The MPM is the Meta Package Manager that are specifically designed to provide a more secured and light-weighted solution for the publishment, maintenance, distribution, integration, and security of the supply chain of Web3 projects, including not only the Web3 contracts, but also the web2 infrastructures. Based on MPM, we aim to provide a better integrated solution for the community to establish a more secured Web3 ecosystem. MPM consists of 6 main submodules, MPM Registry, MPM Advisory, MPM Client, MPM Backend, MPM Auditing, and MPM Configuration.

• MPM Registry is a private registry to maintain the artifacts and their corresponding metadata that are verified by us, and it also provides the comprehensive security profiles of the commonly used third-party libraries and smart contracts. Based on this, we can make comprehensive decisions on handling and mitigating security threats within users’ projects.

• MPM Advisory is an advisory database to maintain the security related information (i.e., vulnerabilities) for both web2 and web3 components (i.e., third party libraries and smart contracts, etc.), including not only public vulnerabilities, but also vulnerabilities collected by our other powerful scanners. This also play an important role to mitigate security threats within users’ projects.

• MPM Client is the package manager client, with which users can not only easily manage their dependencies (i.e., smart contracts, third-party libraries, etc) in secured ways, but also obtain comprehensive profiles (i.e., from MetaScore) of their own projects before publishment or on-chain, by interacting with our powerful engines (i.e., MPM Auditing and MPM Backend).

• MPM Backend is the backend service that processes requests from MPM Client and make right decisions on remediation strategies by not only taking the potential security risks (i.e., Meta Advisory) into consideration, but also considering the non-functional properties (i.e., the profiles in MPM Registry) so that we can provide the most appropriate and comprehensive strategies on dependency management.

• MPM Auditing is a front end of the engines behind MetaScore, which with, we are able to provide a comprehensive analysis of users’ projects before they are published or on-chain.

• MPM Configuration is a set of new configuration options realized by a new domain specific language for Web3 project configuration management, which not only offers a new and more light-weighted way for users to define their dependencies on external smart contracts, but also provides a flexible and configurable way for users to control the thresholds and priorities when deriving integrated solutions on dependency management.