Book a demo →
npm package report

Is semver safe?

Checked against the XYZ decision brain: known-malicious corpus, advisories, commit-level findings, dependencies and provenance.

cyberxyz.io/packages/npm/semver
npm packagelast checked 2026-06-10

semver · verdict ALLOW · no known risk

0.6/10
XYZ SCORE
SUMMARY

Verdict ALLOW · 34 known dependencies · provenance: unknown

Re-check live →

SIGNALS
Advisory HistoryclearOK

2 historical advisory record(s) on this package (max severity HIGH). Add a version to check whether it is affected.

DEPENDENCIES
benchmark@^2.1.4clean
lru-cache@^4.1.5clean
lru-cache@^6.0.0clean
lru-cache@^7.4.0clean
@npmcli/eslint-config@^3.0.1clean
@npmcli/eslint-config@^4.0.0clean
@npmcli/eslint-config@^5.0.0clean
@npmcli/template-oss@3.2.2clean
@npmcli/template-oss@3.3.2clean
@npmcli/template-oss@4.13.0clean
@npmcli/template-oss@4.14.1clean
@npmcli/template-oss@4.15.1clean
@npmcli/template-oss@4.17.0clean
@npmcli/template-oss@4.21.3clean
@npmcli/template-oss@4.22.0clean
@npmcli/template-oss@4.23.4clean
@npmcli/template-oss@4.24.3clean
@npmcli/template-oss@4.4.4clean
tap@0.xclean
tap@0.x >=0.0.4clean
PACKAGE semverECOSYSTEM npmDECISION ALLOW

Baked snapshot · run a live check for the current verdict · browse all packages