Book a demo →
npm package report

Is express safe?

Checked against the XYZ decision brain: known-malicious corpus, advisories, commit-level findings, dependencies and provenance.

cyberxyz.io/packages/npm/express
npm packagelast checked 2026-06-10

express · verdict ALERT · review advised

2.5/10
XYZ SCORE
SUMMARY

Verdict ALERT · 40 known dependencies · provenance: none found

Re-check live →

SIGNALS
Advisory HistoryclearOK

8 historical advisory record(s) on this package (max severity LOW). Add a version to check whether it is affected.

Commit-Level AnalysistriggeredHIGH

build(deps): bump actions/setup-node from 6.2.0 to 6.3.0 (#7149) Bumps [actions/setup-node](https://github.com/actions/setup-node) from 6.2.0 to 6.3.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/604

DEPENDENCIES
accepts@1.0.0clean
accepts@1.0.1clean
accepts@1.0.2clean
accepts@1.0.3clean
accepts@~1.0.5clean
accepts@~1.0.7clean
accepts@~1.1.0clean
accepts@~1.1.1clean
accepts@~1.1.2clean
accepts@~1.1.3clean
accepts@~1.1.4clean
accepts@~1.2.10clean
accepts@~1.2.12clean
accepts@~1.2.2clean
accepts@~1.2.3clean
accepts@~1.2.4clean
accepts@~1.2.5clean
accepts@~1.2.7clean
accepts@~1.2.9clean
accepts@~1.3.3clean
PACKAGE expressECOSYSTEM npmDECISION ALERT

Baked snapshot · run a live check for the current verdict · browse all packages