Book a demo →
npm package report

Is react safe?

Checked against the XYZ decision brain: known-malicious corpus, advisories, commit-level findings, dependencies and provenance.

cyberxyz.io/packages/npm/react
npm packagelast checked 2026-06-10

react · verdict ALLOW · no known risk

0.6/10
XYZ SCORE
SUMMARY

Verdict ALLOW · 40 known dependencies · provenance: unknown

Re-check live →

SIGNALS
Advisory HistoryclearOK

3 historical advisory record(s) on this package (max severity HIGH). Add a version to check whether it is affected.

Anomaly HistoryclearOK

1 historical anomaly alert(s) (transitive_malicious_dep) on this package. Add a version to check whether it is affected.

DEPENDENCIES
amdefine@~0.0.2clean
amdefine@~0.0.5clean
chai@~0.5.2clean
chai@~1.2.0clean
chai@~1.6.0clean
create-react-class@^15.5.2clean
create-react-class@^15.6.0clean
Deferred@~0.1.1clean
ensure-array@~0.0.2clean
ensure-array@~0.0.5clean
envify@^2.0.0clean
envify@^3.0.0clean
eventemitter2@~0.4.1clean
eventemitter2@~0.4.11clean
fbjs@0.1.0-alpha.4clean
fbjs@^0.2.0clean
fbjs@^0.3.1clean
fbjs@^0.6.0clean
fbjs@^0.6.1clean
fbjs@^0.8.0clean
PACKAGE reactECOSYSTEM npmDECISION ALLOW

Baked snapshot · run a live check for the current verdict · browse all packages