Gathering detailed insights and metrics for @graphql-inspector/core
Gathering detailed insights and metrics for @graphql-inspector/core
🕵️♀️ Validate schema, get schema change notifications, validate operations, find breaking changes, look for similar types, schema coverage
Installations
npm install @graphql-inspector/coreDeveloper Guide
BETA
Typescript
No
Module System
ESM
Min. Node Version
>=18.0.0
Node Version
18.20.5
NPM Version
10.8.2
Releases
93
December 09, 2024
release-1733751254476
Updated on Dec 09, 2024
November 13, 2024
release-1731490071726
Updated on Nov 13, 2024
June 03, 2024
release-1717403590269
Updated on Jun 03, 2024
May 26, 2024
release-1716735735584
Updated on May 26, 2024
May 26, 2024
release-1716727014081
Updated on May 26, 2024
November 29, 2023
release-1701263349990
Updated on Nov 29, 2023
Languages
5
TypeScript
MDX
JavaScript
Dockerfile
CSS
TypeScript (86.23%)
MDX (12.12%)
JavaScript (1.45%)
Dockerfile (0.13%)
CSS (0.08%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
1,712 Stars
2,371 Commits
203 Forks
11 Watchers
98 Branches
78 Contributors
Updated on Jul 03, 2025
Maintainers
3
Package Meta Information
Latest Version
6.2.1
Package Id
@graphql-inspector/core@6.2.1
Unpacked Size
551.09 kB
Size
63.46 kB
File Count
200
NPM Version
10.8.2
Node Version
18.20.5
Published on
Dec 09, 2024
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
3
Peer Dependencies
1
GraphQL Inspector
GraphQL Inspector outputs a list of changes between two GraphQL schemas. Every change is precisely explained and marked as breaking, non-breaking or dangerous. It helps you validate documents and fragments against a schema and even find similar or duplicated types.
Features
Major features:
- Compares schemas
- Finds breaking or dangerous changes
- Validates documents against a schema
- Finds similar / duplicated types
- Schema coverage based on documents
- Serves a GraphQL server with faked data and GraphQL Playground
GraphQL Inspector has a CLI and also a programmatic API, so you can use it however you want to and even build tools on top of it.
Installation
1pnpm add @graphql-inspector/core
Examples
1import { 2 diff, 3 validate, 4 similar, 5 coverage, 6 Change, 7 InvalidDocument, 8 SimilarMap, 9 SchemaCoverage 10} from '@graphql-inspector/core' 11 12// diff 13const changes: Change[] = diff(schemaA, schemaB) 14// validate 15const invalid: InvalidDocument[] = validate(documentsGlob, schema) 16// similar 17const similar: SimilarMap = similar(schema, typename, threshold) 18// coverage 19const schemaCoverage: SchemaCoverage = coverage(schema, documents) 20// ...
License
MIT © Kamil Kisiela
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/docker.yml:11
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'allow deletion' disabled on branch 'master'
- Info: 'force pushes' disabled on branch 'master'
- Warn: 'branch protection settings apply to administrators' is disabled on branch 'master'
- Warn: 'stale review dismissal' is disabled on branch 'master'
- Warn: required approving review count is 1 on branch 'master'
- Warn: codeowners review is not required on branch 'master'
- Warn: 'last push approval' is disabled on branch 'master'
- Warn: no status checks found to merge onto branch 'master'
- Info: PRs are required in order to make changes on branch 'master'
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-hive/graphql-inspector/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-hive/graphql-inspector/pr.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-hive/graphql-inspector/pr.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-hive/graphql-inspector/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/website.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-hive/graphql-inspector/website.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/website.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-hive/graphql-inspector/website.yml/master?enable=pin
- Warn: containerImage not pinned by hash: Dockerfile:1
- Warn: containerImage not pinned by hash: Dockerfile:13
- Warn: npmCommand not pinned by hash: Dockerfile:9
- Warn: npmCommand not pinned by hash: Dockerfile:24
- Info: 5 out of 6 GitHub-owned GitHubAction dependencies pinned
- Info: 4 out of 9 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 containerImage dependencies pinned
- Info: 0 out of 2 npmCommand dependencies pinned
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
Found 1/20 approved changesets -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/actions.yml:1
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/docker.yml:1
- Warn: no topLevel permission defined: .github/workflows/pr.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Warn: no topLevel permission defined: .github/workflows/website.yml:1
- Info: no jobLevel write permissions found
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 11 are checked with a SAST tool
Reason
10 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-f7f6-9jq7-3rqj
- Warn: Project is vulnerable to: GHSA-3h52-269p-cp9r
- Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6
- Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59
- Warn: Project is vulnerable to: GHSA-x574-m823-4x7w
- Warn: Project is vulnerable to: GHSA-4r4m-qw57-chr8
- Warn: Project is vulnerable to: GHSA-xcj6-pq6g-qj4x
- Warn: Project is vulnerable to: GHSA-356w-63v5-8wf4
- Warn: Project is vulnerable to: GHSA-859w-5945-r5v3
Score
3.6
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More