graphql-language-service

The official, runtime independent Language Service for GraphQL

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

benjiemjmahoneleebyroni1gacaoschicklingfbwincentkassensortaasiandrummerlostplanmgaddaags-

Keywords

graphqllanguage serviceLSP

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Migration to GitHub Actions CI/CD publishing with SLSA provenance; expected for this project.	ai	2026/05/11
phantom-deps	phantom-dep:debounce-promise	AI (phantom-deps): Declared but referenced in config only; stable false positive for this package.	ai	2026/05/11

Versions (showing 100 of 160)

Hide prereleases

Version	Deps	Published
5.5.1	3 / 11	2026-05-11
5.5.0	3 / 11	2025-07-17
5.4.0	3 / 11	2025-06-04
5.3.1	3 / 11	2025-04-26
5.3.0	3 / 11	2024-08-13
5.2.2	3 / 11	2024-08-01
5.2.1	2 / 10	2024-05-31
5.2.0	2 / 10	2023-09-17
5.1.7	2 / 10	2023-06-24
5.1.6	2 / 10	2023-05-11
5.1.5	2 / 10	2023-05-08
5.1.4	2 / 10	2023-05-03
5.1.3	2 / 10	2023-03-26
5.1.2	2 / 10	2023-03-02
5.1.1	2 / 10	2023-01-18
5.1.0	2 / 10	2022-08-24
5.0.6	2 / 10	2022-06-15
5.0.5	2 / 10	2022-06-09
5.0.4	2 / 10	2022-04-26
5.0.3	2 / 10	2022-04-14
5.0.2	2 / 10	2022-04-11
5.0.1	3 / 9	2022-03-23
5.0.0	3 / 9	2022-03-11
4.1.5	4 / 2	2022-02-18
4.1.4	4 / 2	2021-12-09
4.1.3	4 / 2	2021-12-07
4.1.2	5 / 2	2021-12-07
4.1.1	5 / 2	2021-12-06
4.1.0	5 / 2	2021-12-06
4.0.0	5 / 2	2021-12-06
3.2.5	4 / 1	2021-12-01
3.2.4	4 / 1	2021-11-26
3.2.3	4 / 1	2021-11-24
3.2.2	4 / 1	2021-11-24
3.2.1	4 / 1	2021-11-09
3.2.0	4 / 1	2021-11-07
3.1.6	4 / 1	2021-10-29
3.1.5	2 / 1	2021-10-28
3.1.4	2 / 1	2021-05-26
3.1.3	2 / 0	2021-04-10
3.1.2	2 / 0	2021-01-07
3.1.1	2 / 0	2021-01-07
3.1.0	2 / 0	2021-01-07
3.0.6	2 / 0	2021-01-03
3.0.5	2 / 0	2020-12-28
3.0.4	2 / 1	2020-12-08
3.0.3	2 / 1	2020-11-28
3.0.2	2 / 1	2020-09-18
3.0.1	2 / 1	2020-08-06
3.0.0	2 / 1	2020-06-11
2.3.4	6 / 0	2019-12-09
2.3.3	6 / 0	2019-12-09
2.3.2	6 / 0	2019-12-03
2.3.1	6 / 0	2019-11-26
2.3.0	6 / 0	2019-10-04
2.1.0	6 / 0	2019-08-18
2.0.0	6 / 0	2018-09-18
1.3.2	6 / 0	2018-09-06
1.2.2	6 / 0	2018-06-11
1.2.0	6 / 0	2018-06-04
1.1.2	6 / 0	2018-04-19
1.1.1	6 / 0	2018-04-18
1.1.0	6 / 0	2018-04-09
1.0.18	6 / 0	2018-01-04
1.0.16	6 / 0	2017-11-21
1.0.15	6 / 0	2017-10-02
0.1.14	6 / 0	2017-09-29
0.1.13	7 / 0	2017-08-24
0.1.12	7 / 0	2017-08-21
0.1.11	7 / 0	2017-08-20
0.1.10	7 / 0	2017-08-19
0.1.9	6 / 0	2017-08-18
0.1.8	6 / 0	2017-08-18
0.1.7	6 / 1	2017-08-16
0.1.6	6 / 1	2017-08-15
0.1.5	6 / 1	2017-08-14
0.0.42	13 / 33	2017-08-07
0.0.41	13 / 33	2017-08-07
0.0.40	13 / 33	2017-07-21
0.0.39	13 / 33	2017-07-19
0.0.38	13 / 33	2017-07-17
0.0.37	13 / 33	2017-07-17
0.0.36	13 / 33	2017-07-14
0.0.35	13 / 33	2017-07-10
0.0.34	13 / 33	2017-07-07
0.0.33	13 / 33	2017-07-03
0.0.32	13 / 33	2017-06-30
0.0.31	13 / 33	2017-06-30
0.0.30	13 / 33	2017-06-26
0.0.29	13 / 33	2017-06-25
0.0.28	13 / 33	2017-06-23
0.0.27	13 / 33	2017-06-23
0.0.26	13 / 33	2017-06-11
0.0.25	13 / 33	2017-06-06
0.0.24	13 / 33	2017-06-06
0.0.23	13 / 33	2017-06-01
0.0.22	13 / 33	2017-05-26
0.0.21	13 / 33	2017-05-26
0.0.20	13 / 33	2017-05-26
0.0.19	13 / 33	2017-05-18

Showing 100 of 160 Next page →

v5.5.1

2 findings

HIGH Publisher changed: acao → GitHub Actions (on 2026-05-11) provenance

This version was published by a different npm account than previous versions on 2026-05-11. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.