@graphql-tools/mock — Greenflagged

A set of utils for faster development of GraphQL tools

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

dotansimhaurigoardatanenisdenjotheguild-bot

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Publisher change from ardatan to GitHub Actions is consistent with automated CI/CD release in graphql-tools monorepo; SLSA provenance confirms integrity.	ai	2026/04/23
publish-pattern	suspicious-version-number	AI (publish-pattern): Alpha pre-release version with commit hash is standard for CI/CD builds; stable pattern for this package.	ai	2026/04/23
provenance	no-provenance	AI (provenance): Provenance attestation is a CI/CD enhancement; absence is not a security blocker for established publishers.	ai	2026/04/22
phantom-deps	phantom-dep:tslib	AI (phantom-deps): tslib is a known implicit dependency in TypeScript projects and is correctly declared in package.json; stable for this package.	ai	2026/04/22
dependencies	unvetted-dep:ts-is-defined	AI (dependencies): ts-is-defined is a tiny, well-known TypeScript type-guard utility with no malicious signals; legitimate dependency for a TypeScript-first graphql-tools package.	ai	2026/04/22
maintainer-change	maintainer-added	AI (maintainer-change): theguild-bot is a CI/CD automation account typical for monorepo releases; stable for this publisher.	ai	2026/04/22
source-diff	source-size-tripled	AI (source-diff): 3.5x growth consistent with feature additions; no obfuscation or malware signals.	ai	2026/04/22
source-diff	large-new-source-files	AI (source-diff): 32 new files reflect feature expansion in mature package; no injection indicators.	ai	2026/04/22
publish-pattern	new-deps-added	AI (publish-pattern): Single new dependency on established utility; consistent with normal package evolution.	ai	2026/04/22
dependencies	unvetted-dep:fast-json-stable-stringify	AI (dependencies): fast-json-stable-stringify is a well-known, legitimate utility with no security concerns.	ai	2026/04/22
typosquat	typosquat.levenshtein:mocha	AI (typosquat): @graphql-tools/mock is a scoped package in the well-known graphql-tools monorepo; not a typosquat of mocha.	ai	2026/04/21
typosquat	typosquat.levenshtein:mobx	AI (typosquat): @graphql-tools/mock is a scoped package in the well-known graphql-tools monorepo; not a typosquat of mobx.	ai	2026/04/21
bogus-package	bogus-package	AI (bogus-package): Missing README sections and keywords are typical for monorepo packages and pre-releases; not indicative of spam.	ai	2026/04/21

Versions (showing 51 of 119)

Show 1 prerelease View all versions

Version	Deps	Published
9.1.7	4 / 0	2026-04-23
9.1.6	4 / 0	2026-04-09
9.1.5	4 / 0	2026-01-07
9.1.4	4 / 0	2025-11-28
9.1.3	4 / 0	2025-11-12
9.1.2	4 / 0	2025-11-11
9.1.1	4 / 0	2025-11-04
9.1.0	4 / 0	2025-10-30
9.0.25	4 / 0	2025-07-21
9.0.24	4 / 0	2025-07-17
9.0.23	4 / 0	2025-05-22
9.0.22	4 / 0	2025-03-13
9.0.21	4 / 0	2025-03-13
9.0.20	4 / 0	2025-03-03
9.0.19	4 / 0	2025-02-25
9.0.18	4 / 0	2025-02-21
9.0.17	4 / 0	2025-02-10
9.0.16	4 / 0	2025-02-10
9.0.15	4 / 0	2025-01-16
9.0.14	4 / 0	2025-01-06
9.0.13	4 / 0	2025-01-02
9.0.12	4 / 0	2024-12-24
9.0.11	4 / 0	2024-12-14
9.0.10	4 / 0	2024-12-13
9.0.9	4 / 0	2024-12-04
9.0.8	4 / 0	2024-11-27
9.0.7	4 / 0	2024-11-22
9.0.6	4 / 0	2024-11-13
9.0.5	4 / 0	2024-10-15
9.0.4	4 / 0	2024-07-23
9.0.3	4 / 0	2024-05-27
9.0.2	4 / 0	2024-02-23
9.0.1	4 / 0	2024-01-22
9.0.0	4 / 0	2023-05-19
8.7.20	4 / 0	2023-04-13
8.7.19	4 / 0	2023-03-06
8.7.18	4 / 0	2023-02-06
8.7.17	4 / 0	2023-02-01
8.7.16	4 / 0	2023-01-26
8.7.15	4 / 0	2023-01-12
8.7.14	4 / 0	2022-12-07
8.7.13	4 / 0	2022-12-07
8.7.12	4 / 0	2022-11-14
8.7.11	4 / 0	2022-11-07
8.7.10	4 / 0	2022-11-02
8.7.9	4 / 0	2022-11-01
8.7.8	4 / 0	2022-10-31
8.7.7	4 / 0	2022-10-27
8.7.6	4 / 0	2022-09-09
8.7.5	4 / 0	2022-09-05
8.7.4	4 / 0	2022-08-26