graphiql
An graphical interactive in-browser GraphQL IDE.
27
Versions
MIT
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
benjiemjmahoneleebyroni1gacaofbwincentkassensortaasiandrummerthomasheyenbrockags-
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:markdown-it | AI (dependencies): markdown-it is a well-known, widely-used Markdown parser with a long history and millions of weekly downloads. Its use in graphiql for rendering descriptions is legitimate and expected. | ai | |
| provenance | no-provenance | AI (provenance): graphiql is a long-established, high-trust package under the official graphql org; lack of Sigstore provenance is not a meaningful risk signal here. | ai | |
| phantom-deps | phantom-dep:markdown-it | AI (phantom-deps): markdown-it is a declared runtime dep used in the bundled output; phantom-dep flag reflects monorepo build structure, not a security issue. | ai | |
| phantom-deps | phantom-dep:graphql-language-service | AI (phantom-deps): graphql-language-service is a declared runtime dep in this monorepo package; phantom-dep flag is a build artifact, not a security concern. | ai |
Versions (showing 27 of 227)
| Version | Deps | Published |
|---|---|---|
| 0.7.2 | 3 / 23 | |
| 0.7.1 | 3 / 23 | |
| 0.7.0 | 3 / 23 | |
| 0.6.6 | 3 / 23 | |
| 0.6.5 | 3 / 23 | |
| 0.6.4 | 3 / 23 | |
| 0.6.3 | 3 / 23 | |
| 0.6.2 | 3 / 22 | |
| 0.6.1 | 3 / 17 | |
| 0.6.0 | 3 / 17 | |
| 0.5.0 | 3 / 17 | |
| 0.4.5 | 3 / 17 | |
| 0.4.4 | 3 / 17 | |
| 0.4.3 | 3 / 17 | |
| 0.4.2 | 3 / 17 | |
| 0.4.1 | 3 / 17 | |
| 0.4.0 | 3 / 17 | |
| 0.3.1 | 3 / 16 | |
| 0.3.0 | 3 / 16 | |
| 0.2.4 | 3 / 16 | |
| 0.2.3 | 3 / 16 | |
| 0.2.0 | 3 / 16 | |
| 0.1.4 | 3 / 16 | |
| 0.1.3 | 4 / 16 | |
| 0.1.2 | 4 / 16 | |
| 0.1.1 | 3 / 16 | |
| 0.1.0 | 4 / 15 |