@mdkva/tasbihflow
MDKVA TasbihFlow provides clean, structured, and developer-friendly access to commonly used dhikr, tasbih counts, and remembrance phrases — ideal for spiritual apps, Islamic tools, and automation projects.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:terser | AI (phantom-deps): Build tool declared as dependency; used in minification pipeline, not direct import. | ai | |
| phantom-deps | phantom-dep:@mdkva/tasbihkit | AI (phantom-deps): Scoped peer library; stable pattern for this org's packages. | ai | |
| phantom-deps | phantom-dep:vite-plugin-css-injected-by-js | AI (phantom-deps): Vite plugin declared as dependency; used in build config, not direct import. | ai |
v1.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.