Book a demo →
npm package report

Is postcss safe?

Checked against the XYZ decision brain: known-malicious corpus, advisories, commit-level findings, dependencies and provenance.

cyberxyz.io/packages/npm/postcss
npm packagelast checked 2026-06-10

postcss · verdict ALERT · review advised

4.0/10
XYZ SCORE
SUMMARY

Verdict ALERT · 40 known dependencies · provenance: unknown

Re-check live →

SIGNALS
Advisory HistoryclearOK

6 historical advisory record(s) on this package (max severity MODERATE). Add a version to check whether it is affected.

Commit-Level AnalysistriggeredHIGH

Install older pnpm action for old Node.js

DEPENDENCIES
6to5@1.12.0clean
6to5@1.12.12clean
6to5@1.12.26clean
6to5@1.12.9clean
6to5@1.14.17clean
6to5@1.14.4clean
6to5@1.14.7clean
6to5@2.13.7clean
6to5@2.2.0clean
6to5@2.9.4clean
6to5@3.0.9clean
6to5@3.6.4clean
ava@0.15.2clean
ava@0.16.0clean
ava@^0.17.0clean
ava@0.17.0clean
babel@4.4.5clean
babel@4.4.6clean
babel@4.7.16clean
babel@5.0.8clean
PACKAGE postcssECOSYSTEM npmDECISION ALERT

Baked snapshot · run a live check for the current verdict · browse all packages