Skip to content

forceCalendar/audit

Repository files navigation

forceCalendar Security Audit

License: MIT

The public security transparency page for forceCalendar. This is not a marketing page — it shows the real security posture of the project, including open findings and their remediation status.

What it shows

  • Supply chain — runtime dependency count for @forcecalendar/core and @forcecalendar/interface (zero, and zero transitive)
  • CSP compatibility — which strict Content-Security-Policy directives the library runs under
  • Live findings — open and resolved issues fetched from GitHub at build/view time (issues labeled type:security, plus critical/high type:bug issues in core and interface)
  • Remediation tracker — status of each finding

Stack

Next.js (static export) · React 19 · Tailwind CSS. The findings data comes from app/lib/github.js, which queries the GitHub Issues API — no manual editing of findings.

Development

npm install
npm run dev      # http://localhost:3000
npm run build    # static export to out/

Reporting a vulnerability

Never as a public issue — see the security policy.

License

MIT

About

Public security transparency page for forceCalendar — live findings, CSP compatibility, supply-chain stats

Topics

Resources

License

Code of conduct

Contributing

Security policy

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors