@nocobase/plugin-field-markdown-vditor
Used to store Markdown and render it using Vditor editor, supports common Markdown syntax such as list, code, quote, etc., and supports uploading images, recordings, etc.It also allows for instant rendering, where what you see is what you get.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/client/189.2505ee2b0d9e9ebe.js | AI (source-diff): Standard webpack bundle with NocoBase copyright header; minified client chunks are expected for this UI plugin. | ai | |
| source-diff | obfuscated-file:dist/client/b6153ca4835aefdd.js | AI (source-diff): Standard webpack-minified client bundle for a NocoBase plugin. Copyright header and code structure confirm legitimate build output, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/client/a906ba09cd9bbea0.js | AI (source-diff): Standard webpack client bundle chunk for a NocoBase plugin; long lines are minified JS, not malicious obfuscation. Pattern is consistent across all NocoBase plugin packages. | ai | |
| source-diff | obfuscated-file:dist/client/3b7ac64b608536c0.js | AI (source-diff): Standard webpack-minified client chunk for a frontend plugin; NocoBase copyright header and legitimate Vditor editor code visible in sample. Minification is expected for client bundles. | ai | |
| provenance | no-provenance | AI (provenance): NocoBase publishes 784+ versions without Sigstore provenance; this is a stable pattern for this publisher/ecosystem, not a risk indicator. | ai | |
| source-diff | obfuscated-file:dist/client/189.85fbe39997c09d14.js | AI (source-diff): Standard webpack minified bundle with NocoBase copyright header; contains recognizable React/Formily component code. NocoBase plugins consistently ship minified client bundles. | ai | |
| source-diff | obfuscated-file:dist/client/859.de92173d167d4c94.js | AI (source-diff): Standard webpack minified bundle containing diff-match-patch library; consistent with Vditor editor dependency bundling. NocoBase copyright header present, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/client/8e03207e51b6406f.js | AI (source-diff): Standard webpack-bundled client chunk for a NocoBase frontend plugin. The sample shows recognizable React/UI component code with NocoBase copyright header — normal build output, not malicious obfuscation. | ai | |
| bogus-package | bogus-package | AI (bogus-package): NocoBase plugins consistently use minimal READMEs with links to their official docs site. This is a known ecosystem pattern, not spam or phishing. | ai |
Versions (showing 51 of 124)
| Version | Deps | Published |
|---|---|---|
| 2.0.61 | 0 / 8 | |
| 2.0.60 | 0 / 8 | |
| 2.0.59 | 0 / 8 | |
| 2.0.58 | 0 / 8 | |
| 2.0.57 | 0 / 8 | |
| 2.0.56 | 0 / 8 | |
| 2.0.55 | 0 / 8 | |
| 2.0.54 | 0 / 8 | |
| 2.0.53 | 0 / 8 | |
| 2.0.52 | 0 / 8 | |
| 2.0.51 | 0 / 8 | |
| 2.0.50 | 0 / 8 | |
| 2.0.49 | 0 / 8 | |
| 2.0.48 | 0 / 8 | |
| 2.0.47 | 0 / 8 | |
| 2.0.46 | 0 / 8 | |
| 2.0.45 | 0 / 8 | |
| 2.0.44 | 0 / 8 | |
| 2.0.43 | 0 / 8 | |
| 2.0.42 | 0 / 8 | |
| 2.0.41 | 0 / 8 | |
| 2.0.40 | 0 / 8 | |
| 2.0.39 | 0 / 8 | |
| 2.0.38 | 0 / 8 | |
| 2.0.37 | 0 / 8 | |
| 2.0.36 | 0 / 8 | |
| 2.0.35 | 0 / 8 | |
| 2.0.34 | 0 / 8 | |
| 2.0.33 | 0 / 8 | |
| 2.0.32 | 0 / 8 | |
| 2.0.31 | 0 / 8 | |
| 2.0.30 | 0 / 8 | |
| 2.0.29 | 0 / 8 | |
| 2.0.28 | 0 / 8 | |
| 2.0.27 | 0 / 8 | |
| 2.0.26 | 0 / 8 | |
| 2.0.25 | 0 / 8 | |
| 2.0.24 | 0 / 8 | |
| 2.0.23 | 0 / 8 | |
| 2.0.22 | 0 / 8 | |
| 2.0.21 | 0 / 8 | |
| 2.0.20 | 0 / 8 | |
| 2.0.19 | 0 / 8 | |
| 2.0.18 | 0 / 8 | |
| 2.0.17 | 0 / 8 | |
| 2.0.16 | 0 / 8 | |
| 2.0.15 | 0 / 8 | |
| 2.0.14 | 0 / 8 | |
| 2.0.13 | 0 / 8 | |
| 2.0.12 | 0 / 8 | |
| 2.0.11 | 0 / 8 |
v2.0.61
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.60
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.59
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.58
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.57
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.56
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.55
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.54
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.53
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.52
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.51
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.50
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.49
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.48
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.47
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.45
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.44
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.43
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.42
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.41
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.40
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.39
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.38
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.37
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.36
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.35
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.34
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.33
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.32
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.31
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.30
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.29
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.28
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.27
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.26
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.25
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.24
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.23
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.22
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.21
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.20
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.19
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.18
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.17
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.16
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.15
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.14
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.13
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.12
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.11
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.