@nocobase/plugin-calendar
Provides callendar collection template and block for managing date data, typically for date/time related information such as events, appointments, tasks, and so on.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/client/157.a97e2153d11af2a5.js | AI (source-diff): Standard webpack-minified chunk containing CronDate/Luxon date logic, consistent with cron-parser devDependency. NocoBase copyright header present. Not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/client/453.8821284865c66f5e.js | AI (source-diff): Standard webpack-minified chunk containing react-big-calendar date utilities. NocoBase copyright header present. Content is readable date manipulation logic, not malicious obfuscation. | ai | |
| provenance | no-provenance | AI (provenance): NocoBase packages consistently publish without Sigstore provenance; this is a known ecosystem-wide pattern for this publisher, not a per-version risk. | ai |
Versions (showing 24 of 125)
| Version | Deps | Published |
|---|---|---|
| 1.9.21 | 0 / 14 | |
| 1.9.20 | 0 / 14 | |
| 1.9.19 | 0 / 14 | |
| 1.9.18 | 0 / 14 | |
| 1.9.17 | 0 / 14 | |
| 1.9.16 | 0 / 14 | |
| 1.9.15 | 0 / 14 | |
| 1.9.14 | 0 / 14 | |
| 1.9.13 | 0 / 14 | |
| 1.9.12 | 0 / 14 | |
| 1.9.11 | 0 / 14 | |
| 1.9.10 | 0 / 14 | |
| 1.9.9 | 0 / 14 | |
| 1.9.8 | 0 / 14 | |
| 1.9.7 | 0 / 14 | |
| 1.9.6 | 0 / 14 | |
| 1.9.5 | 0 / 14 | |
| 1.9.4 | 0 / 14 | |
| 1.9.3 | 0 / 14 | |
| 1.9.2 | 0 / 14 | |
| 1.9.1 | 0 / 14 | |
| 1.9.0 | 0 / 14 | |
| 1.8.33 | 0 / 14 | |
| 1.8.32 | 0 / 14 |
v1.9.21
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.20
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.19
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.18
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.17
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.16
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.15
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.14
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.13
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.11
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.10
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.33
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.32
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.