← Home

@focus-mcp/brick-treesitter

npm Repository Homepage

Regex-based code indexer for TypeScript/JavaScript — parses symbols, imports, exports.

6
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

samuelds

Keywords

mcpmodel-context-protocolaillmfocusbrickastparsersymbolstypescriptjavascriptphppythongorustjavayamlhtmlmarkdownscssjsontomltwigkotlinswiftdartelixirhaskellscalazigluaxmlrperllatexnixhclterraformgleamelmclojuremulti-languagetree-sitter

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff large-new-source-files AI (source-diff): New files are tree-sitter grammar/WASM assets matching the package's language-expansion purpose. ai
source-diff source-size-tripled AI (source-diff): Size increase directly attributable to added tree-sitter WASM grammar dependencies, not injected payloads. ai
bogus-package bogus-package AI (bogus-package): Sparse metadata reflects a minimal utility package, not spam or malware; no install scripts or suspicious code. ai
provenance no-provenance AI (provenance): Absence of provenance is common (~88% of npm packages); no other risk signals present. ai

Versions (showing 6 of 6)

Version Deps Published
1.3.1 5 / 1
1.3.0 5 / 1
1.2.0 5 / 1
1.1.1 0 / 0
1.1.0 0 / 0
1.0.0 0 / 0

v1.3.1

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.3.0

2 findings
HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: samuelds.

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.2.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.1.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.