@nocobase/plugin-api-keys
Allows users to use API key to access application's HTTP API
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/client/e0d2a4a22c6932da.js | AI (source-diff): Standard webpack-bundled client JS for a NocoBase plugin; long lines are minification artifacts, not obfuscation. Content matches the package's API key UI functionality. | ai | |
| provenance | no-provenance | AI (provenance): NocoBase plugins are not published with Sigstore provenance; this is consistent across the entire ecosystem and not a security risk for this package. | ai | |
| source-diff | obfuscated-file:dist/client/152.9ab9e18c0282c6fc.js | AI (source-diff): NocoBase ships webpack-minified client bundles as standard build artifacts. The file content shows a normal webpack chunk pattern with copyright header — not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/client/7f29444d7287ab9a.js | AI (source-diff): Standard webpack-bundled client chunk for a NocoBase frontend plugin. Minified build output is expected and the sample shows legitimate React/Formily UI code with NocoBase copyright header. | ai | |
| bogus-package | bogus-package | AI (bogus-package): NocoBase plugins rely on external docs sites for documentation; sparse README with links to docs.nocobase.com is the established pattern for this package family, not spam. | ai |
Versions (showing 100 of 125)
| Version | Deps | Published |
|---|---|---|
| 2.0.61 | 0 / 9 | |
| 2.0.60 | 0 / 9 | |
| 2.0.59 | 0 / 9 | |
| 2.0.58 | 0 / 9 | |
| 2.0.57 | 0 / 9 | |
| 2.0.56 | 0 / 9 | |
| 2.0.55 | 0 / 9 | |
| 2.0.54 | 0 / 9 | |
| 2.0.53 | 0 / 9 | |
| 2.0.52 | 0 / 9 | |
| 2.0.51 | 0 / 9 | |
| 2.0.50 | 0 / 9 | |
| 2.0.49 | 0 / 9 | |
| 2.0.48 | 0 / 9 | |
| 2.0.47 | 0 / 9 | |
| 2.0.46 | 0 / 9 | |
| 2.0.45 | 0 / 9 | |
| 2.0.44 | 0 / 9 | |
| 2.0.43 | 0 / 9 | |
| 2.0.42 | 0 / 9 | |
| 2.0.41 | 0 / 9 | |
| 2.0.40 | 0 / 9 | |
| 2.0.39 | 0 / 9 | |
| 2.0.38 | 0 / 9 | |
| 2.0.37 | 0 / 9 | |
| 2.0.36 | 0 / 9 | |
| 2.0.35 | 0 / 9 | |
| 2.0.34 | 0 / 9 | |
| 2.0.33 | 0 / 9 | |
| 2.0.32 | 0 / 9 | |
| 2.0.31 | 0 / 9 | |
| 2.0.30 | 0 / 9 | |
| 2.0.29 | 0 / 9 | |
| 2.0.28 | 0 / 9 | |
| 2.0.27 | 0 / 9 | |
| 2.0.26 | 0 / 9 | |
| 2.0.25 | 0 / 9 | |
| 2.0.24 | 0 / 9 | |
| 2.0.23 | 0 / 9 | |
| 2.0.22 | 0 / 9 | |
| 2.0.21 | 0 / 9 | |
| 2.0.20 | 0 / 9 | |
| 2.0.19 | 0 / 9 | |
| 2.0.18 | 0 / 9 | |
| 2.0.17 | 0 / 9 | |
| 2.0.16 | 0 / 9 | |
| 2.0.15 | 0 / 9 | |
| 2.0.14 | 0 / 9 | |
| 2.0.13 | 0 / 9 | |
| 2.0.12 | 0 / 9 | |
| 2.0.11 | 0 / 9 | |
| 2.0.10 | 0 / 9 | |
| 2.0.9 | 0 / 9 | |
| 2.0.8 | 0 / 9 | |
| 2.0.7 | 0 / 9 | |
| 2.0.6 | 0 / 9 | |
| 2.0.5 | 0 / 9 | |
| 2.0.3 | 0 / 9 | |
| 2.0.2 | 0 / 9 | |
| 2.0.1 | 0 / 9 | |
| 2.0.0 | 0 / 9 | |
| 1.9.63 | 0 / 9 | |
| 1.9.62 | 0 / 9 | |
| 1.9.61 | 0 / 9 | |
| 1.9.60 | 0 / 9 | |
| 1.9.59 | 0 / 9 | |
| 1.9.58 | 0 / 9 | |
| 1.9.57 | 0 / 9 | |
| 1.9.56 | 0 / 9 | |
| 1.9.55 | 0 / 9 | |
| 1.9.54 | 0 / 9 | |
| 1.9.53 | 0 / 9 | |
| 1.9.52 | 0 / 9 | |
| 1.9.51 | 0 / 9 | |
| 1.9.49 | 0 / 9 | |
| 1.9.47 | 0 / 9 | |
| 1.9.46 | 0 / 9 | |
| 1.9.45 | 0 / 9 | |
| 1.9.44 | 0 / 9 | |
| 1.9.43 | 0 / 9 | |
| 1.9.42 | 0 / 9 | |
| 1.9.41 | 0 / 9 | |
| 1.9.40 | 0 / 9 | |
| 1.9.39 | 0 / 9 | |
| 1.9.38 | 0 / 9 | |
| 1.9.37 | 0 / 9 | |
| 1.9.36 | 0 / 9 | |
| 1.9.35 | 0 / 9 | |
| 1.9.34 | 0 / 9 | |
| 1.9.33 | 0 / 9 | |
| 1.9.32 | 0 / 9 | |
| 1.9.31 | 0 / 9 | |
| 1.9.30 | 0 / 9 | |
| 1.9.29 | 0 / 9 | |
| 1.9.28 | 0 / 9 | |
| 1.9.27 | 0 / 9 | |
| 1.9.26 | 0 / 9 | |
| 1.9.25 | 0 / 9 | |
| 1.9.24 | 0 / 9 | |
| 1.9.23 | 0 / 9 |
v2.0.61
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.60
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.59
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.58
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.57
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.56
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.55
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.54
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.53
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.52
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.51
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.50
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.49
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.48
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.47
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.45
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.44
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.43
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.42
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.41
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.40
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.39
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.38
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.37
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.36
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.35
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.34
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.33
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.32
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.31
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.30
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.29
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.28
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.27
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.26
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.25
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.24
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.23
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.22
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.21
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.20
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.19
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.18
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.17
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.16
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.15
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.14
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.13
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.12
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.11
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.10
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.9
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.8
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.7
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.6
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.5
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.3
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.2
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.63
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.62
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.61
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.60
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.59
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.58
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.57
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.56
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.55
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.54
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.53
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.52
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.51
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.49
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.47
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.46
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.45
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.44
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.43
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.42
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.41
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.40
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.39
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.38
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.37
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.36
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.35
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.34
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.33
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.32
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.31
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.30
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.29
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.28
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.27
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.26
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.25
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.24
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.23
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.