Book a demo →
npm package report

Is pg safe?

Checked against the XYZ decision brain: known-malicious corpus, advisories, commit-level findings, dependencies and provenance.

cyberxyz.io/packages/npm/pg
npm packagelast checked 2026-06-10

pg · verdict ALLOW · no known risk

0.6/10
XYZ SCORE
SUMMARY

Verdict ALLOW · 40 known dependencies · provenance: unknown

Re-check live →

SIGNALS
Advisory HistoryclearOK

11 historical advisory record(s) on this package (max severity CRITICAL). Add a version to check whether it is affected.

DEPENDENCIES
async@0.2.10clean
async@0.9.0clean
async@2.6.4clean
bindings@^1.2.1clean
bindings@1.2.1clean
bluebird@3.5.2clean
bluebird@3.7.2clean
buffer-writer@1.0.0clean
buffer-writer@1.0.1clean
buffer-writer@2.0.0clean
@cloudflare/vitest-pool-workers@0.8.12clean
@cloudflare/vitest-pool-workers@0.8.23clean
@cloudflare/workers-types@^4.20230404.0clean
co@4.6.0clean
deprecate@~0.1.0clean
eslint@^4.19.1clean
eslint@4.2.0clean
eslint@^6.0.1clean
eslint-config-standard@10.2.1clean
eslint-config-standard@^11.0.0clean
PACKAGE pgECOSYSTEM npmDECISION ALLOW

Baked snapshot · run a live check for the current verdict · browse all packages