npm package report

Is ora safe?

Checked against the XYZ decision brain: known-malicious corpus, advisories, commit-level findings, dependencies and provenance.

cyberxyz.io/packages/npm/ora

npm packagelast checked 2026-06-10

ora · verdict ALLOW · no known risk

0.6/10

XYZ SCORE

SUMMARY

Verdict ALLOW · 40 known dependencies · provenance: unknown

SIGNALS

All signals clearclearOK

No known-malicious match, advisory, commit-level finding or anomaly.

DEPENDENCIES

ava@*clean

ava@1.0.0-beta.6clean

ava@^1.2.1clean

ava@^1.4.1clean

ava@^2.4.0clean

ava@^3.15.0clean

ava@^4.0.1clean

ava@^5.3.1clean

bl@^4.0.3clean

bl@^4.1.0clean

bl@^5.0.0clean

chalk@^1.1.1clean

chalk@^2.1.0clean

chalk@^2.3.1clean

chalk@^2.4.2clean

chalk@^3.0.0clean

chalk@^4.1.0clean

chalk@^4.1.2clean

chalk@^5.0.0clean

chalk@^5.3.0clean

PACKAGE oraECOSYSTEM npmDECISION ALLOW

Baked snapshot · run a live check for the current verdict · browse all packages