← Home

@nocobase/plugin-public-forms

npm Homepage

Share public forms externally to collect information from anonymous users

25
Versions
Apache-2.0
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

chenosjiannlu

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:dist/client/299daa599f56ed18.js AI (source-diff): Standard webpack-bundled client chunk with NocoBase copyright header and readable React component logic; minification is expected for this package's dist output. ai
source-diff obfuscated-file:dist/client/9001d28b0af050a8.js AI (source-diff): Standard webpack-bundled client chunk with NocoBase copyright header and readable React component logic; minification is expected for this package's dist output. ai
source-diff obfuscated-file:dist/client/9e93e160b756c6d1.js AI (source-diff): Standard webpack-bundled client chunk with NocoBase copyright header and readable React component logic; minification is expected for this package's dist output. ai
source-diff obfuscated-file:dist/client/19.ec1d6e64c2f91948.js AI (source-diff): Standard webpack minified bundle for NocoBase plugin. Contains readable form field schema definitions and UI component references. ai
source-diff obfuscated-file:dist/client/725.15c79e2e2f583b32.js AI (source-diff): Standard webpack minified bundle for NocoBase plugin. Contains recognizable async generator helpers and React component patterns. ai
bogus-package bogus-package AI (bogus-package): NocoBase plugins legitimately have documentation-heavy READMEs with many URLs. Not a spam/phishing package — established ecosystem plugin with 637 versions. ai
source-diff obfuscated-file:dist/client/309.498946910f41c068.js AI (source-diff): Standard webpack minified bundle for NocoBase plugin. Contains recognizable React hooks and form component patterns. ai
source-diff obfuscated-file:dist/client/112.bdc7fbc2940e304a.js AI (source-diff): Standard webpack minified bundle output for a React/NocoBase frontend plugin. Not obfuscated — minified with recognizable UI patterns and NocoBase copyright header. ai
source-diff net-exec-file:dist/client/112.bdc7fbc2940e304a.js AI (source-diff): False positive: webpack module system triggers net+exec heuristic. No actual fetch+eval pattern present; code is standard React component bundle. ai
source-diff obfuscated-file:dist/client/2ba76736c4b92584.js AI (source-diff): Standard webpack-bundled client JS with NocoBase copyright header and readable React component logic. Minified build output, not malicious obfuscation. ai
source-diff obfuscated-file:dist/client/6746463d566e5979.js AI (source-diff): Standard webpack-bundled client JS with NocoBase copyright header and readable React component logic. Minified build output, not malicious obfuscation. ai
source-diff obfuscated-file:dist/client/2fe0d43e0384c416.js AI (source-diff): Standard webpack-bundled client JS with NocoBase copyright header and readable React component logic. Minified build output, not malicious obfuscation. ai

Versions (showing 25 of 125)

Version Deps Published
1.9.22 0 / 1
1.9.21 0 / 1
1.9.20 0 / 1
1.9.19 0 / 1
1.9.18 0 / 1
1.9.17 0 / 1
1.9.16 0 / 1
1.9.15 0 / 1
1.9.14 0 / 1
1.9.13 0 / 1
1.9.12 0 / 1
1.9.11 0 / 1
1.9.10 0 / 1
1.9.9 0 / 1
1.9.8 0 / 1
1.9.7 0 / 1
1.9.6 0 / 1
1.9.5 0 / 1
1.9.4 0 / 1
1.9.3 0 / 1
1.9.2 0 / 1
1.9.1 0 / 1
1.9.0 0 / 1
1.8.33 0 / 1
1.8.32 0 / 1

v1.9.22

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.21

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.20

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.19

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.18

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.17

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.16

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.15

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.14

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.13

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.12

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.11

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.10

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.9

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.8

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.7

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.8.33

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.8.32

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.