Book a demo →
npm package report

Is webpack safe?

Checked against the XYZ decision brain: known-malicious corpus, advisories, commit-level findings, dependencies and provenance.

cyberxyz.io/packages/npm/webpack
npm packagelast checked 2026-06-10

webpack · verdict ALERT · review advised

4.8/10
XYZ SCORE
SUMMARY

Verdict ALERT · 40 known dependencies · provenance: unknown

Re-check live →

SIGNALS
Advisory HistoryclearOK

4 historical advisory record(s) on this package (max severity CRITICAL). Add a version to check whether it is affected.

Commit-Level AnalysistriggeredHIGH

chore(deps): bump the dependencies group with 4 updates (#20863) Bumps the dependencies group with 4 updates: [actions/setup-node](https://github.com/actions/setup-node), [CodSpeedHQ/action](https://github.com/codspeedhq/action), [dependabot/fetch-metadata](https://github.com/de

DEPENDENCIES
acorn@^2.4.0clean
acorn@^3.0.0clean
acorn@^3.2.0clean
acorn@^4.0.3clean
acorn@^4.0.4clean
acorn@^5.0.0clean
acorn@^5.6.2clean
acorn@^6.0.0clean
acorn@^6.0.5clean
acorn@^6.2.0clean
acorn@^6.2.1clean
acorn@^6.4.1clean
acorn@^7.0.0clean
acorn@^7.3.0clean
acorn@^7.4.0clean
acorn@^8.0.3clean
acorn@^8.0.4clean
acorn@^8.14.0clean
acorn@^8.2.1clean
acorn@^8.4.1clean
PACKAGE webpackECOSYSTEM npmDECISION ALERT

Baked snapshot · run a live check for the current verdict · browse all packages