npm · registry.npmjs.org

@optave/codegraph

Remote Dependency Spec: devDependencies.tree-sitter-clojure="github:sogaiu/tree-sitter-clojure"

Why PkgRadar flagged 3.11.0

Severity	Signal	Evidence
medium	Remote Dependency Spec	devDependencies.tree-sitter-clojure="github:sogaiu/tree-sitter-clojure" · package.json
medium	Remote Dependency Spec	devDependencies.tree-sitter-erlang="github:WhatsApp/tree-sitter-erlang#semver:*" · package.json
medium	Remote Dependency Spec	devDependencies.tree-sitter-fsharp="https://github.com/ionide/tree-sitter-fsharp/archive/refs/tags/0.3.0.tar.gz" · package.json
medium	Remote Dependency Spec	devDependencies.tree-sitter-gleam="github:gleam-lang/tree-sitter-gleam" · package.json
medium	Dependency Changed To Remote Vs Previous	devDependencies.tree-sitter-fsharp changed to remote spec in 3.11.0 vs 3.10.0: "https://github.com/ionide/tree-sitter-fsharp/archive/refs/tags/0.3.0.tar.gz" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`3.11.0`	Review	40	2026-06-03
`3.11.2`	Review	9	2026-06-01
`3.11.1`	Review	9	2026-05-30
`3.10.0`	Review	7	2026-05-25

Block this in CI

PkgRadar gates @optave/codegraph (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @optave/[email protected]