Is Express safe?
- Node.js network egress
express is an AI npm_package analyzed by SkillTotal's deterministic static scanner. The scan found no malicious indicators, though 1 risky construct are reported for review. It can: network egress — capabilities are what the code can do, not a verdict on intent. Risk score 0/100 (low).
express 5.2.1
Automated static-analysis result. It can contain false positives and false negatives, and is not a claim about the intent of Express's authors. Report a false positive.
Findings (1)
The component makes outbound network requests.
var http = require('node:http');* var http = require('node:http')* , https = require('node:https')var http = require('node:http');var http = require('node:http');var { METHODS } = require('node:http');Why it matters: Usually legitimate, but confirm the destinations are expected and no sensitive data leaves.
Fix: Confirm the destination hosts are expected and that no sensitive data is sent off-host.
Check your own component
Run the same evidence-backed scan on any MCP server, agent skill, or package.
Scan your own componentOr get notified if this component's risk changes:
How we determine this: deterministic static analysis (regex + AST), evidence-anchored, no code execution. Methodology →