@apollographql/graphql-language-service-parser

An online parser for GraphQL for use in syntax-highlighters and code intelligence tools

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

apollo-botevanshauserhwillsonjbaxleyiiimartijnwalravennimshadaj

Keywords

graphql

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Publisher change from shadaj to apollo-bot reflects Apollo GraphQL's org-wide migration to bot-based publishing. apollo-bot has a strong track record across 63 packages.	ai	2026/04/24
maintainer-change	maintainer-added	AI (maintainer-change): apollo-bot and nim are part of Apollo GraphQL's standard publishing infrastructure; this is a legitimate org-level maintainer transition.	ai	2026/04/24
maintainer-change	maintainer-removed	AI (maintainer-change): Removal of mdg/sashko is consistent with Apollo's organizational transition away from individual/legacy maintainers to bot-based publishing.	ai	2026/04/24
publish-pattern	new-deps-added	AI (publish-pattern): graphql-language-service-types replaces the scoped @apollographql/graphql-language-service-types — a straightforward rename, not a suspicious new dependency.	ai	2026/04/24
phantom-deps	phantom-dep:graphql-language-service-types	AI (phantom-deps): Declared as a type/config dependency; phantom detection is a false positive for type-only usage in this GraphQL tooling package.	ai	2026/04/24