npm · registry.npmjs.org

kuzushi

Remote Dependency Spec: optionalDependencies.@kuzushi/tob-skills="github:allsmog/tob-security-skills#98dda39a53eb74b90d60f305c8523e47552a9fb2"

Why PkgRadar flagged 0.24.0-alpha.4

Severity	Signal	Evidence
high	New Lifecycle Script Vs Previous	postinstall added in 0.24.0-alpha.4 vs 0.20.0: "node scripts/check-native-bindings.mjs" · package.json
high	Remote Dependency Spec	optionalDependencies.@kuzushi/tob-skills="github:allsmog/tob-security-skills#98dda39a53eb74b90d60f305c8523e47552a9fb2" · package.json
high	Remote Dependency Spec	optionalDependencies.@kuzushi/vuln-scout="github:allsmog/vuln-scout#79df9e804c6a87f0af3c779c55d2fcdb4675f49d" · package.json
high	Remote Dependency Spec	optionalDependencies.promptarmor-plugin="github:allsmog/promptarmor-plugin#690d60a5b4d2136206ef7dedd516d3fcfddd4db9" · package.json
high	Remote Dependency Spec	optionalDependencies.shinsa-plugin="github:allsmog/shinsa-plugin#74b3737d225970d849f5f6f57095cfe65ee7ccdf" · package.json
high	New Remote Dependency Vs Previous	optionalDependencies.@kuzushi/tob-skills added in 0.24.0-alpha.4 vs 0.20.0: "github:allsmog/tob-security-skills#98dda39a53eb74b90d60f305c8523e47552a9fb2" · package.json
high	New Remote Dependency Vs Previous	optionalDependencies.@kuzushi/vuln-scout added in 0.24.0-alpha.4 vs 0.20.0: "github:allsmog/vuln-scout#79df9e804c6a87f0af3c779c55d2fcdb4675f49d" · package.json
high	New Remote Dependency Vs Previous	optionalDependencies.promptarmor-plugin added in 0.24.0-alpha.4 vs 0.20.0: "github:allsmog/promptarmor-plugin#690d60a5b4d2136206ef7dedd516d3fcfddd4db9" · package.json
high	New Remote Dependency Vs Previous	optionalDependencies.shinsa-plugin added in 0.24.0-alpha.4 vs 0.20.0: "github:allsmog/shinsa-plugin#74b3737d225970d849f5f6f57095cfe65ee7ccdf" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.17.2`	Review	70	2026-06-12
`0.19.3`	Review	70	2026-06-12
`0.20.0`	Review	70	2026-06-12
`0.24.0-alpha.4`	High risk	245	2026-06-12

Block this in CI

PkgRadar gates kuzushi (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]

Start free — 25 scans / mo View full evidence