Gathering detailed insights and metrics for @apollo/usage-reporting-protobuf
Gathering detailed insights and metrics for @apollo/usage-reporting-protobuf
🌍 Spec-compliant and production ready JavaScript GraphQL server that lets you develop in a schema-first way. Built for Express, Connect, Hapi, Koa, and more.
Installations
npm install @apollo/usage-reporting-protobufDeveloper Guide
BETA
Typescript
Yes
Module System
ESM
Node Version
18.16.1
NPM Version
9.5.1
Releases
164
@apollo/server-gateway-interface@2.0.0
@apollo/server-gateway-interface@2.0.0
Updated on Jul 17, 2025
@apollo/server@5.0.0
@apollo/server@5.0.0
Updated on Jul 17, 2025
@apollo/server-plugin-response-cache@5.0.0
@apollo/server-plugin-response-cache@5.0.0
Updated on Jul 17, 2025
@apollo/server-integration-testsuite@5.0.0
@apollo/server-integration-testsuite@5.0.0
Updated on Jul 17, 2025
@apollo/server-plugin-response-cache@5.0.0-rc.0
@apollo/server-plugin-response-cache@5.0.0-rc.0
Updated on Jul 07, 2025
@apollo/server-gateway-interface@2.0.0-rc.0
@apollo/server-gateway-interface@2.0.0-rc.0
Updated on Jul 07, 2025
Languages
3
TypeScript
JavaScript
Shell
TypeScript (55.97%)
JavaScript (43.63%)
Shell (0.39%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
13,894 Stars
8,515 Commits
2,024 Forks
199 Watchers
86 Branches
576 Contributors
Updated on Jul 18, 2025
Maintainers
4
Package Meta Information
Latest Version
4.1.1
Package Id
@apollo/usage-reporting-protobuf@4.1.1
Unpacked Size
0.97 MB
Size
80.38 kB
File Count
10
NPM Version
9.5.1
Node Version
18.16.1
Published on
Jun 26, 2023
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
apollo-reporting-protobuf
Note: The Apollo usage reporting API is subject to change. We strongly encourage developers to contact Apollo support at
support@apollographql.comto discuss their use case prior to building their own reporting agent using this module.
This module provides JavaScript/TypeScript
Protocol buffer definitions
for the Apollo usage reporting API. These definitions are generated for
consumption from the reports.proto file which is defined internally within
Apollo.
Development
Note: Due to a dependency on Unix tools (e.g.
bash,grep, etc.), the development of this module requires a Unix system. There is no reason why this can't be avoided, the time just hasn't been taken to make those changes. We'd happily accept a PR which makes the appropriate changes!
Currently, this package generates a majority of its code with
@apollo/protobufjs (a fork of
protobufjs that we maintain
specifically for this package) based on the reports.proto file. The output is
generated with the generate npm script.
The root of the repository provides some devDependencies necessary to build
these definitions; these will be installed by running npm install at the root
of this workspace. When making changes to this module, run scripts via npm run SCRIPTNAME -w @apollo/usage-reporting-protobuf in the root of this monorepo in
order to update the definitions in this module. The -w flag is shorthand for
--workspace; this monorepo leverages NPM workspaces to manage its packages.
To update reports.proto to the current version recognized by the Studio usage
reporting ingress, run npm run update-proto -w @apollo/usage-reporting-protobuf. To then regenerate the JS and TS files, run
npm run generate -w @apollo/usage-reporting-protobuf. We check in the
generated code and only regenerate it manually, partially to make builds faster
(no need to run pbjs on every npm install) and partially so that we don't have
to make sure that pbjs runs on every Node version that we support.
No vulnerabilities found.
Reason
30 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/apollographql/.github/SECURITY.md:1
- Info: Found linked content: github.com/apollographql/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/apollographql/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/apollographql/.github/SECURITY.md:1
Reason
no binaries found in the repo
Reason
8 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-hhhv-q57g-882q
- Warn: Project is vulnerable to: GHSA-q674-xm3x-2926
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Reason
Found 4/22 approved changesets -- score normalized to 1
Reason
dependency not pinned by hash detected -- score normalized to 1
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/lock.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/apollographql/apollo-server/lock.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-pr.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/apollographql/apollo-server/release-pr.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-pr.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/apollographql/apollo-server/release-pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-pr.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/apollographql/apollo-server/release-pr.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-pr.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/apollographql/apollo-server/release-pr.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: smoke-test/prepare.sh:17
- Warn: npmCommand not pinned by hash: smoke-test/prepare.sh:22
- Warn: npmCommand not pinned by hash: smoke-test/prepare.sh:26
- Warn: npmCommand not pinned by hash: smoke-test/smoke-test.sh:68
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 3 third-party GitHubAction dependencies pinned
- Info: 1 out of 5 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: found token with 'none' permissions: .github/workflows/lock.yml:1
- Warn: no topLevel permission defined: .github/workflows/release-pr.yml:1
- Info: no jobLevel write permissions found
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Score
4.9
/10
Last Scanned on 2025-07-14
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More