@gluhar/app — Greenflagged

Gluhar main package. This combines and configures @gluhar/theme, @gluhar/i18n, @gluhar/sanity and @gluhar/core into one main package. Provides numerous components, composables, utils and types.

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

harry_yaprakov

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
typosquat	typosquat.levenshtein:hapi	AI (typosquat): Scoped org package @gluhar/app; Levenshtein match to 'hapi' is coincidental.	ai	2026/05/22
typosquat	typosquat.levenshtein:pg	AI (typosquat): Scoped org package; no relation to 'pg'.	ai	2026/05/22
typosquat	typosquat.levenshtein:yup	AI (typosquat): Scoped org package; no relation to 'yup'.	ai	2026/05/22
typosquat	typosquat.levenshtein:ajv	AI (typosquat): Scoped org package; no relation to 'ajv'.	ai	2026/05/22
phantom-deps	phantom-dep:@pinia/nuxt	AI (phantom-deps): Nuxt module config-only reference; not directly imported in code is expected pattern.	ai	2026/05/22
phantom-deps	phantom-dep:@sanity/image-url	AI (phantom-deps): Config-only reference consistent with Nuxt module pattern.	ai	2026/05/22
phantom-deps	phantom-dep:@gluhar/v-gsap-nuxt	AI (phantom-deps): Same-org dep used via Nuxt module config; stable false positive.	ai	2026/05/22

Versions (showing 7 of 7)

Version	Deps	Published
5.2.0	14 / 10	2026-04-28
5.0.8	14 / 10	2026-03-04
5.0.6	14 / 10	2026-01-29
5.0.5	14 / 10	2026-01-29
5.0.2	14 / 10	2025-12-04
5.0.1	14 / 10	2025-12-04
4.3.1	14 / 10	2025-11-06