Is @accordproject/concerto-metamodel safe to use?

@accordproject/concerto-metamodel has no known vulnerabilities on the latest version (3.12.9). DepScope rates its health at 74/100 (moderate risk).

What is the latest version of @accordproject/concerto-metamodel?

The latest version of @accordproject/concerto-metamodel is 3.12.9, released 2026-03-22.

No known vulnerabilities on the latest version of @accordproject/concerto-metamodel.

No, @accordproject/concerto-metamodel is actively maintained. Latest release: 3.12.9 (2026-03-22).

Popular alternatives to @accordproject/concerto-metamodel in npm include: semver, minimatch, ansi-styles, brace-expansion, strip-ansi.

@accordproject/concerto-metamodel is licensed under Apache-2.0.

npmv3.12.9

Concerto metamodel utilities

License Apache-2.0permissive342 versions3 maintainers0 deps13,108 weekly dl

/ 100

Health

do not use

Do not install. Package is flagged as malicious (advisory MAL-2025-191174).

Health breakdown0 – 100

20/25

maintenance

10/20

popularity

25/25

security

15/15

maturity

4/15

community

Vulnerabilities

none known

🌟

10/10typed

bundled

⚠ Malicious package

This package is flagged as malicious by the OpenSSF/OSV community feed. Do not install.

Advisory: MAL-2025-191174 — Malicious code in @accordproject/concerto-metamodel (npm)

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/@accordproject/concerto-metamodel