Book a demo →
npm package report

Is tailwindcss safe?

Checked against the XYZ decision brain: known-malicious corpus, advisories, commit-level findings, dependencies and provenance.

cyberxyz.io/packages/npm/tailwindcss
npm packagelast checked 2026-06-10

tailwindcss · verdict ALERT · review advised

4.0/10
XYZ SCORE
SUMMARY

Verdict ALERT · 40 known dependencies · provenance: verified (sigstore)

Re-check live →

SIGNALS
Commit-Level AnalysistriggeredHIGH

Setup OIDC publishing (#19943) This PR merges the `release-insiders.yml` and `release.yml` such that we can setup OIDC publishing to npmjs.com.

Anomaly HistoryclearOK

1 historical anomaly alert(s) (transitive_malicious_dep) on this package. Add a version to check whether it is affected.

DEPENDENCIES
@alloc/quick-lru@^5.2.0clean
@ampproject/remapping@^2.3.0clean
arg@^5.0.0clean
arg@^5.0.1clean
arg@^5.0.2clean
autoprefixer@^10.0.1clean
autoprefixer@^10.0.2clean
autoprefixer@^10.2.4clean
autoprefixer@^10.2.5clean
autoprefixer@^10.2.6clean
autoprefixer@^10.3.1clean
autoprefixer@^10.3.3clean
autoprefixer@^10.3.6clean
autoprefixer@^10.3.7clean
autoprefixer@^10.4.0clean
autoprefixer@^10.4.1clean
autoprefixer@^10.4.11clean
autoprefixer@^10.4.12clean
autoprefixer@^10.4.13clean
autoprefixer@^10.4.14clean
PACKAGE tailwindcssECOSYSTEM npmDECISION ALERT

Baked snapshot · run a live check for the current verdict · browse all packages