Is @asyncapi/openapi-schema-parser safe to use?

@asyncapi/openapi-schema-parser has no known vulnerabilities on the latest version (3.0.24). DepScope rates its health at 46/100 (high risk).

What is the latest version of @asyncapi/openapi-schema-parser?

The latest version of @asyncapi/openapi-schema-parser is 3.0.24, released 2024-06-12.

Does @asyncapi/openapi-schema-parser have known vulnerabilities?

No known vulnerabilities on the latest version of @asyncapi/openapi-schema-parser.

Is @asyncapi/openapi-schema-parser deprecated?

No, @asyncapi/openapi-schema-parser is actively maintained. Latest release: 3.0.24 (2024-06-12).

What are alternatives to @asyncapi/openapi-schema-parser?

Popular alternatives to @asyncapi/openapi-schema-parser in npm include: semver, debug, minimatch, strip-ansi, ms.

What license does @asyncapi/openapi-schema-parser use?

@asyncapi/openapi-schema-parser is licensed under Apache-2.0.

@asyncapi/openapi-schema-parser

npmv3.0.24

An AsyncAPI schema parser for OpenAPI 3.0.x and Swagger 2.x schemas.

License Apache-2.0permissive32 versions3 maintainers5 deps

asyncapi/openapi-schema-parser

/ 100

Health

do not use

Do not install. Package is flagged as malicious (advisory MAL-2025-190639).

Health breakdown0 – 100

5/25

maintenance

0/20

popularity

25/25

security

12/15

maturity

4/15

community

Vulnerabilities

none known

Bundle & TypeScript

🌟

TypeScript

10/10typed

bundled

⚠ Malicious package

This package is flagged as malicious by the OpenSSF/OSV community feed. Do not install.

Advisory: MAL-2025-190639 — Malicious code in @asyncapi/openapi-schema-parser (npm)

Health History

Dependency Tree

License Audit

Dependencies (5)

ajv ajv-errors ajv-formats @asyncapi/parser @openapi-contrib/openapi-schema-to-json-schema

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/@asyncapi/openapi-schema-parser