Is color-convert safe to use?

color-convert has no known vulnerabilities on the latest version (3.1.3). DepScope rates its health at 57/100 (high risk).

What is the latest version of color-convert?

The latest version of color-convert is 3.1.3, released 2025-11-14.

Does color-convert have known vulnerabilities?

No known vulnerabilities on the latest version of color-convert.

Is color-convert deprecated?

No, color-convert is actively maintained. Latest release: 3.1.3 (2025-11-14).

What are alternatives to color-convert?

Popular alternatives to color-convert in npm include: debug, minimatch, ansi-styles, brace-expansion, strip-ansi.

What license does color-convert use?

color-convert is licensed under MIT.

color-convert

npmv3.1.3

Plain color conversion functions

License MITpermissive40 versions1 maintainers1 deps

Qix-/color-convert

/ 100

Health

do not use

Do not install. Package is flagged as malicious (advisory MAL-2025-46971).

Health breakdown0 – 100

15/25

maintenance

0/20

popularity

25/25

security

15/15

maturity

2/15

community

Vulnerabilities

none known

Bundle & TypeScript

📦

Bundle Size

14.4 KBminified

5.4 KB gzipped

1 direct dependencies

side effects

🌟

TypeScript

10/10typed

bundled

⚠ Malicious package

This package is flagged as malicious by the OpenSSF/OSV community feed. Do not install.

Advisory: MAL-2025-46971 — Malicious code in color-convert (npm)

OSS Scorecard

OpenSSF security posture score

3.3/10

weak

Maintainer trust

Active maintainers (3m)

1

Contributors (12m)

3

Primary author dominance

60%

GitHub stars

819

single active maintainer 3m

Quality signals

OSS Criticality

0.78critical

Download trend

stable(+1.7%)

Publish security

npm signed

Health History

Dependency Tree

License Audit

Dependencies (1)

color-name

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/color-convert