The public security transparency page for forceCalendar. This is not a marketing page — it shows the real security posture of the project, including open findings and their remediation status.
- Supply chain — runtime dependency count for
@forcecalendar/coreand@forcecalendar/interface(zero, and zero transitive) - CSP compatibility — which strict Content-Security-Policy directives the library runs under
- Live findings — open and resolved issues fetched from GitHub at build/view time (issues labeled
type:security, plus critical/hightype:bugissues incoreandinterface) - Remediation tracker — status of each finding
Next.js (static export) · React 19 · Tailwind CSS. The findings data comes from app/lib/github.js, which queries the GitHub Issues API — no manual editing of findings.
npm install
npm run dev # http://localhost:3000
npm run build # static export to out/Never as a public issue — see the security policy.