Is Carbon Safe? Trust Analysis 2026

Nerq Trust Intelligence

Is Carbon Safe?

Carbon — Nerq Trust Score 60.8/100 (C+ grade). Based on analysis of 2 trust dimensions, it is generally safe but has some concerns. with 1 known vulnerabilities Last updated: 2026-04-03.

Use Carbon with some caution. Carbon is a PHP package with a Nerq Trust Score of 60.8/100 (C+), based on 3 independent data dimensions. It is below the recommended threshold of 70. Security: 80/100. Popularity: 100/100. Data sourced from packagist.org, GitHub, and NVD. Last updated: 2026-04-03. Machine-readable data (JSON).

Is Carbon safe?

CAUTION — Carbon has a Nerq Trust Score of 60.8/100 (C+). It has moderate trust signals but shows some areas of concern that warrant attention. Suitable for development use — review security and maintenance signals before production deployment.

Security Analysis → {name} Privacy Report →

What is Carbon's trust score?

Carbon has a Nerq Trust Score of 60.8/100, earning a C+ grade. This score is based on 2 independently measured dimensions including security, maintenance, and community adoption.

Security

80

Popularity

100

What are the key security findings for Carbon?

Carbon's strongest signal is popularity at 100/100. 1 known vulnerabilities were identified. It has not yet reached the Nerq Verified threshold of 70+.

✓Security score: 80/100 (strong)

⚠Popularity: 100/100 — 583 stars on packagist

What is Carbon and who maintains it?

Author	nesbot
Category	packagist
Stars	583
Source	N/A

Similar Packagist by Trust Score

geocoder-php/common-http (63)php-parallel-lint/php-console-color (63)driftingly/rector-laravel (63)queue-interop/queue-interop (63)laravel/serializable-closure (63)

See all safest Packagist →

Compare

Carbon vs geocoder-php/common-http Carbon vs php-parallel-lint/php-console-color Carbon vs driftingly/rector-laravel

Safety Guide: Carbon

What is Carbon?

Carbon is a PHP package — An API extension for DateTime that supports 281 different languages..

How to Verify Safety

Run composer audit. Check packagist.org.

You can also check the trust score via API: GET /v1/preflight?target=nesbot/carbon

Key Safety Concerns for PHP packages

When evaluating any PHP package, watch for: dependency vulnerabilities, PHP compatibility.

Trust Assessment

Carbon has a Nerq Trust Score of 61/100 (C+) and has not yet reached Nerq trust threshold (70+). This score is based on automated analysis of security, maintenance, community, and quality signals.

Key Takeaways

Carbon has a Trust Score of 61/100 (C+).
Review carefully before use — below trust threshold.
Always verify independently using the Nerq API.

Detailed Score Analysis

Dimension	Score
Security	80/100
Privacy	80/100
Reliability	90/100
Transparency	50/100
Maintenance	60/100

Based on 5 dimensions. Data from packagist.org, GitHub, and NVD.

What data does Carbon collect?

Carbon is a PHP package maintained by nesbot. It receives approximately 658,222,897 weekly downloads.

As a development package, Carbon does not directly collect end-user personal data. However, applications built with it may collect data depending on implementation. Privacy score: 80/100.

Review the package's dependencies for potential supply chain risks. Run your package manager's audit command regularly.

Full analysis: Carbon Privacy Report · Privacy review

Is Carbon secure?

Security score: 80/100. This meets the recommended security threshold for production use.

Nerq monitors this entity against NVD, OSV.dev, and registry-specific vulnerability databases for ongoing security assessment.

Full analysis: Carbon Security Report

How we calculated this score

Carbon's trust score of 60.8/100 (C+) is computed from packagist.org, GitHub, and NVD. The score reflects 5 independent dimensions: security (80/100), privacy (80/100), reliability (90/100), transparency (50/100), maintenance (60/100). Each dimension is weighted equally to produce the composite trust score.

Nerq analyzes over 7.5 million entities across 26 registries using the same methodology, enabling direct cross-entity comparison. Scores are updated continuously as new data becomes available.

This page was last reviewed on April 03, 2026. Data version: 1.0.

Full methodology documentation · Machine-readable data (JSON API)

Frequently Asked Questions

Is Carbon safe to use?

Use with some caution. nesbot/carbon has a Nerq Trust Score of 60.8/100 (C+). Strongest signal: popularity (100/100). Score based on security (80/100), popularity (100/100).

What is Carbon's trust score?

nesbot/carbon: 60.8/100 (C+). Score based on: security (80/100), popularity (100/100). Scores update as new data becomes available. API: GET nerq.ai/v1/preflight?target=nesbot/carbon

What are safer alternatives to Carbon?

In the packagist category, more PHP packages are being analyzed — check back soon. nesbot/carbon scores 60.8/100.

Does Carbon have known vulnerabilities?

Nerq checks Carbon against NVD, OSV.dev, and registry-specific vulnerability databases. Current security score: 80/100. Run your package manager's audit command for the latest findings.

How actively maintained is Carbon?

Carbon has a trust score of 60.8/100 (C+). Below Nerq Verified threshold — conduct additional review.

API: /v1/preflight Trust Badge API Docs

Popular in packagist

Common Http 63 Php Console Color 63 Rector Laravel 63 Queue Interop 63 Serializable Closure 63 Security Bundle 63 Jwt Refresh Token Bundle 63 Phpstan Prophecy 63 Htmlpurifier Bundle 63 Lightncandy 63 Property Info 63 Pretty Package Versions 63

Recently Analyzed

Mobirise website_builder Ucraft website_builder Google Sites website_builder Zyro website_builder Simplesite website_builder Bookmark website_builder Hugo website_builder Gatsby Cloud website_builder Appy Pie Website website_builder Leadpages website_builder

Disclaimer: Nerq trust scores are automated assessments based on publicly available signals. They are not endorsements or guarantees. Always conduct your own due diligence.