Book a demo →
npm package report

Is vitest safe?

Checked against the XYZ decision brain: known-malicious corpus, advisories, commit-level findings, dependencies and provenance.

cyberxyz.io/packages/npm/vitest
npm packagelast checked 2026-06-10

vitest · verdict BLOCK · blocked

9.0/10
XYZ SCORE
SUMMARY

Verdict BLOCK · 40 known dependencies · provenance: verified (sigstore)

Re-check live →

SIGNALS
Advisory HistoryclearOK

6 historical advisory record(s) on this package (max severity CRITICAL). Add a version to check whether it is affected.

Commit-Level AnalysistriggeredCRITICAL

chore: add zizmor (#10375)

DEPENDENCIES
acorn@^8.8.0clean
acorn@^8.8.1clean
acorn@^8.8.2clean
acorn@^8.9.0clean
acorn-walk@^8.2.0clean
acorn-walk@^8.3.0clean
acorn-walk@^8.3.1clean
acorn-walk@^8.3.2clean
acorn-walk@^8.3.3clean
acorn-walk@^8.3.4clean
@ampproject/remapping@^2.2.0clean
@ampproject/remapping@^2.2.1clean
@ampproject/remapping@^2.3.0clean
@antfu/eslint-config@^0.11.1clean
@antfu/eslint-config@^0.12.1clean
@antfu/eslint-config@^0.12.2clean
@antfu/eslint-config@^0.13.1clean
@antfu/install-pkg@^0.1.0clean
@antfu/install-pkg@^0.1.1clean
@antfu/install-pkg@^0.3.1clean
PACKAGE vitestECOSYSTEM npmDECISION BLOCK

Baked snapshot · run a live check for the current verdict · browse all packages