@graphql-toolkit/graphql-tag-pluck MIT 14 versions

@graphql-toolkit/graphql-tag-pluck

npm Repository Homepage

Pluck graphql-tag template literals

Versions

MIT

License

Install Scripts

Missing

Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

ardatandotansimhaurigo

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
publish-pattern	new-deps-added	AI (publish-pattern): vue-template-compiler is a legitimate optional dependency for Vue SFC support in a GraphQL tag plucking tool; not a malicious addition.	ai	2026/04/22
provenance	publisher-changed	AI (provenance): ardatan and dotansimha are both core graphql-toolkit maintainers; this is a documented team transition within the same project, not a suspicious account takeover.	ai	2026/04/22
dependencies	unvetted-dep:vue-template-compiler	AI (dependencies): vue-template-compiler is an optional dep used for Vue SFC parsing — legitimate and contextually appropriate for a GraphQL tag pluck utility.	ai	2026/04/22
provenance	no-provenance	AI (provenance): Package is 2343 days old with 593 versions; provenance attestation did not exist when this package was established. Not a meaningful risk signal for this package.	ai	2026/04/21

Versions (showing 14 of 14)

Version	Deps	Published
0.9.9	5 / 0	2020-03-17
0.9.8	5 / 0	2020-03-17
0.9.5	5 / 0	2020-01-27
0.9.4	4 / 0	2020-01-24
0.9.3	4 / 0	2020-01-24
0.9.2	4 / 0	2020-01-24
0.9.1	3 / 0	2020-01-16
0.9.0	4 / 0	2020-01-06
0.8.1	4 / 0	2020-01-01
0.8.0	4 / 0	2019-12-31
0.7.5	4 / 0	2019-12-23
0.7.4	3 / 0	2019-11-27
0.7.3	3 / 0	2019-11-27
0.7.2	3 / 0	2019-11-20