Book a demo →
npm package report

Is undici safe?

Checked against the XYZ decision brain: known-malicious corpus, advisories, commit-level findings, dependencies and provenance.

cyberxyz.io/packages/npm/undici
npm packagelast checked 2026-06-10

undici · verdict ALERT · review advised

3.6/10
XYZ SCORE
SUMMARY

Verdict ALERT · 40 known dependencies · 1 flagged · provenance: unknown

Re-check live →

SIGNALS
Advisory HistoryclearOK

24 historical advisory record(s) on this package (max severity HIGH). Add a version to check whether it is affected.

Commit-Level AnalysistriggeredHIGH

build(deps): bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (#5156) Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 8.1.0 to 8.1.1. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commit

DEPENDENCIES
abort-controller@^3.0.0clean
atomic-sleep@^1.0.0clean
axios@^1.6.5block
benchmark@^2.1.4clean
borp@^0.10.0clean
borp@^0.11.0clean
borp@^0.12.0clean
borp@^0.13.0clean
borp@^0.14.0clean
borp@^0.15.0clean
borp@^0.17.0clean
borp@^0.18.0clean
borp@^0.19.0clean
borp@^0.5.0clean
borp@^0.9.1clean
busboy@^0.3.1clean
busboy@^1.6.0clean
c8@^10.0.0clean
c8@^9.1.0clean
chai@^4.3.4clean
PACKAGE undiciECOSYSTEM npmDECISION ALERT

Baked snapshot · run a live check for the current verdict · browse all packages