Installations
npm install @nocobase/cacheDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Node Version
18.20.6
NPM Version
lerna/4.0.0/node@v18.20.6+x64 (linux)
Score
84.3
Supply Chain
75.1
Quality
94.7
Maintenance
100
Vulnerability
80.6
License
Releases
174
Contributors
83
Languages
7
TypeScript
JavaScript
Smarty
Shell
Dockerfile
Less
CSS
TypeScript (98.88%)
JavaScript (1.04%)
Smarty (0.03%)
Shell (0.02%)
Dockerfile (0.02%)
Less (0.01%)
Love this project? Help keep it running — sponsor us today! 🚀
Developer
Download Statistics
Total Downloads
104,583
Last Day
768
Last Week
4,730
Last Month
17,174
Last Year
80,438
GitHub Statistics
NOASSERTION License
13,495 Stars
7,976 Commits
1,512 Forks
142 Watchers
156 Branches
83 Contributors
Updated on Feb 15, 2025
Maintainers
1
Package Meta Information
Latest Version
1.5.7
Package Id
@nocobase/cache@1.5.7
Unpacked Size
57.04 kB
Size
16.33 kB
File Count
15
NPM Version
lerna/4.0.0/node@v18.20.6+x64 (linux)
Node Version
18.20.6
Published on
Feb 13, 2025
Total Downloads
Cumulative downloads
Total Downloads
104,583
Last Day
-64.9%
768
Compared to previous day
Last Week
-6.6%
4,730
Compared to previous week
Last Month
3.7%
17,174
Compared to previous month
Last Year
301.1%
80,438
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
3
Dev Dependencies
1
NocoBase
What is NocoBase
NocoBase is a scalability-first, open-source no-code development platform.
Instead of investing years of time and millions of dollars in research and development, deploy NocoBase in a few minutes and you'll have a private, controllable, and extremely scalable no-code development platform!
Homepage:
https://www.nocobase.com/
Online Demo:
https://demo.nocobase.com/new
Documents:
https://docs.nocobase.com/
Commericial license & plugins:
https://www.nocobase.com/en/commercial
License agreement:
https://www.nocobase.com/en/agreement
Contact Us:
No vulnerabilities found.
Reason
30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no binaries found in the repo
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/build-pro-image.yml:31
Reason
license file detected
Details
- Info: project has a license file: LICENSE.txt:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
Found 1/30 approved changesets -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/auto-merge.yml:1
- Warn: no topLevel permission defined: .github/workflows/build-pro-image.yml:1
- Warn: no topLevel permission defined: .github/workflows/changelog-and-release.yml:1
- Warn: no topLevel permission defined: .github/workflows/create-branch.yml:1
- Warn: no topLevel permission defined: .github/workflows/deploy-client-docs.yml:1
- Warn: no topLevel permission defined: .github/workflows/e2e.yml:1
- Warn: no topLevel permission defined: .github/workflows/get-plugins.yml:1
- Warn: no topLevel permission defined: .github/workflows/manual-build-pr-docker-image.yml:1
- Warn: no topLevel permission defined: .github/workflows/manual-build-pro-image.yml:1
- Warn: no topLevel permission defined: .github/workflows/manual-build-pro-plugin-image.yml:1
- Warn: no topLevel permission defined: .github/workflows/manual-e2e.yml:1
- Warn: no topLevel permission defined: .github/workflows/manual-merge.yml:1
- Warn: no topLevel permission defined: .github/workflows/manual-release-develop.yml:1
- Warn: no topLevel permission defined: .github/workflows/manual-release-next.yml:1
- Warn: no topLevel permission defined: .github/workflows/manual-release.yml:1
- Warn: no topLevel permission defined: .github/workflows/nocobase-test-backend.yml:1
- Warn: no topLevel permission defined: .github/workflows/nocobase-test-frontend.yml:1
- Warn: no topLevel permission defined: .github/workflows/nocobase-test-windows.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Info: no jobLevel write permissions found
Reason
dangerous workflow patterns detected
Details
- Warn: script injection with untrusted input ' inputs.branch || github.head_ref || github.ref_name ': .github/workflows/auto-merge.yml:32
- Warn: script injection with untrusted input ' inputs.branch || github.head_ref || github.ref_name ': .github/workflows/auto-merge.yml:32
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/build-pro-image.yml:43
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/build-pro-image.yml:43
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/build-pro-image.yml:71
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/build-pro-image.yml:71
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/build-pro-image.yml:89
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/build-pro-image.yml:89
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/e2e.yml:347
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/e2e.yml:347
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/e2e.yml:347
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/e2e.yml:347
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/e2e.yml:457
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/e2e.yml:457
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/e2e.yml:57
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/e2e.yml:57
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/e2e.yml:57
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/e2e.yml:57
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/e2e.yml:135
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/e2e.yml:135
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/e2e.yml:233
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/e2e.yml:233
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/manual-build-pro-image.yml:33
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/manual-build-pro-image.yml:33
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/manual-build-pro-image.yml:110
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/manual-build-pro-plugin-image.yml:36
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/manual-build-pro-plugin-image.yml:36
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/manual-build-pro-plugin-image.yml:95
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/manual-merge.yml:22
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/manual-merge.yml:22
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/manual-merge.yml:46
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/manual-merge.yml:46
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Info: Possibly incomplete results: error parsing shell code: "}" can only be used to close a block: Dockerfile:12-17
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-merge.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/auto-merge.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-merge.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/auto-merge.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-pro-image.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-pro-image.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-pro-image.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-pro-image.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-pro-image.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-pro-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-pro-image.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-pro-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-pro-image.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-pro-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-pro-image.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-pro-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-pro-image.yml:132: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-pro-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-pro-image.yml:155: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-pro-image.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/changelog-and-release.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/changelog-and-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/changelog-and-release.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/changelog-and-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/changelog-and-release.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/changelog-and-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/changelog-and-release.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/changelog-and-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-branch.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/create-branch.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-branch.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/create-branch.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-client-docs.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/deploy-client-docs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-client-docs.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/deploy-client-docs.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-client-docs.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/deploy-client-docs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:161: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:172: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:195: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:223: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:226: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:259: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:270: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:293: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:321: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:328: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:331: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:340: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:385: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:396: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:419: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:447: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:450: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:483: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:494: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:517: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:536: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:537: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:544: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:557: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:564: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/get-plugins.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/get-plugins.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-build-pr-docker-image.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pr-docker-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-build-pr-docker-image.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pr-docker-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-build-pr-docker-image.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pr-docker-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-build-pr-docker-image.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pr-docker-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-build-pr-docker-image.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pr-docker-image.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-build-pro-image.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pro-image.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-build-pro-image.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pro-image.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-build-pro-image.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pro-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-build-pro-image.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pro-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-build-pro-image.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pro-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-build-pro-image.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pro-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-build-pro-image.yml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pro-image.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-build-pro-plugin-image.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pro-plugin-image.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-build-pro-plugin-image.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pro-plugin-image.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-build-pro-plugin-image.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pro-plugin-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-build-pro-plugin-image.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pro-plugin-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-build-pro-plugin-image.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pro-plugin-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-build-pro-plugin-image.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pro-plugin-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-build-pro-plugin-image.yml:123: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pro-plugin-image.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-e2e.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-e2e.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-e2e.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-e2e.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-merge.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-merge.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-merge.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-merge.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release-develop.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release-develop.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release-develop.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release-develop.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release-develop.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release-develop.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release-develop.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release-develop.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release-next.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release-next.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release-next.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release-next.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release-next.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release-next.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release-next.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release-next.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release-next.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release-next.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release-next.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release-next.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nocobase-test-backend.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/nocobase-test-backend.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nocobase-test-backend.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/nocobase-test-backend.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nocobase-test-backend.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/nocobase-test-backend.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nocobase-test-backend.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/nocobase-test-backend.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nocobase-test-backend.yml:151: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/nocobase-test-backend.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nocobase-test-backend.yml:153: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/nocobase-test-backend.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nocobase-test-backend.yml:197: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/nocobase-test-backend.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nocobase-test-backend.yml:199: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/nocobase-test-backend.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nocobase-test-frontend.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/nocobase-test-frontend.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nocobase-test-frontend.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/nocobase-test-frontend.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nocobase-test-windows.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/nocobase-test-windows.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nocobase-test-windows.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/nocobase-test-windows.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nocobase-test-windows.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/nocobase-test-windows.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:138: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:140: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:153: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:158: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:164: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/release.yml/main?enable=pin
- Warn: containerImage not pinned by hash: Dockerfile:1
- Warn: containerImage not pinned by hash: Dockerfile:57: pin your Docker image by updating node:20-bookworm-slim to node:20-bookworm-slim@sha256:5da391c4b0398f37074b6370dd9e32cebd322c2a227053ca4ae2e7a257f0be21
- Warn: containerImage not pinned by hash: Dockerfile.pro:1
- Warn: containerImage not pinned by hash: Dockerfile.pro:46: pin your Docker image by updating node:20.13-bullseye-slim to node:20.13-bullseye-slim@sha256:af5fb4447e73fdbbf4cec9fcdbc545061a5a13db1b5d21f479302a9c4e56de0b
- Warn: containerImage not pinned by hash: docker/nocobase/Dockerfile:1
- Warn: containerImage not pinned by hash: docker/nocobase/Dockerfile:17: pin your Docker image by updating node:20-bookworm-slim to node:20-bookworm-slim@sha256:5da391c4b0398f37074b6370dd9e32cebd322c2a227053ca4ae2e7a257f0be21
- Warn: npmCommand not pinned by hash: .github/workflows/manual-release-develop.yml:64
- Warn: npmCommand not pinned by hash: .github/workflows/manual-release-next.yml:106
- Warn: npmCommand not pinned by hash: .github/workflows/manual-release.yml:103
- Info: 0 out of 93 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 24 third-party GitHubAction dependencies pinned
- Info: 0 out of 3 npmCommand dependencies pinned
- Info: 0 out of 6 containerImage dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 19 are checked with a SAST tool
Reason
67 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-qxrj-hx23-xp82
- Warn: Project is vulnerable to: GHSA-x4c5-c7rf-jjgv
- Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q
- Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
- Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
- Warn: Project is vulnerable to: GHSA-4w2v-q235-vp99
- Warn: Project is vulnerable to: GHSA-cph5-m8f7-6c5x
- Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-36jr-mh4h-2g58
- Warn: Project is vulnerable to: GHSA-wm7h-9275-46v2
- Warn: Project is vulnerable to: GHSA-gx9m-whjm-85jf
- Warn: Project is vulnerable to: GHSA-mmhx-hmjr-r674
- Warn: Project is vulnerable to: GHSA-vhxf-7vqr-mrjg
- Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
- Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
- Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
- Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
- Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
- Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh
- Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-74fj-2j2h-c42q
- Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-8cf7-32gw-wr33
- Warn: Project is vulnerable to: GHSA-hjrf-2m68-5959
- Warn: Project is vulnerable to: GHSA-qwph-4952-7xr6
- Warn: Project is vulnerable to: GHSA-593f-38f6-jp5m
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-m4gq-x24j-jpmf
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-mh8j-9jvh-gjf6
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-9h6g-pr28-7cqp
- Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr
- Warn: Project is vulnerable to: GHSA-3j8f-xvm3-ffx4
- Warn: Project is vulnerable to: GHSA-j9fq-vwqv-2fm2
- Warn: Project is vulnerable to: GHSA-pqw5-jmp5-px4v
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-4943-9vgg-gr5r
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-325j-24f4-qv5x
- Warn: Project is vulnerable to: GHSA-vx3p-948g-6vhq
- Warn: Project is vulnerable to: GHSA-cvv5-9h9w-qp2m
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-353f-5xf4-qw67
- Warn: Project is vulnerable to: GHSA-c24v-8rfc-w8vw
- Warn: Project is vulnerable to: GHSA-8jhw-289h-jh2g
- Warn: Project is vulnerable to: GHSA-64vr-g452-qvp3
- Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx
- Warn: Project is vulnerable to: GHSA-vg6x-rcgg-rjx6
- Warn: Project is vulnerable to: GHSA-9crc-q9x8-hgqq
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-4r6h-8v6p-xvw6
- Warn: Project is vulnerable to: GHSA-5pgg-2g8v-p4x9
Score
3.5
/10
Last Scanned on 2025-02-10
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More