Book a demo →
npm package report

Is zustand safe?

Checked against the XYZ decision brain: known-malicious corpus, advisories, commit-level findings, dependencies and provenance.

cyberxyz.io/packages/npm/zustand
npm packagelast checked 2026-06-10

zustand · verdict ALERT · review advised

4.0/10
XYZ SCORE
SUMMARY

Verdict ALERT · 40 known dependencies · provenance: verified (sigstore)

Re-check live →

SIGNALS
Commit-Level AnalysistriggeredHIGH

update pnpm etc (#3512) * update pnpm etc * more * update pnpm-workspace * fix dups

DEPENDENCIES
@babel/core@7.3.4clean
@babel/core@^7.4.3clean
@babel/core@^7.4.5clean
@babel/plugin-proposal-class-properties@^7.4.4clean
@babel/plugin-transform-modules-commonjs@7.2.0clean
@babel/plugin-transform-modules-commonjs@^7.4.3clean
@babel/plugin-transform-modules-commonjs@^7.4.4clean
@babel/plugin-transform-parameters@7.3.3clean
@babel/plugin-transform-react-jsx@^7.3.0clean
@babel/plugin-transform-runtime@7.3.4clean
@babel/plugin-transform-template-literals@7.2.0clean
@babel/plugin-transform-typescript@^7.4.0clean
@babel/plugin-transform-typescript@^7.4.5clean
@babel/preset-env@7.3.4clean
@babel/preset-env@^7.4.3clean
@babel/preset-env@^7.4.5clean
@babel/preset-react@7.0.0clean
@babel/preset-typescript@^7.3.3clean
@babel/runtime@^7.4.3clean
copyfiles@^2.1.0clean
PACKAGE zustandECOSYSTEM npmDECISION ALERT

Baked snapshot · run a live check for the current verdict · browse all packages