Gathering detailed insights and metrics for @apollo/subgraph
Gathering detailed insights and metrics for @apollo/subgraph
🌐 Build and scale a single data graph across multiple services with Apollo's federation gateway.
Installations
npm install @apollo/subgraphReleases
471
@apollo/subgraph@2.10.0-alpha.3
@apollo/subgraph@2.10.0-alpha.3
Published on 07 Nov 2024
@apollo/query-planner@2.10.0-alpha.3
@apollo/query-planner@2.10.0-alpha.3
Published on 07 Nov 2024
@apollo/query-graphs@2.10.0-alpha.3
@apollo/query-graphs@2.10.0-alpha.3
Published on 07 Nov 2024
@apollo/gateway@2.10.0-alpha.3
@apollo/gateway@2.10.0-alpha.3
Published on 07 Nov 2024
@apollo/federation-internals@2.10.0-alpha.3
@apollo/federation-internals@2.10.0-alpha.3
Published on 07 Nov 2024
@apollo/composition@2.10.0-alpha.3
@apollo/composition@2.10.0-alpha.3
Published on 07 Nov 2024
Developer
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
>=14.15.0
Typescript Support
Yes
Node Version
16.20.2
NPM Version
8.19.4
Statistics
669 Stars
3,681 Commits
254 Forks
42 Watching
70 Branches
168 Contributors
Updated on 27 Nov 2024
Bundle Size
369.24 kB
Minified
93.41 kB
Minified + Gzipped
Languages
TypeScript (94.9%)
Gherkin (4.83%)
JavaScript (0.15%)
Shell (0.12%)
Total Downloads
Cumulative downloads
Total Downloads
61,045,677
Last day
-9.4%
84,505
Compared to previous day
Last week
1.3%
473,261
Compared to previous week
Last month
0.5%
2,050,383
Compared to previous month
Last year
-8.2%
23,855,176
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Peer Dependencies
1
Versions
Announcement:
Join 1000+ engineers at GraphQL Summit for talks, workshops, and office hours, Oct 8-10 in NYC. Get your pass here ->
Apollo Federation
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Each team can own their slice of the graph independently, empowering them to deliver autonomously and incrementally.
Federation 2 is an evolution of the original Apollo Federation with an improved shared ownership model, enhanced type merging, and cleaner syntax for a smoother developer experience. It’s backwards compatible, requiring no major changes to your subgraphs.
Checkout the Federation 2 docs and demo repo to take it for a spin and let us know what you think!
For Federation 1, see the docs and code.
Checkout the project roadmap to see what's coming next!
Contributing
If this project seems like something to which you want to contribute, first off thank you. We are so excited that you are excited about this project and we want to make sure contributing is a safe, fun, and fruitful experience for you. Please read our code of conduct and then head on over to the contributing guide to learn how to work on this project.
If you ever have any problems, questions, or ideas, the maintainers of this project are available to help. Please open an issue for assistance!
Current branches
- Federation 2 is the current
mainbranch. Installinglatestfrom npm is the most recent published code frommain. - Prior releases are located under the
version-0.xbranch. This comprises all 0.x packages previously released. Installinglatest-1from npm is the most recent published code fromversion-0.x.
Who is Apollo?
Apollo builds open-source tools and commercial services to make application development easier, better, and accessible to more people. We help you ship faster with:
- GraphOS - The platform for building, managing, and scaling a supergraph: a unified network of your organization's microservices and their data sources—all composed into a single distributed API.
- Apollo Federation – The industry-standard open architecture for building a distributed graph. Use Apollo’s gateway to compose a unified graph from multiple subgraphs, determine a query plan, and route requests across your services.
- Apollo Client – The most popular GraphQL client for the web. Apollo also builds and maintains Apollo iOS and Apollo Kotlin.
- Apollo Server – A production-ready JavaScript GraphQL server that connects to any microservice, API, or database. Compatible with all popular JavaScript frameworks and deployable in serverless environments.
Learn how to build with Apollo
Check out the Odyssey learning platform, the perfect place to start your GraphQL journey with videos and interactive code challenges. Join the Apollo Community to interact with and get technical help from the GraphQL community.
Licensing
Source code in this repository is covered by (i) the Elastic License 2.0 or (ii) an MIT compatible license, in each case, as designated by a licensing file in a subdirectory or file header. The default throughout the repository is a license under the Elastic License 2.0, unless a file header or a licensing file in a subdirectory specifies another license.
No vulnerabilities found.
Reason
30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Reason
all changesets reviewed
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/apollographql/.github/SECURITY.md:1
- Info: Found linked content: github.com/apollographql/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/apollographql/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/apollographql/.github/SECURITY.md:1
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/apollographql/federation/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/apollographql/federation/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/apollographql/federation/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/apollographql/federation/release.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/release.yml:28
- Info: 0 out of 3 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Reason
11 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-f6v4-cf5j-vf3w
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
5.5
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More