@graphql-codegen/typescript

GraphQL Code Generator plugin for generating TypeScript types

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

dotansimhaardatankamilkisielaurigotheguild-bot

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition from theguild-bot to GitHub Actions CI; SLSA attestation confirms legitimate publish pipeline.	ai	2026/05/30
provenance	missing-githead	AI (provenance): CI migration dropped gitHead; SLSA provenance compensates as commit-linking signal.	ai	2026/05/30

Versions (showing 100 of 443)

Hide prereleases

Version	Deps	Published
6.0.2	5 / 0	2026/05/27
6.0.1	5 / 0	2026-05-06
6.0.0	5 / 0	2026-04-30
5.0.10	5 / 0	2026-04-13
5.0.9	5 / 0	2026-03-06
5.0.8	5 / 0	2026-02-18
5.0.7	5 / 0	2025-12-18
5.0.6	5 / 0	2025-11-29
5.0.5	5 / 0	2025-11-20
5.0.4	5 / 0	2025-11-13
5.0.3	5 / 0	2025-11-12
5.0.2	5 / 0	2025-10-05
5.0.1	5 / 0	2025-09-29
5.0.0	5 / 0	2025-09-07
4.1.6	5 / 0	2025-03-27
4.1.5	5 / 0	2025-02-23
4.1.4	5 / 0	2025-02-19
4.1.3	5 / 0	2025-01-28
4.1.2	5 / 0	2024-11-22
4.1.1	5 / 0	2024-10-28
4.1.0	5 / 0	2024-10-07
4.0.9	5 / 0	2024-07-02
4.0.8	5 / 0	2024-06-28
4.0.7	5 / 0	2024-05-17
4.0.6	5 / 0	2024-02-22
4.0.5	5 / 0	2024-02-20
4.0.4	5 / 0	2024-02-06
4.0.3	5 / 0	2024-02-06
4.0.2	5 / 0	2024-01-08
4.0.1	5 / 0	2023-06-19
4.0.0	5 / 0	2023-05-24
3.0.4	5 / 0	2023-04-22
3.0.3	5 / 0	2023-04-04
3.0.2	5 / 0	2023-03-07
3.0.1	5 / 0	2023-02-21
3.0.0	5 / 0	2023-02-03
2.8.8	5 / 0	2023-01-30
2.8.7	5 / 0	2023-01-04
2.8.6	5 / 0	2022-12-27
2.8.5	5 / 0	2022-12-07
2.8.4	5 / 0	2022-12-07
2.8.3	5 / 0	2022-12-01
2.8.2	5 / 0	2022-11-15
2.8.1	5 / 0	2022-11-01
2.8.0	5 / 0	2022-10-24
2.7.5	5 / 0	2022-10-20
2.7.4	5 / 0	2022-10-11
2.7.3	5 / 0	2022-08-08
2.7.2	5 / 0	2022-07-19
2.7.1	5 / 0	2022-07-09
2.7.0	5 / 0	2022-07-08
2.6.0	5 / 0	2022-07-04
2.5.1	5 / 0	2022-06-10
2.5.0	5 / 0	2022-06-07
2.4.11	5 / 0	2022-05-09
2.4.10	5 / 0	2022-05-05
2.4.9	5 / 0	2022-05-04
2.4.8	5 / 0	2022-03-17
2.4.7	5 / 0	2022-03-09
2.4.6	5 / 0	2022-03-09
2.4.5	5 / 0	2022-02-17
2.4.4	5 / 0	2022-02-16
2.4.3	5 / 0	2022-02-03
2.4.2	5 / 0	2021-12-30
2.4.1	5 / 0	2021-11-18
2.4.0	5 / 0	2021-11-15
2.3.1	5 / 0	2021-11-05
2.3.0	4 / 0	2021-10-29
2.2.4	4 / 0	2021-10-14
2.2.3	4 / 0	2021-10-13
2.2.2	4 / 0	2021-09-10
2.2.1	4 / 0	2021-09-07
2.2.0	4 / 0	2021-09-03
2.1.2	4 / 0	2021-08-25
2.1.1	4 / 0	2021-08-23
2.1.0	4 / 0	2021-08-19
2.0.0	4 / 0	2021-08-03
1.23.0	4 / 0	2021-07-13
1.22.4	4 / 0	2021-06-30
1.22.3	4 / 0	2021-06-21
1.22.2	4 / 0	2021-06-20
1.22.1	4 / 0	2021-05-26
1.22.0	4 / 0	2021-04-19
1.21.1	4 / 0	2021-03-07
1.21.0	4 / 0	2021-02-10
1.20.2	4 / 0	2021-01-26
1.20.1	4 / 0	2021-01-26
1.20.0	4 / 0	2020-12-30
1.19.0	4 / 0	2020-11-29
1.18.1	4 / 0	2020-11-26
1.18.0	4 / 0	2020-11-25
1.17.11	4 / 0	2020-10-19
1.17.10	4 / 0	2020-09-28
1.17.9	4 / 0	2020-08-21
1.17.8	4 / 0	2020-08-11
1.17.7	4 / 0	2020-08-02
1.17.6	4 / 0	2020-07-27
1.17.5	4 / 0	2020-07-27
1.17.4	4 / 0	2020-07-23
1.17.3	4 / 0	2020-07-21

Showing 100 of 443 Next page →

v6.0.2

3 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

HIGH Publisher changed: theguild-bot → GitHub Actions (on unknown date) provenance

This version was published by a different npm account than previous versions on unknown date. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.