Package evidence

[email protected]

Remote Dependency Spec: devDependencies.tree-sitter-ada="git+https://github.com/briot/tree-sitter-ada.git#6b58259a08b1a22ba0247a7ce30be384db618da6"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads: 1,193Niche · −30% score
Versions published: 9
First published: May 2026
Publisher: crysthamus

Effective trust discount applied: −30% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'

Publishercrysthamus

Artifact bytes9,794,921

Previous version3.0.0

Published2026-05-25T09:11:38.256Z

SHA-25615b48ce054249bb9d569d3a3b450c961df8fca9a5bab75356ae69655bcf9e113

Why flagged

What the scanner saw

Remote Dependency Spec: devDependencies.tree-sitter-ada="git+https://github.com/briot/tree-sitter-ada.git#6b58259a08b1a22ba0247a7ce30be384db618da6"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review

23d agoLast checked

reviewRisk

70Score

3.0.1Version

Status history (1 event)

new → available23d ago · risk review · score 70 · status changed

Evidence

Static findings

36 static · 0 from release diff · showing high-signal first.

Showing 30 of 36 findings.

Severity	Kind	Path	Detail	Points
medium	Remote Dependency Spec	package.json	devDependencies.tree-sitter-ada="git+https://github.com/briot/tree-sitter-ada.git#6b58259a08b1a22ba0247a7ce30be384db618da6"	8
medium	Remote Dependency Spec	package.json	devDependencies.tree-sitter-asm="git+https://github.com/RubixDev/tree-sitter-asm.git#839741fef4dab5128952334624905c82b40c7133"	8
medium	Remote Dependency Spec	package.json	devDependencies.tree-sitter-astro="git+https://github.com/virchau13/tree-sitter-astro.git#213f6e6973d9b456c6e50e86f19f66877e7ef0ee"	8
medium	Remote Dependency Spec	package.json	devDependencies.tree-sitter-bibtex="git+https://github.com/latex-lsp/tree-sitter-bibtex.git#8d04ed27b3bc7929f14b7df9236797dab9f3fa66"	8
medium	Remote Dependency Spec	package.json	devDependencies.tree-sitter-cairo="git+https://github.com/starkware-libs/tree-sitter-cairo.git#8dcd77dbe7f68b2cc661031dff224dfc17bdbaf4"	8
medium	Remote Dependency Spec	package.json	devDependencies.tree-sitter-clojure="git+https://github.com/sogaiu/tree-sitter-clojure.git#e43eff80d17cf34852dcd92ca5e6986d23a7040f"	8
medium	Remote Dependency Spec	package.json	devDependencies.tree-sitter-cmake="git+https://github.com/uyha/tree-sitter-cmake.git#c7b2a71e7f8ecb167fad4c97227c838439280175"	8
medium	Remote Dependency Spec	package.json	devDependencies.tree-sitter-commonlisp="git+https://github.com/tree-sitter-grammars/tree-sitter-commonlisp.git#32323509b3d9fe96607d151c2da2c9009eb13a2f"	8
medium	Remote Dependency Spec	package.json	devDependencies.tree-sitter-csv="git+https://github.com/tree-sitter-grammars/tree-sitter-csv.git#f6bf6e35eb0b95fbadea4bb39cb9709507fcb181"	8
medium	Remote Dependency Spec	package.json	devDependencies.tree-sitter-d="git+https://github.com/gdamore/tree-sitter-d.git#fb028c8f14f4188286c2eef143f105def6fbf24f"	8
medium	Remote Dependency Spec	package.json	devDependencies.tree-sitter-desktop="git+https://github.com/ValdezFOmar/tree-sitter-desktop.git#954da7259e0f6c3bb4f811fddce11eb5ac94d9f6"	8
medium	Remote Dependency Spec	package.json	devDependencies.tree-sitter-diff="git+https://github.com/tree-sitter-grammars/tree-sitter-diff.git#2520c3f934b3179bb540d23e0ef45f75304b5fed"	8
medium	Remote Dependency Spec	package.json	devDependencies.tree-sitter-dockerfile="git+https://github.com/camdencheek/tree-sitter-dockerfile.git#971acdd908568b4531b0ba28a445bf0bb720aba5"	8
medium	Remote Dependency Spec	package.json	devDependencies.tree-sitter-editorconfig="git+https://github.com/ValdezFOmar/tree-sitter-editorconfig.git#bfd74395e393f56ba58db953458b346f02d6f7b2"	8
medium	Remote Dependency Spec	package.json	devDependencies.tree-sitter-erlang="git+https://github.com/WhatsApp/tree-sitter-erlang.git#e446ec60022a7cafe157805742b41c04b499cc5d"	8
medium	Remote Dependency Spec	package.json	devDependencies.tree-sitter-fish="git+https://github.com/ram02z/tree-sitter-fish.git#f435b0bd772578c70e5d158b85267bb886316f88"	8
medium	Remote Dependency Spec	package.json	devDependencies.tree-sitter-gdshader="git+https://github.com/airblast-dev/tree-sitter-gdshader.git#68268631c8b6dc093985f1246b099f81b30ea7d1"	8
medium	Remote Dependency Spec	package.json	devDependencies.tree-sitter-git-config="git+https://github.com/the-mikedavis/tree-sitter-git-config.git#0fbc9f99d5a28865f9de8427fb0672d66f9d83a5"	8
medium	Remote Dependency Spec	package.json	devDependencies.tree-sitter-git-rebase="git+https://github.com/the-mikedavis/tree-sitter-git-rebase.git#39bf3b7566c86ccffd70aaa5105c7c8b76788975"	8
medium	Remote Dependency Spec	package.json	devDependencies.tree-sitter-gitignore="git+https://github.com/shunsambongi/tree-sitter-gitignore.git#f4685bf11ac466dd278449bcfe5fd014e94aa504"	8
medium	Remote Dependency Spec	package.json	devDependencies.tree-sitter-gleam="git+https://github.com/gleam-lang/tree-sitter-gleam.git#4e4643c2215c2b2343d9ec179c798818c132c9cc"	8
medium	Remote Dependency Spec	package.json	devDependencies.tree-sitter-graphql="git+https://github.com/joowani/tree-sitter-graphql.git#df5b88d1d24dcfc02e64919d2d20491359abe4c8"	8
medium	Remote Dependency Spec	package.json	devDependencies.tree-sitter-groovy="git+https://github.com/murtaza64/tree-sitter-groovy.git#deb0dcf8c4544f07564060f6e9b9f6e4b0bfc27d"	8
medium	Remote Dependency Spec	package.json	devDependencies.tree-sitter-ini="git+https://github.com/justinmk/tree-sitter-ini.git#e4018b5176132b4f3c5d6e61cea383f42288d0f5"	8
medium	Remote Dependency Spec	package.json	devDependencies.tree-sitter-julia="git+https://github.com/tree-sitter/tree-sitter-julia.git#e0f9dcd180fdcfcfa8d79a3531e11d99e79321d3"	8
medium	Remote Dependency Spec	package.json	devDependencies.tree-sitter-kdl="git+https://github.com/tree-sitter-grammars/tree-sitter-kdl.git#b37e3d58e5c5cf8d739b315d6114e02d42e66664"	8
medium	Remote Dependency Spec	package.json	devDependencies.tree-sitter-liquid="git+https://github.com/hankthetank27/tree-sitter-liquid.git#e45dbac8c5fa95b1f0e00e7e0c04bc8855823391"	8
medium	Remote Dependency Spec	package.json	devDependencies.tree-sitter-matlab="git+https://github.com/acristoffers/tree-sitter-matlab.git#c2390a59016f74e7d5f75ef09510768b4f30217e"	8
medium	Remote Dependency Spec	package.json	devDependencies.tree-sitter-nim="git+https://github.com/alaviss/tree-sitter-nim.git#3878440d9398515ae053c6f6024986e69868bb74"	8
medium	Remote Dependency Spec	package.json	devDependencies.tree-sitter-nix="git+https://github.com/nix-community/tree-sitter-nix.git#69fbfb02896cdd27cb7ff3cd61f7f3f6bde4f017"	8

Manifest

Package metadata

Scripts2

buildnode build.js
testecho "WASM binaries verified during build." && exit 0