Book a demo →
npm package report

Is zod safe?

Checked against the XYZ decision brain: known-malicious corpus, advisories, commit-level findings, dependencies and provenance.

cyberxyz.io/packages/npm/zod
npm packagelast checked 2026-06-10

zod · verdict ALERT · review advised

4.0/10
XYZ SCORE
SUMMARY

Verdict ALERT · 40 known dependencies · provenance: unknown

Re-check live →

SIGNALS
Advisory HistoryclearOK

1 historical advisory record(s) on this package (max severity MODERATE). Add a version to check whether it is affected.

Commit-Level AnalysistriggeredHIGH

ci: pass CLAUDE_CODE_OAUTH_TOKEN to pullfrog agent

DEPENDENCIES
@babel/core@^7.22.5clean
babel-jest@^29.5.0clean
@babel/preset-env@^7.22.5clean
@babel/preset-typescript@^7.22.5clean
benchmark@^2.1.4clean
cowsay@^1.5.0clean
dependency-cruiser@^9.19.0clean
esbuild@^0.14.49clean
esbuild-runner@^2.2.1clean
eslint@^7.15.0clean
eslint@^8.11.0clean
eslint-config-prettier@^7.0.0clean
eslint-config-prettier@^7.1.0clean
eslint-config-prettier@^8.5.0clean
eslint-plugin-ban@^1.5.2clean
eslint-plugin-ban@^1.6.0clean
eslint-plugin-import@^2.22.1clean
eslint-plugin-import@^2.25.4clean
eslint-plugin-simple-import-sort@^6.0.1clean
eslint-plugin-simple-import-sort@^7.0.0clean
PACKAGE zodECOSYSTEM npmDECISION ALERT

Baked snapshot · run a live check for the current verdict · browse all packages