Book a demo →
npm package report

Is three safe?

Checked against the XYZ decision brain: known-malicious corpus, advisories, commit-level findings, dependencies and provenance.

cyberxyz.io/packages/npm/three
npm packagelast checked 2026-06-10

three · verdict ALERT · review advised

3.5/10
XYZ SCORE
SUMMARY

Verdict ALERT · 0 known dependencies · provenance: unknown

Re-check live →

SIGNALS
Advisory HistoryclearOK

2 historical advisory record(s) on this package (max severity HIGH). Add a version to check whether it is affected.

Commit-Level AnalysistriggeredHIGH

chore(deps): update actions/setup-node digest to 48b55a0 (#33472) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

PACKAGE threeECOSYSTEM npmDECISION ALERT

Baked snapshot · run a live check for the current verdict · browse all packages