npmpackage.info

Gathering detailed insights and metrics for @octokit/graphql-schema

@octokit/graphql-schema - 15.26.0 | npmpackage.info

@octokit/graphql-schema

GitHub’s GraphQL Schema with validation. Automatically updated.

15.26.0

188

MIT

JavaScript

7.18 MB

6.5

Installations

npm install @octokit/graphql-schema

Developer Guide

BETA

Typescript

Yes

Module System

ESM

Node Version

22.14.0

NPM Version

10.9.2 Score

Supply Chain

95.7

Quality

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

5

Total

984

Closed

81

Merged

898

Issues

Open

4

Total

32

Closed

28

Releases

496

v15.26.0

Updated on Feb 27, 2025

v15.25.0

Updated on Jul 08, 2024

v15.24.0

Updated on Jul 03, 2024

v15.23.0

Updated on Jun 28, 2024

v15.22.0

Updated on Jun 21, 2024

v15.21.0

Updated on Jun 20, 2024

View All 496 releases

Languages

JavaScript

TypeScript

JavaScript (87.49%)

TypeScript (12.51%)

Developer

octokit

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

MIT License

188 Stars

1,044 Commits

60 Forks

8 Watchers

6 Branches

42 Contributors

Updated on Jul 08, 2025

Maintainers

View All 42 Contributors

Package Meta Information

Latest Version

15.26.0

Package Id

@octokit/graphql-schema@15.26.0

Unpacked Size

7.18 MB

Size

583.47 kB

File Count

NPM Version

10.9.2

Node Version

22.14.0

Published on

Feb 27, 2025

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

graphql graphql-tag

Dev Dependencies

@arethetypeswrong/cli @graphql-codegen/cli @graphql-codegen/typescript @octokit/graphql dotenv execa prettier semantic-release typescript

graphql-schema

GitHub’s GraphQL Schema with validation. Automatically updated.

Usage

Validation

1import { validate } from "@octokit/graphql-schema";
2const errors = validate(`
3{
4  viewer {
5    login
6  }
7}
8`);
9
10// errors is array. Contains errors if any

You can also load the current Schema directly as JSON or IDL.

1import { schema } from "@octokit/graphql-schema";
2schema.json; // JSON version
3schema.idl; // IDL version

Schema as Types

1import { graphql } from "@octokit/graphql";
2import { Repository } from "@octokit/graphql-schema";
3
4const { repository } = await graphql<{ repository: Repository }>(
5  `
6    {
7      repository(owner: "octokit", name: "graphql.js") {
8        issues(last: 3) {
9          edges {
10            node {
11              title
12            }
13          }
14        }
15      }
16    }
17  `,
18  {
19    headers: {
20      authorization: `token secret123`,
21    },
22  },
23);

Local setup

git clone https://github.com/octokit/graphql-schema.git
cd graphql-schema
npm install
npm test

Update schema files (GITHUB_TOKEN requires no scope)

GITHUB_TOKEN=... npm run update

LICENSE

MIT

No vulnerabilities found.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

10

Packaging

Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.

9

Security-Policy

Determines if the project has published a security policy.

9

SAST

Determines if the project uses static code analysis.

9

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

6

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

5

Maintained

Determines if the project is "actively maintained".

3

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 3

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/add_to_octokit_project.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/add_to_octokit_project.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/codeql-analysis.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/immediate-response.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/immediate-response.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-graphql-codegen.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/update-graphql-codegen.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-graphql-codegen.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/update-graphql-codegen.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-graphql-codegen.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/update-graphql-codegen.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-prettier.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/update-prettier.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-prettier.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/update-prettier.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-prettier.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/update-prettier.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/update.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/update.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/update.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/update.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/update.yml/main?enable=pin
Warn: npmCommand not pinned by hash: .github/workflows/test.yml:23
Warn: npmCommand not pinned by hash: .github/workflows/update.yml:18
Info: 1 out of 16 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 5 third-party GitHubAction dependencies pinned
Info: 5 out of 7 npmCommand dependencies pinned

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Fuzzing

Determines if the project uses fuzzing.

Score

6.5

/10

Last Scanned on 2025-07-07

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

@octokit/graphql-schema

Installations

Developer Guide

Yes

ESM

22.14.0

10.9.2

Score

Pull Requests

5

984

81

898

Issues

4

32

28

Releases

Languages

Developer

octokit

Download Statistics

GitHub Statistics

Maintainers

Package Meta Information

Total Downloads

NaN

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Dev Dependencies

graphql-schema

Usage

Validation

Schema as Types

Local setup

See also

LICENSE

10

10

10

10

9

9

9

6

5

3

0

0

0

6.5

/10