Book a demo →
npm package report

Is dayjs safe?

Checked against the XYZ decision brain: known-malicious corpus, advisories, commit-level findings, dependencies and provenance.

cyberxyz.io/packages/npm/dayjs
npm packagelast checked 2026-06-10

dayjs · verdict ALERT · review advised

4.0/10
XYZ SCORE
SUMMARY

Verdict ALERT · 40 known dependencies · provenance: verified (sigstore)

Re-check live →

SIGNALS
Commit-Level AnalysistriggeredHIGH

Merge pull request #3113 from iamkun/dev D2M

DEPENDENCIES
@babel/cli@^7.0.0-beta.44clean
@babel/core@^7.0.0-beta.44clean
babel-core@^7.0.0-bridge.0clean
babel-jest@^22.4.3clean
@babel/node@^7.0.0-beta.44clean
babel-plugin-external-helpers@^6.22.0clean
@babel/preset-env@^7.0.0-beta.44clean
c8@^7.11.2clean
cross-env@^5.1.6clean
esbuild@^0.14.36clean
eslint@^4.19.1clean
eslint@^8.13.0clean
eslint@^8.24.0clean
eslint-config-airbnb-base@^12.1.0clean
eslint-config-airbnb-base@^15.0.0clean
eslint-define-config@^1.3.0clean
eslint-plugin-import@^2.10.0clean
eslint-plugin-import@^2.16.0clean
eslint-plugin-jest@^21.15.0clean
esno@^0.14.1clean
PACKAGE dayjsECOSYSTEM npmDECISION ALERT

Baked snapshot · run a live check for the current verdict · browse all packages