Book a demo →
npm package report

Is dotenv safe?

Checked against the XYZ decision brain: known-malicious corpus, advisories, commit-level findings, dependencies and provenance.

cyberxyz.io/packages/npm/dotenv
npm packagelast checked 2026-06-10

dotenv · verdict ALLOW · no known risk

0.6/10
XYZ SCORE
SUMMARY

Verdict ALLOW · 40 known dependencies · provenance: none found

Re-check live →

SIGNALS
All signals clearclearOK

No known-malicious match, advisory, commit-level finding or anomaly.

DEPENDENCIES
babel@5.8.23clean
coveralls@^2.11.9clean
decache@^4.5.0clean
decache@^4.5.1clean
decache@^4.6.1clean
decache@^4.6.2clean
@definitelytyped/dtslint@^0.0.133clean
dtslint@^0.3.0clean
dtslint@^0.9.8clean
dtslint@^3.4.2clean
dtslint@^3.7.0clean
flow-bin@^0.105.2clean
flow-bin@^0.109.0clean
flow-bin@^0.82.0clean
flow-bin@^0.84.0clean
flow-bin@^0.92.1clean
flow-bin@^0.98.0clean
lab@11.1.0clean
lab@^14.3.2clean
lab@5.17.0clean
PACKAGE dotenvECOSYSTEM npmDECISION ALLOW

Baked snapshot · run a live check for the current verdict · browse all packages