Is rollup safe? npm package security report

cyberxyz.io/packages/npm/rollup

npm packagelast checked 2026-06-10

rollup · verdict BLOCK · blocked

9.0/10

XYZ SCORE

SUMMARY

Verdict BLOCK · 40 known dependencies · provenance: unknown

Re-check live →

SIGNALS

Advisory HistoryclearOK

4 historical advisory record(s) on this package (max severity HIGH). Add a version to check whether it is affected.

Commit-Level AnalysistriggeredCRITICAL

Eliminate AWS credential exposure on fork PRs in REPL artefact workflow (#6376) * Separate and limit pull_request_target flow to absolute minimum This should reduce the attack surface and also avoid social engineering attacks. * Improve handling of skipped flow * More improve

Anomaly HistoryclearOK

1 historical anomaly alert(s) (transitive_malicious_dep) on this package. Add a version to check whether it is affected.

DEPENDENCIES

acorn@^1.1.0clean

acorn@^2.3.0clean

acorn@^2.5.0clean

acorn@^2.6.4clean

acorn@^3.1.0clean

acorn@^3.2.0clean

acorn@^4.0.1clean

acorn@4.0.4clean

acorn@^5.0.3clean

acorn@^5.1.1clean

acorn@^5.2.1clean

acorn@^5.4.1clean

acorn@^5.5.0clean

acorn@^5.5.3clean

acorn@^5.7.1clean

acorn@^5.7.3clean

acorn@^6.0.4clean

acorn@^6.0.5clean

acorn@^6.1.0clean

acorn@^6.1.1clean

PACKAGE rollupECOSYSTEM npmDECISION BLOCK

Baked snapshot · run a live check for the current verdict · browse all packages