@graphql-codegen/core — Greenflagged

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

dotansimhaardatankamilkisielaurigotheguild-bot

Keywords

gqlgeneratorcodetypesinterfacesgraphqlcodegenapollonodetypescripttsflowtypesd.tstypings

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition from theguild-bot to GitHub Actions reflects CI migration; SLSA provenance present.	ai	2026/05/30
provenance	missing-githead	AI (provenance): gitHead often dropped in GitHub Actions publishes; SLSA provenance compensates.	ai	2026/05/30
npm-metadata	no-description	AI (npm-metadata): Scoped Guild package; missing description is cosmetic, not a spam signal.	ai	2026/05/30
bogus-package	bogus-package	AI (bogus-package): False positive on a 6.8M-download established package.	ai	2026/05/30
typosquat	typosquat.levenshtein:cors	AI (typosquat): Scoped package @graphql-codegen/core is a well-known GraphQL code generation library; Levenshtein match to 'cors' is purely coincidental and not a typosquat.	ai	2026/04/23
phantom-deps	phantom-dep:tslib	AI (phantom-deps): tslib is a standard TypeScript runtime helper declared as a dependency; used implicitly by compiled TypeScript output, not a direct import in source.	ai	2026/04/23

Versions (showing 100 of 208)

Hide prereleases

Version	Deps	Published
6.1.0	4 / 0	2026-05-27
6.0.1	4 / 0	2026-05-27
6.0.0	4 / 0	2026-04-30
5.0.2	4 / 0	2026-04-13
5.0.1	4 / 0	2026-03-06
5.0.0	4 / 0	2025-09-07
4.0.2	4 / 0	2024-02-06
4.0.1	4 / 0	2024-01-08
4.0.0	4 / 0	2023-05-24
3.1.0	4 / 0	2023-02-21
3.0.0	4 / 0	2023-02-03
2.6.8	4 / 0	2022-12-07
2.6.7	4 / 0	2022-12-07
2.6.6	4 / 0	2022-11-14
2.6.5	4 / 0	2022-11-02
2.6.4	4 / 0	2022-11-01
2.6.3	4 / 0	2022-11-01
2.6.2	4 / 0	2022-08-11
2.6.1	4 / 0	2022-08-08
2.6.0	4 / 0	2022-07-08
2.5.1	4 / 0	2022-02-10
2.5.0	4 / 0	2022-02-03
2.4.0	4 / 0	2021-12-30
2.3.0	4 / 0	2021-10-29
2.2.0	4 / 0	2021-10-13
2.1.0	4 / 0	2021-08-19
2.0.0	4 / 0	2021-08-03
1.17.10	4 / 0	2021-05-26
1.17.9	4 / 0	2020-11-26
1.17.8	4 / 0	2020-08-11
1.17.7	4 / 0	2020-08-02
1.17.6	4 / 0	2020-07-27
1.17.5	4 / 0	2020-07-27
1.17.4	4 / 0	2020-07-23
1.17.3	4 / 0	2020-07-21
1.17.2	4 / 0	2020-07-21
1.17.1	4 / 0	2020-07-21
1.17.0	4 / 0	2020-07-12
1.16.3	4 / 0	2020-07-06
1.16.2	4 / 0	2020-07-05
1.16.1	4 / 0	2020-07-05
1.16.0	4 / 0	2020-06-30
1.15.4	4 / 0	2020-06-18
1.15.3	4 / 0	2020-06-11
1.15.2	4 / 0	2020-06-10
1.15.1	4 / 0	2020-06-03
1.15.0	4 / 0	2020-05-26
1.14.0	4 / 0	2020-05-19
1.13.5	4 / 0	2020-05-03
1.13.4	4 / 0	2020-04-30
1.13.3	4 / 0	2020-04-19
1.13.2	4 / 0	2020-04-07
1.13.1	4 / 0	2020-03-17
1.13.0	4 / 0	2020-03-09
1.12.2	4 / 0	2020-02-07
1.12.1	4 / 0	2020-01-29
1.12.0	4 / 0	2020-01-28
1.11.2	4 / 0	2020-01-08
1.11.1	4 / 0	2020-01-08
1.11.0	4 / 0	2020-01-07
1.10.0	4 / 0	2020-01-02
1.9.1	4 / 0	2019-11-28
1.9.0	3 / 0	2019-11-27
1.8.3	4 / 1	2019-11-03
1.8.2	3 / 1	2019-10-23
1.8.1	3 / 1	2019-10-05
1.8.0	3 / 1	2019-10-02
1.7.0	3 / 1	2019-08-31
1.6.1	3 / 1	2019-08-16
1.6.0	3 / 1	2019-08-16
1.5.0	3 / 1	2019-08-07
1.4.0	3 / 1	2019-07-12
1.3.1	3 / 1	2019-06-23
1.3.0	3 / 1	2019-06-19
1.2.1	3 / 1	2019-06-09
1.2.0	3 / 1	2019-05-19
1.1.3	3 / 1	2019-05-01
1.1.1	3 / 1	2019-04-23
1.1.0	3 / 1	2019-04-17
1.0.7	3 / 1	2019-04-07
1.0.6	3 / 1	2019-03-27
1.0.5	3 / 1	2019-03-27
1.0.4	3 / 1	2019-03-25
1.0.3	3 / 1	2019-03-22
1.0.2	3 / 1	2019-03-20
1.0.1	3 / 1	2019-03-20
1.0.0	3 / 1	2019-03-19
6.0.0-alpha-20260422122602-fdc454ac0f4fe86baab0e0c4fa19b8ad1d249124	4 / 0	2026-04-22
6.0.0-alpha-20260419102718-b51558732f8016c9d9f645501d1e06891d639dc4	4 / 0	2026-04-19
6.0.0-alpha-20260418131654-503ab6a01555d0981481d105f71b7685480bcb3c	4 / 0	2026-04-18
6.0.0-alpha-20260413135420-eb41159d047f15f84648ca3282322ef660a92d63	4 / 0	2026-04-13
6.0.0-alpha-20260413134408-61e21f4b1b8f8b029c7078874e088f7e34608c4d	4 / 0	2026-04-13
6.0.0-alpha-20260413134044-219e6c60eb76b7ddbddd6681ff504fcd03e97227	4 / 0	2026-04-13
6.0.0-alpha-20260413133253-405d8586497bf3936183822bddf74940ae72abe9	4 / 0	2026-04-13
6.0.0-alpha-20260413131710-0312d1fa627824dd432c55bb28404b073ce33830	4 / 0	2026-04-13
6.0.0-alpha-20260413131420-7aed107788d15ef2a04c40291da32944fdae7888	4 / 0	2026-04-13
6.0.0-alpha-20260331131036-3103b7af1f0e6f15d6cf4d9521376fa82383845e	4 / 0	2026-03-31
6.0.0-alpha-20260331125845-e6d2a4ce6d2c1f46380441d80f8a3b827fbac6d8	4 / 0	2026-03-31
6.0.0-alpha-20260330130133-91e5886d742ea13cf65e87b235232a6caefa6baa	4 / 0	2026-03-30
6.0.0-alpha-20260327125229-b352e1272229b87533612b99fe96134d0c6a89bb	4 / 0	2026-03-27

Showing 100 of 208 Next page →

v6.1.0

3 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

HIGH Publisher changed: theguild-bot → GitHub Actions (on 2026-05-27) provenance

This version was published by a different npm account than previous versions on 2026-05-27. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.