← Home

gatsby-source-graphql

npm Repository Homepage

Gatsby plugin which adds a third-party GraphQL API to Gatsby GraphQL

71
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

piehkathmbeckserhalp-netlifymlgualtieri-gatsbyfktylerbarnesdaniellewgatsby

Keywords

gatsbygatsby-plugin

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): Publisher change reflects Netlify's acquisition/stewardship of Gatsby; serhalp-netlify has 5596 approved packages and 0 rejections — legitimate organizational transition. ai
maintainer-change maintainer-added AI (maintainer-change): New maintainers (serhalp-netlify, mlgualtieri-gatsby) are Netlify-affiliated accounts consistent with Gatsby's organizational transition to Netlify stewardship. ai
maintainer-change maintainer-removed AI (maintainer-change): Removal of legacy Gatsby maintainers is consistent with the known Netlify acquisition of Gatsby; not indicative of a hostile takeover. ai
phantom-deps phantom-dep:@apollo/client AI (phantom-deps): Legitimate dependency for a GraphQL plugin; used indirectly through plugin functionality. ai
phantom-deps phantom-dep:@babel/runtime AI (phantom-deps): Framework-scoped package loaded by convention in Babel-transpiled code. ai
phantom-deps phantom-dep:gatsby-core-utils AI (phantom-deps): Legitimate Gatsby plugin dependency; used indirectly through plugin functionality. ai
phantom-deps phantom-dep:invariant AI (phantom-deps): Legitimate dependency for a GraphQL plugin; used indirectly through plugin functionality. ai
phantom-deps phantom-dep:@graphql-tools/links AI (phantom-deps): Legitimate dependency for a GraphQL plugin; used indirectly through plugin functionality. ai
phantom-deps phantom-dep:@graphql-tools/utils AI (phantom-deps): Legitimate dependency for a GraphQL plugin; used indirectly through plugin functionality. ai
bogus-package bogus-package AI (bogus-package): Empty index.js is expected for Babel-transpiled monorepo package; mass-production signal is false positive for official Gatsby core team. ai
phantom-deps phantom-dep:@graphql-tools/wrap AI (phantom-deps): Legitimate dependency for a GraphQL plugin; used indirectly through plugin functionality. ai
phantom-deps phantom-dep:dataloader AI (phantom-deps): Legitimate dependency for a GraphQL plugin; used indirectly through plugin functionality. ai
phantom-deps phantom-dep:node-fetch AI (phantom-deps): Legitimate dependency for a GraphQL plugin; used indirectly through plugin functionality. ai

Versions (showing 71 of 171)

Hide prereleases
Version Deps Published
2.5.1 9 / 4
2.5.0 9 / 4
2.4.3 9 / 4
2.4.2 9 / 4
2.4.1 9 / 4
2.4.0 9 / 4
2.3.2 9 / 4
2.3.1 9 / 4
2.3.0 9 / 4
2.2.1 7 / 4
2.2.0 7 / 4
2.1.35 7 / 4
2.1.34 7 / 4
2.1.33 7 / 4
2.1.32 7 / 4
2.1.31 7 / 4
2.1.30 7 / 4
2.1.29 7 / 4
2.1.28 7 / 4
2.1.26 7 / 4
2.1.25 7 / 4
2.1.24 7 / 4
2.1.23 7 / 4
2.1.22 7 / 4
2.1.21 7 / 4
2.1.20 7 / 4
2.1.19 7 / 4
2.1.18 7 / 4
2.1.17 7 / 4
2.1.15 7 / 4
2.1.14 7 / 4
2.1.13 7 / 4
2.1.12 7 / 4
2.1.11 7 / 4
2.1.10 8 / 4
2.1.9 8 / 4
2.1.8 8 / 4
2.1.7 8 / 4
2.1.6 8 / 4
2.1.5 8 / 4
2.1.4 8 / 4
2.1.3 8 / 4
2.1.2 8 / 4
2.1.1 8 / 4
2.1.0 8 / 4
2.0.19 8 / 4
2.0.18 8 / 4
2.0.17 8 / 4
2.0.16 8 / 4
2.0.15 8 / 4
2.0.14 8 / 4
2.0.13 8 / 4
2.0.12 8 / 4
2.0.11 8 / 4
2.0.10 8 / 4
2.0.9 8 / 4
2.0.8 8 / 4
2.0.7 8 / 4
2.0.6 8 / 4
2.0.5 8 / 4
2.0.4 8 / 3
2.0.3 8 / 3
2.0.2 8 / 3
2.0.1 8 / 3
2.0.0 8 / 3
1.1.1 2 / 8
1.1.0 2 / 8
1.0.0 2 / 8
5.17.0-react19.1 9 / 4
5.17.0-react19.0 9 / 4
5.17.0-next.0 9 / 4