Gathering detailed insights and metrics for @nocobase/plugin-api-doc
Gathering detailed insights and metrics for @nocobase/plugin-api-doc
NocoBase is an extensibility-first, open-source no-code/low-code platform for building business applications and enterprise solutions.
Installations
npm install @nocobase/plugin-api-docDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Node Version
20.19.3
NPM Version
lerna/4.0.0/node@v20.19.3+x64 (linux)
Releases
342
Languages
7
TypeScript
JavaScript
Smarty
Shell
Dockerfile
Less
CSS
TypeScript (98.88%)
JavaScript (1.04%)
Smarty (0.03%)
Shell (0.02%)
Dockerfile (0.02%)
Less (0.01%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
NOASSERTION License
16,100 Stars
11,022 Commits
1,814 Forks
145 Watchers
279 Branches
90 Contributors
Updated on Jul 16, 2025
Maintainers
2
Package Meta Information
Latest Version
1.8.5
Package Id
@nocobase/plugin-api-doc@1.8.5
Unpacked Size
1.50 MB
Size
413.09 kB
File Count
64
NPM Version
lerna/4.0.0/node@v20.19.3+x64 (linux)
Node Version
20.19.3
Published on
Jul 14, 2025
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Peer Dependencies
3
Dev Dependencies
1
NocoBase
What is NocoBase
NocoBase is a scalability-first, open-source no-code development platform.
Instead of investing years of time and millions of dollars in research and development, deploy NocoBase in a few minutes and you'll have a private, controllable, and extremely scalable no-code development platform!
Homepage:
https://www.nocobase.com/
Online Demo:
https://demo.nocobase.com/new
Documents:
https://docs.nocobase.com/
Commericial license & plugins:
https://www.nocobase.com/en/commercial
License agreement:
https://www.nocobase.com/en/agreement
Contact Us:
No vulnerabilities found.
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/build-docker.yml:15
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE.txt:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
Found 1/30 approved changesets -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/auto-merge.yml:1
- Warn: no topLevel permission defined: .github/workflows/build-docker.yml:1
- Warn: no topLevel permission defined: .github/workflows/build-internal-image.yml:1
- Warn: no topLevel permission defined: .github/workflows/build-pro-image.yml:1
- Warn: no topLevel permission defined: .github/workflows/changelog-and-release.yml:1
- Warn: no topLevel permission defined: .github/workflows/create-branch.yml:1
- Warn: no topLevel permission defined: .github/workflows/deploy-client-docs.yml:1
- Warn: no topLevel permission defined: .github/workflows/e2e.yml:1
- Warn: no topLevel permission defined: .github/workflows/get-plugins.yml:1
- Warn: no topLevel permission defined: .github/workflows/manual-build-pr-docker-image.yml:1
- Warn: no topLevel permission defined: .github/workflows/manual-build-pro-image.yml:1
- Warn: no topLevel permission defined: .github/workflows/manual-build-pro-plugin-image.yml:1
- Warn: no topLevel permission defined: .github/workflows/manual-e2e.yml:1
- Warn: no topLevel permission defined: .github/workflows/manual-merge.yml:1
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/manual-npm-publish-license-kit.yml:7
- Warn: no topLevel permission defined: .github/workflows/manual-release-develop.yml:1
- Warn: no topLevel permission defined: .github/workflows/manual-release-next.yml:1
- Warn: no topLevel permission defined: .github/workflows/manual-release.yml:1
- Warn: no topLevel permission defined: .github/workflows/nocobase-test-backend.yml:1
- Warn: no topLevel permission defined: .github/workflows/nocobase-test-frontend.yml:1
- Warn: no topLevel permission defined: .github/workflows/nocobase-test-windows.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Info: no jobLevel write permissions found
Reason
dangerous workflow patterns detected
Details
- Warn: script injection with untrusted input ' inputs.branch || github.head_ref || github.ref_name ': .github/workflows/auto-merge.yml:32
- Warn: script injection with untrusted input ' inputs.branch || github.head_ref || github.ref_name ': .github/workflows/auto-merge.yml:32
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/build-pro-image.yml:43
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/build-pro-image.yml:43
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/build-pro-image.yml:71
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/build-pro-image.yml:71
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/build-pro-image.yml:89
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/build-pro-image.yml:89
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/e2e.yml:57
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/e2e.yml:57
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/e2e.yml:57
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/e2e.yml:57
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/e2e.yml:135
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/e2e.yml:135
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/e2e.yml:233
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/e2e.yml:233
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/e2e.yml:457
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/e2e.yml:457
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/manual-build-pro-image.yml:33
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/manual-build-pro-image.yml:33
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/manual-build-pro-image.yml:110
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/manual-build-pro-plugin-image.yml:36
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/manual-build-pro-plugin-image.yml:36
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/manual-build-pro-plugin-image.yml:95
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/manual-merge.yml:22
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/manual-merge.yml:22
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/manual-merge.yml:46
- Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/manual-merge.yml:46
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Info: Possibly incomplete results: error parsing shell code: "}" can only be used to close a block: Dockerfile:12-17
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-merge.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/auto-merge.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-merge.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/auto-merge.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-docker.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-docker.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-docker.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-docker.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-docker.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-docker.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-docker.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-docker.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-docker.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-docker.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-docker.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-docker.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-internal-image.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-internal-image.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-internal-image.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-internal-image.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-internal-image.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-internal-image.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-internal-image.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-internal-image.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-internal-image.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-internal-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-internal-image.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-internal-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-internal-image.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-internal-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-internal-image.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-internal-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-internal-image.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-internal-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-internal-image.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-internal-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-pro-image.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-pro-image.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-pro-image.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-pro-image.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-pro-image.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-pro-image.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-pro-image.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-pro-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-pro-image.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-pro-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-pro-image.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-pro-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-pro-image.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-pro-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-pro-image.yml:132: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-pro-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-pro-image.yml:155: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/build-pro-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/changelog-and-release.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/changelog-and-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/changelog-and-release.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/changelog-and-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/changelog-and-release.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/changelog-and-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/changelog-and-release.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/changelog-and-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/changelog-and-release.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/changelog-and-release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/create-branch.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/create-branch.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-branch.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/create-branch.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-branch.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/create-branch.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-client-docs.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/deploy-client-docs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-client-docs.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/deploy-client-docs.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-client-docs.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/deploy-client-docs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:536: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:537: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:544: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:557: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:564: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:161: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:172: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:195: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:223: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:226: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:259: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:270: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:293: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:447: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:450: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:483: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:494: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:517: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/get-plugins.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/get-plugins.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-build-pr-docker-image.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pr-docker-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-build-pr-docker-image.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pr-docker-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-build-pr-docker-image.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pr-docker-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-build-pr-docker-image.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pr-docker-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-build-pr-docker-image.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pr-docker-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-build-pro-image.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pro-image.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-build-pro-image.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pro-image.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-build-pro-image.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pro-image.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-build-pro-image.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pro-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-build-pro-image.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pro-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-build-pro-image.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pro-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-build-pro-image.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pro-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-build-pro-image.yml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pro-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-build-pro-plugin-image.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pro-plugin-image.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-build-pro-plugin-image.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pro-plugin-image.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-build-pro-plugin-image.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pro-plugin-image.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-build-pro-plugin-image.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pro-plugin-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-build-pro-plugin-image.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pro-plugin-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-build-pro-plugin-image.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pro-plugin-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-build-pro-plugin-image.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pro-plugin-image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-build-pro-plugin-image.yml:123: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-build-pro-plugin-image.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-e2e.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-e2e.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-e2e.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-e2e.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-e2e.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-merge.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-merge.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-merge.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-merge.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-merge.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-merge.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:140: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:152: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:163: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:172: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:180: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:222: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:288: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:296: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:303: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:310: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:331: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:339: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:346: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:355: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:376: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:384: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:391: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:404: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:409: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:244: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:252: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:259: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:267: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:423: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:431: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:438: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:451: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:456: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:475: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:483: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:490: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:502: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:507: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:521: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:529: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:536: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:543: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:548: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:555: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:573: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:581: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:588: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish-license-kit.yml:595: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-npm-publish-license-kit.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-release-develop.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release-develop.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release-develop.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release-develop.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release-develop.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release-develop.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release-develop.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release-develop.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release-develop.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release-develop.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release-next.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release-next.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release-next.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release-next.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release-next.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release-next.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release-next.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release-next.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release-next.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release-next.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release-next.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release-next.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-release-next.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release-next.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-release.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/manual-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nocobase-test-backend.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/nocobase-test-backend.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nocobase-test-backend.yml:115: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/nocobase-test-backend.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nocobase-test-backend.yml:163: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/nocobase-test-backend.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nocobase-test-backend.yml:165: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/nocobase-test-backend.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nocobase-test-backend.yml:209: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/nocobase-test-backend.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nocobase-test-backend.yml:211: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/nocobase-test-backend.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nocobase-test-backend.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/nocobase-test-backend.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nocobase-test-backend.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/nocobase-test-backend.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nocobase-test-frontend.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/nocobase-test-frontend.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nocobase-test-frontend.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/nocobase-test-frontend.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nocobase-test-windows.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/nocobase-test-windows.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nocobase-test-windows.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/nocobase-test-windows.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nocobase-test-windows.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/nocobase-test-windows.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:140: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:144: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:199: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:204: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:210: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:219: update your workflow using https://app.stepsecurity.io/secureworkflow/nocobase/nocobase/release.yml/main?enable=pin
- Warn: containerImage not pinned by hash: Dockerfile:1
- Warn: containerImage not pinned by hash: Dockerfile:57: pin your Docker image by updating node:20-bookworm-slim to node:20-bookworm-slim@sha256:fa43945ad45c5f8c50dbea0633d888ddeb739f7d4e06c7696a9d68b54054238a
- Warn: containerImage not pinned by hash: Dockerfile.pro:1
- Warn: containerImage not pinned by hash: Dockerfile.pro:46: pin your Docker image by updating node:20.13-bullseye-slim to node:20.13-bullseye-slim@sha256:af5fb4447e73fdbbf4cec9fcdbc545061a5a13db1b5d21f479302a9c4e56de0b
- Warn: containerImage not pinned by hash: docker/nocobase/Dockerfile:1
- Warn: containerImage not pinned by hash: docker/nocobase/Dockerfile:21: pin your Docker image by updating node:20-bookworm-slim to node:20-bookworm-slim@sha256:fa43945ad45c5f8c50dbea0633d888ddeb739f7d4e06c7696a9d68b54054238a
- Warn: containerImage not pinned by hash: docker/nocobase/Dockerfile-full:1
- Warn: containerImage not pinned by hash: docker/nocobase/Dockerfile-full:21: pin your Docker image by updating node:20-bookworm-slim to node:20-bookworm-slim@sha256:fa43945ad45c5f8c50dbea0633d888ddeb739f7d4e06c7696a9d68b54054238a
- Warn: npmCommand not pinned by hash: .github/workflows/manual-release-develop.yml:84
- Warn: npmCommand not pinned by hash: .github/workflows/manual-release-next.yml:129
- Warn: npmCommand not pinned by hash: .github/workflows/manual-release.yml:123
- Info: 0 out of 132 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 56 third-party GitHubAction dependencies pinned
- Info: 0 out of 8 containerImage dependencies pinned
- Info: 0 out of 3 npmCommand dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 16 are checked with a SAST tool
Reason
82 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q
- Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
- Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
- Warn: Project is vulnerable to: GHSA-4w2v-q235-vp99
- Warn: Project is vulnerable to: GHSA-cph5-m8f7-6c5x
- Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
- Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-36jr-mh4h-2g58
- Warn: Project is vulnerable to: GHSA-gx9m-whjm-85jf
- Warn: Project is vulnerable to: GHSA-mmhx-hmjr-r674
- Warn: Project is vulnerable to: GHSA-vhxf-7vqr-mrjg
- Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
- Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
- Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
- Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
- Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
- Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh
- Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-74fj-2j2h-c42q
- Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c
- Warn: Project is vulnerable to: GHSA-75v8-2h7p-7m2m
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-pppg-cpfq-h7wr
- Warn: Project is vulnerable to: GHSA-hw8r-x6gr-5gjp
- Warn: Project is vulnerable to: GHSA-x2rg-q646-7m2v
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-m4gq-x24j-jpmf
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-mh8j-9jvh-gjf6
- Warn: Project is vulnerable to: GHSA-44fp-w29j-9vj5
- Warn: Project is vulnerable to: GHSA-4pg4-qvpc-4q3h
- Warn: Project is vulnerable to: GHSA-g5hg-p3ph-g8qg
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-9h6g-pr28-7cqp
- Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr
- Warn: Project is vulnerable to: GHSA-8g77-54rh-46hx
- Warn: Project is vulnerable to: GHSA-3j8f-xvm3-ffx4
- Warn: Project is vulnerable to: GHSA-j9fq-vwqv-2fm2
- Warn: Project is vulnerable to: GHSA-pqw5-jmp5-px4v
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6
- Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59
- Warn: Project is vulnerable to: GHSA-x5gf-qvw8-r2rm
- Warn: Project is vulnerable to: GHSA-x7hr-w5r2-h6wg
- Warn: Project is vulnerable to: GHSA-4943-9vgg-gr5r
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-325j-24f4-qv5x
- Warn: Project is vulnerable to: GHSA-vx3p-948g-6vhq
- Warn: Project is vulnerable to: GHSA-cvv5-9h9w-qp2m
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx
- Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-3mv9-4h5g-vhg3
- Warn: Project is vulnerable to: GHSA-353f-5xf4-qw67
- Warn: Project is vulnerable to: GHSA-c24v-8rfc-w8vw
- Warn: Project is vulnerable to: GHSA-8jhw-289h-jh2g
- Warn: Project is vulnerable to: GHSA-64vr-g452-qvp3
- Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx
- Warn: Project is vulnerable to: GHSA-vg6x-rcgg-rjx6
- Warn: Project is vulnerable to: GHSA-x574-m823-4x7w
- Warn: Project is vulnerable to: GHSA-4r4m-qw57-chr8
- Warn: Project is vulnerable to: GHSA-xcj6-pq6g-qj4x
- Warn: Project is vulnerable to: GHSA-356w-63v5-8wf4
- Warn: Project is vulnerable to: GHSA-859w-5945-r5v3
- Warn: Project is vulnerable to: GHSA-9crc-q9x8-hgqq
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-4r6h-8v6p-xvw6
- Warn: Project is vulnerable to: GHSA-5pgg-2g8v-p4x9
Score
3.5
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More