Is color safe to use?

color has no known vulnerabilities on the latest version (5.0.3). DepScope rates its health at 57/100 (high risk).

What is the latest version of color?

The latest version of color is 5.0.3, released 2025-11-14.

Does color have known vulnerabilities?

No known vulnerabilities on the latest version of color.

No, color is actively maintained. Latest release: 5.0.3 (2025-11-14).

What are alternatives to color?

Popular alternatives to color in npm include: semver, minimatch, ansi-styles, brace-expansion, strip-ansi.

color

npmv5.0.3

Color conversion and manipulation with CSS string support

License MITpermissive51 versions1 maintainers2 deps

Qix-/color

/ 100

Health

do not use

Do not install. Package is flagged as malicious (advisory MAL-2025-46985).

Health breakdown0 – 100

15/25

maintenance

0/20

popularity

25/25

security

15/15

maturity

2/15

community

Vulnerabilities

none known

Bundle & TypeScript

📦

Bundle Size

23.1 KBminified

8.2 KB gzipped

2 direct dependencies

🌟

TypeScript

10/10typed

bundled

⚠ Malicious package

This package is flagged as malicious by the OpenSSF/OSV community feed. Do not install.

Advisory: MAL-2025-46985 — Malicious code in color (npm)

Quality signals

OSS Criticality

0.75critical

Download trend

stable(+3.4%)

Publish security

npm signed

Health History

Dependency Tree

License Audit

Dependencies (2)

color-convert color-string

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/color