AnalysistriggeredHIGH

chore: bump dev dependencies (#1457) This updates typescript and a few other dev dependencies. The type checker got smarter so one of the test functions no longer type checks correctly thanks to spying on a complex union. So I have used an `as never` cast.

Anomaly HistoryclearOK

1 historical anomaly alert(s) (transitive_malicious_dep) on this package. Add a version to check whether it is affected.

DEPENDENCIES

anymatch@^1.1.0clean

anymatch@~1.1.0clean

anymatch@^1.3.0clean

anymatch@^2.0.0clean

anymatch@^3.0.1clean

anymatch@^3.1.0clean

anymatch@~3.1.1clean

anymatch@~3.1.2clean

arrify@^1.0.0clean

async-each@^0.1.5clean

async-each@~0.1.5clean

async-each@^0.1.6clean

async-each@^1.0.0clean

async-each@^1.0.1clean

async-each@^1.0.3clean

beare@0.1.1clean

braces@^2.3.0clean

braces@^2.3.2clean

braces@^3.0.2clean

braces@~3.0.2clean

PACKAGE chokidarECOSYSTEM npmDECISION ALERT

Baked snapshot · run a live check for the current verdict · browse all packages