@graphiql/react — Greenflagged

[Changelog](https://github.com/graphql/graphiql/blob/main/packages/graphiql-react/CHANGELOG.md) | [API Docs](https://graphiql-test.netlify.app/typedoc/modules/graphiql_react.html) | [NPM](https://www.npmjs.com/package/@graphiql/react)

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

benjiemjmahoneleebyroni1gacao

Keywords

reactgraphqlsdkmonaco-editormonaco-graphqlmonaco

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Moved to GitHub Actions CI/CD publishing with SLSA provenance; stable for this package.	ai	2026/05/11
phantom-deps	phantom-dep:@types/codemirror	AI (phantom-deps): TypeScript types for codemirror; framework-scoped convention, stable for this package.	ai	2026/04/28
dependencies	unvetted-dep:@radix-ui/react-tooltip	AI (dependencies): @radix-ui/react-tooltip is a canonical Radix UI primitive; legitimate and widely trusted dependency.	ai	2026/04/23
dependencies	unvetted-dep:markdown-it	AI (dependencies): markdown-it is a widely-used, well-maintained Markdown parser; legitimate dependency for a GraphQL IDE component library.	ai	2026/04/23
bogus-package	bogus-package	AI (bogus-package): The S_KNOWN_SPAM_PUBLISHER signal references leebyron (Lee Byron, GraphQL co-creator). This is a false positive; the package is part of the official graphql/graphiql monorepo.	ai	2026/04/23
dependencies	unvetted-dep:@radix-ui/react-dropdown-menu	AI (dependencies): @radix-ui/react-dropdown-menu is a canonical Radix UI primitive; legitimate and widely trusted dependency.	ai	2026/04/23
dependencies	unvetted-dep:@radix-ui/react-dialog	AI (dependencies): @radix-ui/react-dialog is a canonical Radix UI primitive used throughout the React ecosystem; no security concern.	ai	2026/04/23

Versions (showing 100 of 233)

Hide prereleases

Version	Deps	Published
0.37.5	17 / 14	2026-05-15
0.37.4	17 / 14	2026-05-11
0.37.3	16 / 14	2025-11-30
0.37.2	16 / 14	2025-11-01
0.37.1	16 / 14	2025-07-19
0.37.0	16 / 14	2025-07-18
0.36.0	16 / 14	2025-07-17
0.35.6	17 / 14	2025-07-13
0.35.5	17 / 14	2025-07-10
0.35.4	17 / 14	2025-07-02
0.35.3	17 / 14	2025-07-01
0.35.2	17 / 14	2025-07-01
0.35.1	17 / 14	2025-06-24
0.35.0	17 / 14	2025-06-24
0.34.1	17 / 14	2025-05-29
0.34.0	17 / 14	2025-05-20
0.33.0	17 / 14	2025-05-13
0.32.2	16 / 14	2025-05-09
0.32.1	16 / 14	2025-05-07
0.32.0	16 / 14	2025-05-05
0.31.0	17 / 16	2025-05-04
0.30.0	17 / 16	2025-05-03
0.29.0	17 / 16	2025-04-30
0.28.2	17 / 16	2024-12-17
0.28.1	17 / 16	2024-12-16
0.28.0	17 / 16	2024-12-14
0.27.1	16 / 15	2024-12-14
0.27.0	16 / 13	2024-11-09
0.26.2	16 / 13	2024-08-24
0.26.1	16 / 13	2024-08-23
0.26.0	16 / 13	2024-08-15
0.25.0	16 / 13	2024-08-15
0.24.0	15 / 12	2024-08-07
0.23.1	15 / 12	2024-08-08
0.23.0	15 / 11	2024-08-01
0.22.4	15 / 11	2024-07-01
0.22.3	15 / 11	2024-06-17
0.22.2	15 / 11	2024-05-31
0.22.1	15 / 11	2024-05-12
0.22.0	15 / 11	2024-05-07
0.21.0	15 / 11	2024-04-05
0.20.4	15 / 11	2024-04-02
0.20.3	15 / 11	2024-02-01
0.20.2	15 / 11	2023-11-02
0.20.1	15 / 11	2023-10-31
0.20.0	15 / 11	2023-10-31
0.19.4	15 / 11	2023-09-17
0.19.3	15 / 11	2023-07-30
0.19.2	15 / 11	2023-07-24
0.19.1	15 / 11	2023-07-16
0.19.0	15 / 11	2023-07-12
0.18.0	15 / 11	2023-06-24
0.17.6	14 / 12	2023-05-27
0.17.5	14 / 12	2023-05-23
0.17.4	14 / 12	2023-05-11
0.17.3	14 / 12	2023-05-08
0.17.2	14 / 12	2023-05-03
0.17.1	14 / 12	2023-03-26
0.17.0	14 / 11	2023-03-02
0.15.0	13 / 11	2022-11-25
0.14.0	13 / 11	2022-11-12
0.13.7	13 / 11	2022-10-30
0.13.6	13 / 11	2022-10-28
0.13.5	13 / 11	2022-10-28
0.13.4	13 / 11	2022-10-25
0.13.3	13 / 11	2022-10-10
0.13.2	13 / 11	2022-09-23
0.13.1	13 / 11	2022-09-07
0.13.0	13 / 11	2022-09-07
0.12.1	13 / 11	2022-09-07
0.12.0	13 / 11	2022-09-05
0.11.1	13 / 11	2022-08-27
0.11.0	13 / 11	2022-08-24
0.10.0	8 / 9	2022-08-11
0.9.0	8 / 9	2022-08-08
0.8.0	8 / 9	2022-08-07
0.7.1	8 / 9	2022-08-05
0.7.0	8 / 9	2022-08-04
0.6.0	8 / 9	2022-07-22
0.5.2	8 / 9	2022-07-13
0.5.1	8 / 9	2022-07-12
0.5.0	8 / 9	2022-07-06
0.4.3	8 / 9	2022-06-30
0.4.2	8 / 9	2022-06-15
0.4.1	8 / 9	2022-06-09
0.4.0	8 / 9	2022-06-06
0.3.0	8 / 9	2022-06-04
0.2.1	7 / 8	2022-05-29
0.2.0	5 / 8	2022-05-23
0.1.2	4 / 8	2022-05-23
0.1.1	4 / 8	2022-05-22
0.1.0	4 / 8	2022-05-22
0.37.3-canary-c3a87e41.0	16 / 14	2025-11-30
0.37.3-canary-90be6f5b.0	16 / 14	2025-11-30
0.37.3-canary-792b789a.0	16 / 14	2025-11-30
0.37.3-canary-67317292.0	16 / 14	2025-11-30
0.37.3-canary-178461cf.0	16 / 14	2025-11-30
0.37.2-canary-c112826c.0	16 / 14	2025-10-31
0.37.1-canary-cb0cb865.0	16 / 14	2025-07-19
0.37.0-canary-5c0dbbb8.0	16 / 14	2025-07-18

Showing 100 of 233 Next page →

v0.37.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.37.4

2 findings

HIGH Publisher changed: acao → GitHub Actions (on 2026-05-11) provenance

This version was published by a different npm account than previous versions on 2026-05-11. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.