Book a demo →
npm package report

Is ua-parser-js safe?

Checked against the XYZ decision brain: known-malicious corpus, advisories, commit-level findings, dependencies and provenance.

cyberxyz.io/packages/npm/ua-parser-js
npm packagelast checked 2026-06-10

ua-parser-js · verdict BLOCK · blocked

9.0/10
XYZ SCORE
SUMMARY

Verdict BLOCK · 33 known dependencies · provenance: verified (sigstore)

Re-check live →

SIGNALS
Known Malicious PackagematchedCRITICAL

Human-verified malicious package in the CyberXYZ corpus (Signal C).

Advisory HistoryclearOK

7 historical advisory record(s) on this package (max severity CRITICAL). Add a version to check whether it is affected.

Commit-Level AnalysistriggeredHIGH

CI: Add AI and spam detection to pull request workflow

DEPENDENCIES
@babel/parser@7.15.8clean
@babel/traverse@7.15.4clean
@babel/traverse@7.23.2clean
detect-europe-js@^0.1.1clean
detect-europe-js@^0.1.2clean
is-standalone-pwa@^0.1.0clean
is-standalone-pwa@^0.1.1clean
@jazzer.js/core@^1.4.0clean
jshint@~1.1.0clean
jshint@>= 1.1.0clean
jshint@~2.12.0clean
jshint@~2.13.6clean
mocha@~1.7.1clean
mocha@>= 1.7.1clean
mocha@~1.8.0clean
mocha@~8.2.0clean
node-fetch@^2.7.0clean
@playwright/test@~1.32.2clean
@playwright/test@^1.49.0clean
requirejs@^2.3.2clean
PACKAGE ua-parser-jsECOSYSTEM npmDECISION BLOCK

Baked snapshot · run a live check for the current verdict · browse all packages