Book a demo →
npm package report

Is sass safe?

Checked against the XYZ decision brain: known-malicious corpus, advisories, commit-level findings, dependencies and provenance.

cyberxyz.io/packages/npm/sass
npm packagelast checked 2026-06-10

sass · verdict ALERT · review advised

4.0/10
XYZ SCORE
SUMMARY

Verdict ALERT · 8 known dependencies · provenance: verified (sigstore)

Re-check live →

SIGNALS
Commit-Level AnalysistriggeredHIGH

Bump postcss from 8.5.8 to 8.5.12 in /pkg/sass-parser (#2766) Bumps [postcss](https://github.com/postcss/postcss) from 8.5.8 to 8.5.12. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Comm

Anomaly HistoryclearOK

1 historical anomaly alert(s) (transitive_malicious_dep) on this package. Add a version to check whether it is affected.

DEPENDENCIES
chokidar@^2.0.0clean
chokidar@>=2.0.0 <4.0.0clean
chokidar@>=3.0.0 <4.0.0clean
chokidar@^4.0.0clean
immutable@^4.0.0clean
immutable@^5.0.2clean
@parcel/watcher@^2.4.1clean
source-map-js@>=0.6.2 <2.0.0clean
PACKAGE sassECOSYSTEM npmDECISION ALERT

Baked snapshot · run a live check for the current verdict · browse all packages