Book a demo →
npm package report

Is vite safe?

Checked against the XYZ decision brain: known-malicious corpus, advisories, commit-level findings, dependencies and provenance.

cyberxyz.io/packages/npm/vite
npm packagelast checked 2026-06-10

vite · verdict ALERT · review advised

4.5/10
XYZ SCORE
SUMMARY

Verdict ALERT · 40 known dependencies · provenance: verified (sigstore)

Re-check live →

SIGNALS
Advisory HistoryclearOK

66 historical advisory record(s) on this package (max severity HIGH). Add a version to check whether it is affected.

Commit-Level AnalysistriggeredHIGH

chore(deps): update pnpm/action-setup action to v6 (#22222) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

Anomaly HistoryclearOK

1 historical anomaly alert(s) (transitive_malicious_dep) on this package. Add a version to check whether it is affected.

DEPENDENCIES
acorn@^8.0.4clean
acorn@^8.10.0clean
acorn@^8.11.2clean
acorn@^8.11.3clean
acorn@^8.4.0clean
acorn@^8.4.1clean
acorn@^8.5.0clean
acorn@^8.6.0clean
acorn@^8.7.0clean
acorn@^8.7.1clean
acorn@^8.8.0clean
acorn@^8.8.1clean
acorn@^8.8.2clean
acorn@^8.9.0clean
acorn-class-fields@^0.3.7clean
acorn-class-fields@^1.0.0clean
acorn-import-assertions@^1.9.0clean
acorn-numeric-separator@^0.3.6clean
acorn-static-class-features@^0.2.4clean
acorn-static-class-features@^1.0.0clean
PACKAGE viteECOSYSTEM npmDECISION ALERT

Baked snapshot · run a live check for the current verdict · browse all packages