Book a demo →
npm package report

Is node-fetch safe?

Checked against the XYZ decision brain: known-malicious corpus, advisories, commit-level findings, dependencies and provenance.

cyberxyz.io/packages/npm/node-fetch
npm packagelast checked 2026-06-10

node-fetch · verdict ALLOW · no known risk

0.6/10
XYZ SCORE
SUMMARY

Verdict ALLOW · 40 known dependencies · provenance: unknown

Re-check live →

SIGNALS
Advisory HistoryclearOK

5 historical advisory record(s) on this package (max severity HIGH). Add a version to check whether it is affected.

DEPENDENCIES
abort-controller@^1.0.2clean
abort-controller@^1.1.0clean
abort-controller@^3.0.0clean
abortcontroller-polyfill@^1.1.9clean
abortcontroller-polyfill@^1.3.0clean
abortcontroller-polyfill@^1.4.0clean
abortcontroller-polyfill@^1.5.0clean
abortcontroller-polyfill@^1.7.1clean
@babel/cli@^7.8.4clean
@babel/core@^7.8.7clean
@babel/core@^7.9.0clean
babel-core@^6.26.0clean
babel-core@^6.26.3clean
babel-plugin-add-module-exports@^1.0.2clean
babel-plugin-istanbul@^3.0.0clean
babel-plugin-istanbul@^4.0.0clean
babel-plugin-istanbul@^4.1.5clean
babel-plugin-istanbul@^4.1.6clean
babel-plugin-istanbul@^6.0.0clean
babel-plugin-transform-async-generator-functions@^6.24.1clean
PACKAGE node-fetchECOSYSTEM npmDECISION ALLOW

Baked snapshot · run a live check for the current verdict · browse all packages