Gathering detailed insights and metrics for @octokit/graphql-schema
Gathering detailed insights and metrics for @octokit/graphql-schema
GitHub’s GraphQL Schema with validation. Automatically updated.
Installations
npm install @octokit/graphql-schemaDeveloper Guide
BETA
Typescript
Yes
Module System
ESM
Node Version
22.14.0
NPM Version
10.9.2
Score
94
Supply Chain
95.7
Quality
82.1
Maintenance
100
Vulnerability
100
License
Releases
496
Languages
2
JavaScript
TypeScript
JavaScript (87.49%)
TypeScript (12.51%)
Developer
octokit
Download Statistics
Total Downloads
14,126,965
Last Day
27,955
Last Week
158,897
Last Month
624,624
Last Year
7,030,603
GitHub Statistics
MIT License
185 Stars
1,044 Commits
59 Forks
8 Watchers
4 Branches
43 Contributors
Updated on May 20, 2025
Bundle Size
123.48 kB
Minified
30.58 kB
Minified + Gzipped
Maintainers
4
Package Meta Information
Latest Version
15.26.0
Package Id
@octokit/graphql-schema@15.26.0
Unpacked Size
7.18 MB
Size
583.47 kB
File Count
31
NPM Version
10.9.2
Node Version
22.14.0
Published on
Feb 27, 2025
Total Downloads
Cumulative downloads
Total Downloads
14,126,965
Last Day
-0%
27,955
Compared to previous day
Last Week
8%
158,897
Compared to previous week
Last Month
2.7%
624,624
Compared to previous month
Last Year
37.5%
7,030,603
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
graphql-schema
GitHub’s GraphQL Schema with validation. Automatically updated.
Usage
Validation
1import { validate } from "@octokit/graphql-schema"; 2const errors = validate(` 3{ 4 viewer { 5 login 6 } 7} 8`); 9 10// errors is array. Contains errors if any
You can also load the current Schema directly as JSON or IDL.
1import { schema } from "@octokit/graphql-schema"; 2schema.json; // JSON version 3schema.idl; // IDL version
Schema as Types
1import { graphql } from "@octokit/graphql"; 2import { Repository } from "@octokit/graphql-schema"; 3 4const { repository } = await graphql<{ repository: Repository }>( 5 ` 6 { 7 repository(owner: "octokit", name: "graphql.js") { 8 issues(last: 3) { 9 edges { 10 node { 11 title 12 } 13 } 14 } 15 } 16 } 17 `, 18 { 19 headers: { 20 authorization: `token secret123`, 21 }, 22 }, 23);
Local setup
git clone https://github.com/octokit/graphql-schema.git
cd graphql-schema
npm install
npm test
Update schema files (GITHUB_TOKEN requires no scope)
GITHUB_TOKEN=... npm run update
See also
- octokit/openapi – GitHub's OpenAPI specification with
x-octokitextension - octokit/webhooks – GitHub Webhooks specifications
- octokit/app-permissions – GitHub App permission specifications
LICENSE
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
12 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: MIT License: LICENSE.md:0
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:17
Reason
0 existing vulnerabilities detected
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy
- Info: Found text in security policy: SECURITY.md:1
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 28 commits out of 29 are checked with a SAST tool
Reason
Found 4/6 approved changesets -- score normalized to 6
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/add_to_octokit_project.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/add_to_octokit_project.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/codeql-analysis.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/immediate-response.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/immediate-response.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-graphql-codegen.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/update-graphql-codegen.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-graphql-codegen.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/update-graphql-codegen.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-graphql-codegen.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/update-graphql-codegen.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-prettier.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/update-prettier.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-prettier.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/update-prettier.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-prettier.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/update-prettier.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/update.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/update.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/update.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/update.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/update.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/test.yml:23
- Warn: npmCommand not pinned by hash: .github/workflows/update.yml:18
- Info: 1 out of 16 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 5 third-party GitHubAction dependencies pinned
- Info: 5 out of 7 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:17
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:16
- Warn: no topLevel permission defined: .github/workflows/add_to_octokit_project.yml:1
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/release.yml:11
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Warn: no topLevel permission defined: .github/workflows/update-graphql-codegen.yml:1
- Warn: no topLevel permission defined: .github/workflows/update-prettier.yml:1
- Warn: no topLevel permission defined: .github/workflows/update.yml:1
- Info: no jobLevel write permissions found
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
7.1
/10
Last Scanned on 2025-05-12
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More