@nocobase/plugin-theme-editor

Customize UI colors, sizes, etc. and save the result as a theme to switch between multiple themes.

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

chenosjiannlu

Keywords

System management

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:dist/client/1a8ca1e21b09091e.js	AI (source-diff): Standard webpack-minified bundle output for NocoBase plugin; copyright header present, content is recognizable UI code. False positive for this package's build artifacts.	ai	2026/04/27
source-diff	obfuscated-file:dist/client/e285e1915ec4e08b.js	AI (source-diff): Standard webpack-minified bundle output for NocoBase plugin; copyright header present, content is a color utility class. False positive for this package's build artifacts.	ai	2026/04/27
source-diff	obfuscated-file:dist/client/4acfe66b1504e9e2.js	AI (source-diff): Standard webpack-minified bundle output for NocoBase plugin; copyright header present, content is date picker locale strings. False positive for this package's build artifacts.	ai	2026/04/27
source-diff	obfuscated-file:dist/client/37f75ca7b56275de.js	AI (source-diff): Standard webpack-minified bundle output for NocoBase plugin; copyright header present, content is Ant Design theme/token UI code. False positive for this package's build artifacts.	ai	2026/04/27
source-diff	obfuscated-file:dist/client/39.3d10c6619bcc8e5a.js	AI (source-diff): Standard webpack minified bundle with NocoBase copyright header. Contains async generator helpers and UI logic — no malicious patterns. Consistent with NocoBase plugin build output.	ai	2026/04/26
source-diff	obfuscated-file:dist/client/327.2ff4d7f26f0a80e2.js	AI (source-diff): Standard webpack minified bundle with NocoBase copyright header. Contains locale strings for date picker — no malicious patterns. Consistent with NocoBase plugin build output.	ai	2026/04/26
source-diff	obfuscated-file:dist/client/572.9fdec23f2331b4a8.js	AI (source-diff): Standard webpack minified bundle with NocoBase copyright header. Contains color utility class (hex/rgb/hsl parsing) consistent with theme editor functionality. No malicious patterns.	ai	2026/04/26
source-diff	obfuscated-file:dist/client/595.2bb13117b2993057.js	AI (source-diff): Standard webpack minified bundle with NocoBase copyright header. Contains Ant Design token panel UI code consistent with theme editor functionality. No malicious patterns.	ai	2026/04/26
source-diff	obfuscated-file:dist/client/b00409d86c095c84.js	AI (source-diff): Standard webpack-minified frontend bundle for a NocoBase UI plugin. Long lines are minification artifacts, not obfuscation. No malicious patterns present.	ai	2026/04/26
bogus-package	bogus-package	AI (bogus-package): NocoBase plugins consistently use documentation-link-style READMEs pointing to their docs site. Not a spam indicator for this package family.	ai	2026/04/26
source-diff	obfuscated-file:dist/client/df1f6dbeeffce444.js	AI (source-diff): Standard webpack-minified frontend bundle for a NocoBase UI plugin. Long lines are minification artifacts, not obfuscation. No malicious patterns present.	ai	2026/04/26
source-diff	obfuscated-file:dist/client/2c08e47ac0a9c546.js	AI (source-diff): Standard webpack-minified frontend bundle for a NocoBase UI plugin. Long lines are minification artifacts, not obfuscation. No malicious patterns present.	ai	2026/04/26
source-diff	obfuscated-file:dist/client/c82595eedf47675d.js	AI (source-diff): Standard webpack-minified frontend bundle for a NocoBase UI plugin. Long lines are minification artifacts, not obfuscation. No malicious patterns present.	ai	2026/04/26