npm · registry.npmjs.org
@reteps/tree-sitter-htmlmustache
Install-time lifecycle script: install="node-gyp-build || exit 0"
Why PkgRadar flagged 1.4.0
| Severity | Signal | Evidence |
|---|---|---|
| high | Install-time lifecycle script | install="node-gyp-build || exit 0" · package.json |
| high | Install Lifecycle Suppresses Failure | install="node-gyp-build || exit 0" · package.json |
| medium | Obfuscation Density | high encoded/escaped-token density · package/dist/cli/main.js |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/dist/linter/index.mjs |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.4.0 | Review | 37 | 2026-05-24 |
1.4.1 | Review | 37 | 2026-05-24 |
Related campaigns
- install_lifecycle_suppresses_failure:install="node-gyp-build || exit 0" — 2 releases, max score 80
- install_lifecycle_script:install="node-gyp-build || exit 0" — 2 releases, max score 80
Block this in CI
pkgradar gate --ecosystem npm @reteps/[email protected]