npmpackage.info

Gathering detailed insights and metrics for @octokit/graphql-schema

@octokit/graphql-schema

GitHub’s GraphQL Schema with validation. Automatically updated.

15.25.0

178

MIT

JavaScript

10,740,666 7.4

Installations

npm install @octokit/graphql-schema

Score

63.6

Supply Chain

95.7

Quality

89.7

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

2

Total

957

Closed

81

Merged

874

Issues

Open

5

Total

32

Closed

27

Releases

495

v15.25.0

Published on 08 Jul 2024

v15.24.0

Published on 03 Jul 2024

v15.23.0

Published on 28 Jun 2024

v15.22.0

Published on 21 Jun 2024

v15.21.0

Published on 20 Jun 2024

v15.20.0

Published on 14 Jun 2024

View all 495 releases

Developer

octokit

Developer Guide

BETA

Module System

ESM

Min. Node Version

Typescript Support

Yes

Node Version

20.15.0

NPM Version

10.8.1 Statistics

178 Stars

1,019 Commits

61 Forks

9 Watching

2 Branches

45 Contributors

Updated on 26 Nov 2024

Languages

JavaScript (87.49%)

TypeScript (12.51%)

Total Downloads

Cumulative downloads

Total Downloads

10,740,666

Last day

-0.9%

25,011

Compared to previous day

Last week

1.7%

145,498

Compared to previous week

Last month

12.4%

577,755

Compared to previous month

Last year

79.5%

6,158,969

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

graphql graphql-tag

Dev Dependencies

@graphql-codegen/cli @graphql-codegen/typescript @octokit/graphql dotenv execa prettier semantic-release typescript

Versions

graphql-schema

GitHub’s GraphQL Schema with validation. Automatically updated.

Usage

Validation

1const { validate } = require("@octokit/graphql-schema");
2const errors = validate(`
3{
4  viewer {
5    login
6  }
7}
8`);
9
10// errors is array. Contains errors if any

You can also load the current Schema directly as JSON or IDL.

1const { schema } = require("@octokit/graphql-schema");
2schema.json; // JSON version
3schema.idl; // IDL version

Schema as Types

1import { graphql } from "@octokit/graphql";
2import { Repository } from "@octokit/graphql-schema";
3
4const { repository } = await graphql<{ repository: Repository }>(
5  `
6    {
7      repository(owner: "octokit", name: "graphql.js") {
8        issues(last: 3) {
9          edges {
10            node {
11              title
12            }
13          }
14        }
15      }
16    }
17  `,
18  {
19    headers: {
20      authorization: `token secret123`,
21    },
22  },
23);

Local setup

git clone https://github.com/octokit/graphql-schema.git
cd graphql-schema
npm install
npm test

Update schema files (GITHUB_TOKEN requires no scope)

GITHUB_TOKEN=... npm run update

LICENSE

MIT

No vulnerabilities found.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Maintained

Determines if the project is "actively maintained".

10

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

10

Packaging

Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.

9

Security-Policy

Determines if the project has published a security policy.

9

SAST

Determines if the project uses static code analysis.

9

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

3

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 3

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/add_to_octokit_project.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/add_to_octokit_project.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/codeql-analysis.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/immediate-response.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/immediate-response.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-graphql-codegen.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/update-graphql-codegen.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-graphql-codegen.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/update-graphql-codegen.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-graphql-codegen.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/update-graphql-codegen.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-prettier.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/update-prettier.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-prettier.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/update-prettier.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-prettier.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/update-prettier.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/update.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/update.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/update.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/graphql-schema/update.yml/main?enable=pin
Warn: npmCommand not pinned by hash: .github/workflows/test.yml:23
Warn: npmCommand not pinned by hash: .github/workflows/update.yml:18
Info: 1 out of 15 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 5 third-party GitHubAction dependencies pinned
Info: 5 out of 7 npmCommand dependencies pinned

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

Score

7.4

/10

Last Scanned on 2024-11-18

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

@octokit/graphql-schema

Installations

Score

Pull Requests

2

957

81

874

Issues

5

32

27

Releases

Developer

octokit

Developer Guide

ESM

Yes

20.15.0

10.8.1

Statistics

Languages

Total Downloads

10,740,666

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Dev Dependencies

graphql-schema

Usage

Validation

Schema as Types

Local setup

See also

LICENSE

10

10

10

10

10

10

9

9

9

3

0

0

0

7.4

/10