Package evidence
[email protected]
Remote Dependency Spec: devDependencies.tree-sitter-asm="git+https://github.com/RubixDev/tree-sitter-asm.git#839741fef4dab5128952334624905c82b40c7133"
Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 64
- Versions published
- 9
- First published
- May 2026
- Publisher
- crysthamus
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Remote Dependency Spec: devDependencies.tree-sitter-asm="git+https://github.com/RubixDev/tree-sitter-asm.git#839741fef4dab5128952334624905c82b40c7133"
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (3 events)
- available → available · risk review · score 280 · status available -> available, risk high -> review, score 300 -> 280
- available → available · risk high · score 300 · status available -> available, risk high -> high, score 1169 -> 300
- new → available · risk high · score 1169 · status changed
Related candidates
Linked campaigns and clusters
crysthamus
3 members · evidence strength 77Evidence
Static findings
28 static · 27 from release diff · showing high-signal first.
Showing 30 of 55 findings.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Remote Dependency Spec | package.json | devDependencies.tree-sitter-asm="git+https://github.com/RubixDev/tree-sitter-asm.git#839741fef4dab5128952334624905c82b40c7133" | 8 |
| medium | Remote Dependency Spec | package.json | devDependencies.tree-sitter-astro="git+https://github.com/virchau13/tree-sitter-astro.git#213f6e6973d9b456c6e50e86f19f66877e7ef0ee" | 8 |
| medium | Remote Dependency Spec | package.json | devDependencies.tree-sitter-clojure="git+https://github.com/sogaiu/tree-sitter-clojure.git#e43eff80d17cf34852dcd92ca5e6986d23a7040f" | 8 |
| medium | Remote Dependency Spec | package.json | devDependencies.tree-sitter-cmake="git+https://github.com/uyha/tree-sitter-cmake.git#c7b2a71e7f8ecb167fad4c97227c838439280175" | 8 |
| medium | Remote Dependency Spec | package.json | devDependencies.tree-sitter-commonlisp="git+https://github.com/tree-sitter-grammars/tree-sitter-commonlisp.git#32323509b3d9fe96607d151c2da2c9009eb13a2f" | 8 |
| medium | Remote Dependency Spec | package.json | devDependencies.tree-sitter-csv="git+https://github.com/tree-sitter-grammars/tree-sitter-csv.git#f6bf6e35eb0b95fbadea4bb39cb9709507fcb181" | 8 |
| medium | Remote Dependency Spec | package.json | devDependencies.tree-sitter-diff="git+https://github.com/tree-sitter-grammars/tree-sitter-diff.git#2520c3f934b3179bb540d23e0ef45f75304b5fed" | 8 |
| medium | Remote Dependency Spec | package.json | devDependencies.tree-sitter-dockerfile="git+https://github.com/camdencheek/tree-sitter-dockerfile.git#971acdd908568b4531b0ba28a445bf0bb720aba5" | 8 |
| medium | Remote Dependency Spec | package.json | devDependencies.tree-sitter-editorconfig="git+https://github.com/ValdezFOmar/tree-sitter-editorconfig.git#bfd74395e393f56ba58db953458b346f02d6f7b2" | 8 |
| medium | Remote Dependency Spec | package.json | devDependencies.tree-sitter-erlang="git+https://github.com/WhatsApp/tree-sitter-erlang.git#e446ec60022a7cafe157805742b41c04b499cc5d" | 8 |
| medium | Remote Dependency Spec | package.json | devDependencies.tree-sitter-fish="git+https://github.com/ram02z/tree-sitter-fish.git#f435b0bd772578c70e5d158b85267bb886316f88" | 8 |
| medium | Remote Dependency Spec | package.json | devDependencies.tree-sitter-gdshader="git+https://github.com/airblast-dev/tree-sitter-gdshader.git#68268631c8b6dc093985f1246b099f81b30ea7d1" | 8 |
| medium | Remote Dependency Spec | package.json | devDependencies.tree-sitter-git-config="git+https://github.com/the-mikedavis/tree-sitter-git-config.git#0fbc9f99d5a28865f9de8427fb0672d66f9d83a5" | 8 |
| medium | Remote Dependency Spec | package.json | devDependencies.tree-sitter-git-rebase="git+https://github.com/the-mikedavis/tree-sitter-git-rebase.git#39bf3b7566c86ccffd70aaa5105c7c8b76788975" | 8 |
| medium | Remote Dependency Spec | package.json | devDependencies.tree-sitter-gitignore="git+https://github.com/shunsambongi/tree-sitter-gitignore.git#f4685bf11ac466dd278449bcfe5fd014e94aa504" | 8 |
| medium | Remote Dependency Spec | package.json | devDependencies.tree-sitter-graphql="git+https://github.com/joowani/tree-sitter-graphql.git#df5b88d1d24dcfc02e64919d2d20491359abe4c8" | 8 |
| medium | Remote Dependency Spec | package.json | devDependencies.tree-sitter-groovy="git+https://github.com/murtaza64/tree-sitter-groovy.git#deb0dcf8c4544f07564060f6e9b9f6e4b0bfc27d" | 8 |
| medium | Remote Dependency Spec | package.json | devDependencies.tree-sitter-ini="git+https://github.com/justinmk/tree-sitter-ini.git#e4018b5176132b4f3c5d6e61cea383f42288d0f5" | 8 |
| medium | Remote Dependency Spec | package.json | devDependencies.tree-sitter-julia="git+https://github.com/tree-sitter/tree-sitter-julia.git#e0f9dcd180fdcfcfa8d79a3531e11d99e79321d3" | 8 |
| medium | Remote Dependency Spec | package.json | devDependencies.tree-sitter-matlab="git+https://github.com/acristoffers/tree-sitter-matlab.git#c2390a59016f74e7d5f75ef09510768b4f30217e" | 8 |
| medium | Remote Dependency Spec | package.json | devDependencies.tree-sitter-nim="git+https://github.com/alaviss/tree-sitter-nim.git#3878440d9398515ae053c6f6024986e69868bb74" | 8 |
| medium | Remote Dependency Spec | package.json | devDependencies.tree-sitter-nix="git+https://github.com/nix-community/tree-sitter-nix.git#69fbfb02896cdd27cb7ff3cd61f7f3f6bde4f017" | 8 |
| medium | Remote Dependency Spec | package.json | devDependencies.tree-sitter-perl="git+https://github.com/tree-sitter-perl/tree-sitter-perl.git#release" | 8 |
| medium | Remote Dependency Spec | package.json | devDependencies.tree-sitter-query="git+https://github.com/tree-sitter-grammars/tree-sitter-query.git#fc5409c6820dd5e02b0b0a309d3da2bfcde2db17" | 8 |
| medium | Remote Dependency Spec | package.json | devDependencies.tree-sitter-vim="git+https://github.com/tree-sitter-grammars/tree-sitter-vim.git#3092fcd99eb87bbd0fc434aa03650ba58bd5b43b" | 8 |
| medium | Remote Dependency Spec | package.json | devDependencies.tree-sitter-vimdoc="git+https://github.com/neovim/tree-sitter-vimdoc.git#f061895a0eff1d5b90e4fb60d21d87be3267031a" | 8 |
| medium | Remote Dependency Spec | package.json | devDependencies.tree-sitter-vue="git+https://github.com/tree-sitter-grammars/tree-sitter-vue.git#ce8011a414fdf8091f4e4071752efc376f4afb08" | 8 |
| medium | Remote Dependency Spec | package.json | devDependencies.tree-sitter-yaml="git+https://github.com/tree-sitter-grammars/tree-sitter-yaml.git#a1c4812a73ec5e089de8e441fdea3a921e8d5079" | 8 |
| medium | New Remote Dependency Vs Previous | package.json | devDependencies.tree-sitter-asm added in 2.0.0 vs 1.1.0: "git+https://github.com/RubixDev/tree-sitter-asm.git#839741fef4dab5128952334624905c82b40c7133" | 8 |
| medium | New Remote Dependency Vs Previous | package.json | devDependencies.tree-sitter-astro added in 2.0.0 vs 1.1.0: "git+https://github.com/virchau13/tree-sitter-astro.git#213f6e6973d9b456c6e50e86f19f66877e7ef0ee" | 8 |
Manifest
Package metadata
Scripts2
buildnode build.jstestecho "WASM binaries verified during build." && exit 0