← Home

@nocobase/plugin-verification

npm Homepage

User identity verification management, including SMS, TOTP authenticator, with extensibility.

25
Versions
Apache-2.0
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

chenosjiannlu

Keywords

AuthenticationVerificationSecurity

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff net-exec-file:dist/node_modules/tencentcloud-sdk-nodejs-sms/tencentcloud/index.js AI (source-diff): Network calls in the Tencent Cloud SMS SDK are expected API calls for sending SMS messages. Code execution patterns are standard async utility functions, not dropper/loader behavior. ai
source-diff obfuscated-file:dist/node_modules/tencentcloud-sdk-nodejs-sms/tencentcloud/index.js AI (source-diff): Legitimate Tencent Cloud SMS SDK bundled into dist; explicitly listed as devDependency and matches plugin's SMS verification feature. Minification is expected for bundled SDKs. ai
source-diff obfuscated-file:dist/client/20e6e5fa4c397f95.js AI (source-diff): NocoBase plugins consistently ship webpack-minified client bundles; this is a standard build artifact with a copyright header and readable UI logic, not obfuscation for malicious purposes. ai
provenance no-provenance AI (provenance): NocoBase packages consistently publish without Sigstore provenance; this is a known ecosystem pattern for this publisher, not a security risk. ai
source-diff obfuscated-file:dist/client/697.b96d47074fade3cf.js AI (source-diff): Standard webpack-minified client bundle with NocoBase copyright header. Long lines are expected in frontend build output for this package; not obfuscation. ai
bogus-package bogus-package AI (bogus-package): NocoBase ecosystem plugin; documentation lives on nocobase.com docs URLs. Sparse README is normal for this plugin family. ai
source-diff obfuscated-file:dist/client/40d1fde9207822fc.js AI (source-diff): Webpack-bundled client code with NocoBase copyright header; standard minification for NocoBase plugin client bundles, not obfuscation. ai

Versions (showing 25 of 126)

Version Deps Published
1.9.22 0 / 11
1.9.21 0 / 11
1.9.20 0 / 11
1.9.19 0 / 11
1.9.18 0 / 11
1.9.17 0 / 11
1.9.16 0 / 11
1.9.15 0 / 11
1.9.14 0 / 11
1.9.13 0 / 11
1.9.12 0 / 11
1.9.11 0 / 11
1.9.10 0 / 11
1.9.9 0 / 11
1.9.8 0 / 11
1.9.7 0 / 11
1.9.6 0 / 11
1.9.5 0 / 11
1.9.4 0 / 11
1.9.3 0 / 11
1.9.2 0 / 11
1.9.1 0 / 11
1.9.0 0 / 11
1.8.33 0 / 11
1.8.32 0 / 11

v1.9.22

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.21

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.20

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.19

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.18

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.17

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.16

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.15

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.14

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.13

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.12

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.11

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.10

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.9

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.8

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.7

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.6

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.5

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.4

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.3

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.9.2

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.9.1

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.9.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.8.33

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.8.32

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.