graphile-test
PostGraphile Testing
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@launchql/env | AI (phantom-deps): Config-only reference pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@launchql/types | AI (phantom-deps): @launchql/types is a declared runtime dep from the same org; phantom-dep false positive for this package. | ai | |
| phantom-deps | phantom-dep:mock-req | AI (phantom-deps): Declared in deps; likely used transitively or in test helpers, not a security concern. | ai | |
| phantom-deps | phantom-dep:@pgpmjs/types | AI (phantom-deps): Types-only package; phantom-dep false positive common for type-only imports. | ai | |
| phantom-deps | phantom-dep:@constructive-io/graphql-env | AI (phantom-deps): Internal org package; likely re-exported or used indirectly, stable false positive. | ai | |
| phantom-deps | phantom-dep:@constructive-io/graphql-types | AI (phantom-deps): Internal org types package; phantom-dep heuristic unreliable for type-only usage. | ai |
Versions (showing 70 of 170)
| Version | Deps | Published |
|---|---|---|
| 2.11.34 | 8 / 3 | |
| 2.11.33 | 8 / 3 | |
| 2.11.32 | 8 / 3 | |
| 2.11.31 | 8 / 3 | |
| 2.11.30 | 8 / 3 | |
| 2.11.29 | 8 / 3 | |
| 2.11.28 | 8 / 3 | |
| 2.11.27 | 8 / 3 | |
| 2.11.26 | 8 / 3 | |
| 2.11.25 | 8 / 3 | |
| 2.11.24 | 8 / 3 | |
| 2.11.23 | 8 / 3 | |
| 2.11.22 | 8 / 3 | |
| 2.11.21 | 8 / 3 | |
| 2.11.20 | 8 / 3 | |
| 2.11.19 | 8 / 3 | |
| 2.11.18 | 8 / 3 | |
| 2.11.17 | 8 / 3 | |
| 2.11.16 | 8 / 3 | |
| 2.11.15 | 8 / 3 | |
| 2.11.14 | 8 / 3 | |
| 2.11.13 | 8 / 3 | |
| 2.11.12 | 8 / 3 | |
| 2.11.11 | 8 / 3 | |
| 2.11.10 | 8 / 3 | |
| 2.11.9 | 8 / 3 | |
| 2.11.8 | 8 / 3 | |
| 2.11.7 | 8 / 3 | |
| 2.11.6 | 8 / 3 | |
| 2.11.5 | 8 / 3 | |
| 2.11.3 | 8 / 3 | |
| 2.11.2 | 8 / 3 | |
| 2.11.1 | 8 / 3 | |
| 2.11.0 | 8 / 3 | |
| 2.10.0 | 6 / 3 | |
| 2.9.3 | 6 / 3 | |
| 2.9.2 | 6 / 3 | |
| 2.9.1 | 6 / 3 | |
| 2.9.0 | 6 / 3 | |
| 2.8.13 | 6 / 3 | |
| 2.8.12 | 6 / 3 | |
| 2.8.11 | 6 / 3 | |
| 2.8.10 | 6 / 3 | |
| 2.8.9 | 6 / 3 | |
| 2.8.8 | 6 / 3 | |
| 2.8.7 | 6 / 3 | |
| 2.8.6 | 6 / 3 | |
| 2.8.5 | 6 / 3 | |
| 2.8.4 | 6 / 2 | |
| 2.8.3 | 6 / 2 | |
| 2.8.1 | 6 / 2 | |
| 2.8.0 | 6 / 2 | |
| 2.7.2 | 7 / 2 | |
| 2.7.1 | 7 / 2 | |
| 2.7.0 | 7 / 2 | |
| 2.6.5 | 7 / 2 | |
| 2.6.4 | 7 / 2 | |
| 2.6.3 | 7 / 2 | |
| 2.6.2 | 7 / 2 | |
| 2.6.1 | 7 / 2 | |
| 2.6.0 | 7 / 2 | |
| 2.5.10 | 7 / 2 | |
| 2.5.9 | 7 / 2 | |
| 2.5.8 | 7 / 2 | |
| 2.5.7 | 7 / 2 | |
| 2.5.6 | 7 / 2 | |
| 2.5.5 | 7 / 2 | |
| 2.5.4 | 6 / 2 | |
| 2.5.3 | 6 / 2 | |
| 2.5.2 | 6 / 2 |
v2.11.34
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.11.33
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.11.32
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.11.31
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.11.30
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.11.29
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.11.28
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.11.27
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.11.26
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.11.25
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.11.24
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.11.23
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.11.22
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.11.21
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.11.20
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.11.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.11.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.11.17
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.11.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.11.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.11.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.11.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.11.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.11.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.11.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.11.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.11.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.11.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.11.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.11.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.11.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.11.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.11.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.11.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.10.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.9.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.9.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.9.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.9.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.8.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.8.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.8.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.8.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.8.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.8.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.8.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.8.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.8.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.8.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.8.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.8.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.8.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.7.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.7.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.7.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.6.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.6.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.6.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.6.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.6.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.6.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.