gatsby-source-graphql — Greenflagged

Gatsby plugin which adds a third-party GraphQL API to Gatsby GraphQL

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

piehkathmbeckserhalp-netlifymlgualtieri-gatsbyfktylerbarnesdaniellewgatsby

Keywords

gatsbygatsby-plugin

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Publisher change reflects Netlify's acquisition/stewardship of Gatsby; serhalp-netlify has 5596 approved packages and 0 rejections — legitimate organizational transition.	ai	2026/04/24
maintainer-change	maintainer-added	AI (maintainer-change): New maintainers (serhalp-netlify, mlgualtieri-gatsby) are Netlify-affiliated accounts consistent with Gatsby's organizational transition to Netlify stewardship.	ai	2026/04/24
maintainer-change	maintainer-removed	AI (maintainer-change): Removal of legacy Gatsby maintainers is consistent with the known Netlify acquisition of Gatsby; not indicative of a hostile takeover.	ai	2026/04/24
phantom-deps	phantom-dep:@apollo/client	AI (phantom-deps): Legitimate dependency for a GraphQL plugin; used indirectly through plugin functionality.	ai	2026/04/23
phantom-deps	phantom-dep:@babel/runtime	AI (phantom-deps): Framework-scoped package loaded by convention in Babel-transpiled code.	ai	2026/04/23
phantom-deps	phantom-dep:gatsby-core-utils	AI (phantom-deps): Legitimate Gatsby plugin dependency; used indirectly through plugin functionality.	ai	2026/04/23
phantom-deps	phantom-dep:invariant	AI (phantom-deps): Legitimate dependency for a GraphQL plugin; used indirectly through plugin functionality.	ai	2026/04/23
phantom-deps	phantom-dep:@graphql-tools/links	AI (phantom-deps): Legitimate dependency for a GraphQL plugin; used indirectly through plugin functionality.	ai	2026/04/23
phantom-deps	phantom-dep:@graphql-tools/utils	AI (phantom-deps): Legitimate dependency for a GraphQL plugin; used indirectly through plugin functionality.	ai	2026/04/23
bogus-package	bogus-package	AI (bogus-package): Empty index.js is expected for Babel-transpiled monorepo package; mass-production signal is false positive for official Gatsby core team.	ai	2026/04/23
phantom-deps	phantom-dep:@graphql-tools/wrap	AI (phantom-deps): Legitimate dependency for a GraphQL plugin; used indirectly through plugin functionality.	ai	2026/04/23
phantom-deps	phantom-dep:dataloader	AI (phantom-deps): Legitimate dependency for a GraphQL plugin; used indirectly through plugin functionality.	ai	2026/04/23
phantom-deps	phantom-dep:node-fetch	AI (phantom-deps): Legitimate dependency for a GraphQL plugin; used indirectly through plugin functionality.	ai	2026/04/23

Versions (showing 100 of 171)

Hide prereleases

Version	Deps	Published
5.16.0	9 / 4	2026-01-26
5.15.0	9 / 4	2025-08-27
5.14.0	9 / 4	2024-11-06
5.13.1	9 / 4	2024-01-23
5.13.0	9 / 4	2023-12-18
5.12.1	9 / 4	2023-10-26
5.12.0	9 / 4	2023-08-24
5.11.0	9 / 4	2023-06-15
5.10.0	9 / 4	2023-05-16
5.9.0	9 / 4	2023-04-18
5.8.0	9 / 4	2023-03-21
5.7.0	9 / 4	2023-02-21
5.6.0	9 / 4	2023-02-07
5.5.0	9 / 4	2023-01-24
5.4.0	9 / 4	2023-01-10
5.3.1	9 / 4	2022-12-14
5.3.0	9 / 4	2022-12-13
5.2.0	9 / 4	2022-11-25
5.1.0	9 / 4	2022-11-22
5.0.0	9 / 4	2022-11-08
4.25.0	9 / 4	2022-12-07
4.24.0	9 / 4	2022-09-27
4.23.0	9 / 4	2022-09-13
4.22.0	9 / 4	2022-08-30
4.21.0	9 / 4	2022-08-16
4.20.0	9 / 4	2022-08-02
4.19.0	9 / 4	2022-07-19
4.18.1	9 / 4	2022-07-12
4.18.0	9 / 4	2022-07-05
4.17.0	9 / 4	2022-06-21
4.16.0	9 / 4	2022-06-07
4.15.0	9 / 4	2022-05-24
4.14.0	9 / 4	2022-05-10
4.13.0	9 / 4	2022-04-26
4.12.1	9 / 4	2022-04-12
4.12.0	9 / 4	2022-04-12
4.11.1	9 / 4	2022-03-31
4.11.0	9 / 4	2022-03-29
4.10.1	10 / 4	2022-03-23
4.10.0	10 / 4	2022-03-16
4.9.1	10 / 4	2022-03-09
4.9.0	10 / 4	2022-03-01
4.8.2	10 / 4	2022-03-01
4.8.1	10 / 4	2022-02-25
4.8.0	10 / 4	2022-02-22
4.7.0	10 / 4	2022-02-08
4.6.0	10 / 4	2022-01-25
4.5.2	10 / 4	2022-01-17
4.5.1	10 / 4	2022-01-12
4.5.0	10 / 4	2022-01-11
4.4.0	10 / 4	2021-12-14
4.3.0	10 / 4	2021-12-01
4.2.0	10 / 4	2021-11-16
4.1.3	10 / 4	2021-11-15
4.1.2	10 / 4	2021-11-11
4.1.1	10 / 4	2021-11-10
4.1.0	10 / 4	2021-11-02
4.0.0	10 / 4	2021-10-21
3.15.0	10 / 4	2022-12-07
3.14.0	10 / 4	2021-09-17
3.13.0	10 / 4	2021-08-31
3.12.0	10 / 4	2021-08-18
3.11.0	10 / 4	2021-08-04
3.10.0	10 / 4	2021-07-20
3.9.0	10 / 4	2021-07-06
3.8.0	10 / 4	2021-06-22
3.7.1	10 / 4	2021-06-10
3.7.0	10 / 4	2021-06-08
3.6.0	10 / 4	2021-05-25
3.5.0	10 / 4	2021-05-11
3.4.0	10 / 4	2021-04-27
3.3.0	10 / 4	2021-04-13
3.2.0	10 / 4	2021-03-30
3.1.0	10 / 4	2021-03-16
3.0.0	10 / 4	2021-03-02
2.14.0	10 / 4	2021-02-02
2.13.0	10 / 4	2021-01-19
2.12.0	10 / 4	2021-01-05
2.11.0	10 / 4	2020-12-15
2.10.0	10 / 4	2020-12-02
2.9.0	10 / 4	2020-11-19
2.8.0	10 / 4	2020-11-12
2.7.7	10 / 4	2020-11-04
2.7.6	10 / 4	2020-10-06
2.7.5	10 / 4	2020-09-28
2.7.4	11 / 4	2020-09-15
2.7.3	11 / 4	2020-09-08
2.7.2	11 / 4	2020-08-28
2.7.1	11 / 4	2020-08-12
2.7.0	11 / 4	2020-08-06
2.6.2	11 / 4	2020-07-09
2.6.1	11 / 4	2020-07-02
2.6.0	11 / 4	2020-07-02
2.5.9	9 / 4	2020-07-01
2.5.7	9 / 4	2020-06-24
2.5.6	9 / 4	2020-06-22
2.5.5	9 / 4	2020-06-17
2.5.4	9 / 4	2020-06-09
2.5.3	9 / 4	2020-06-02
2.5.2	9 / 4	2020-05-20

Showing 100 of 171 Next page →