Book a demo →
npm package report

Is morgan safe?

Checked against the XYZ decision brain: known-malicious corpus, advisories, commit-level findings, dependencies and provenance.

cyberxyz.io/packages/npm/morgan
npm packagelast checked 2026-06-10

morgan · verdict ALLOW · no known risk

0.6/10
XYZ SCORE
SUMMARY

Verdict ALLOW · 40 known dependencies · provenance: unknown

Re-check live →

SIGNALS
Advisory HistoryclearOK

1 historical advisory record(s) on this package (max severity CRITICAL). Add a version to check whether it is affected.

DEPENDENCIES
basic-auth@1.0.0clean
basic-auth@~1.0.1clean
basic-auth@~1.0.2clean
basic-auth@~1.0.3clean
basic-auth@~1.1.0clean
basic-auth@~2.0.0clean
basic-auth@~2.0.1clean
bytes@~0.2.0clean
bytes@0.3.0clean
bytes@1.0.0clean
connect@*clean
coveralls@2.10.0clean
debug@~2.1.0clean
debug@~2.1.1clean
debug@~2.1.3clean
debug@~2.2.0clean
debug@2.6.0clean
debug@2.6.1clean
debug@2.6.8clean
debug@2.6.9clean
PACKAGE morganECOSYSTEM npmDECISION ALLOW

Baked snapshot · run a live check for the current verdict · browse all packages