@constructive-io/graphql-test
Constructive GraphQL Testing with all plugins loaded
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:dynamic-require | AI (semgrep): Dynamic require loads a known generated index.js path, not user-controlled input; stable pattern for this codegen package. | ai | |
| phantom-deps | phantom-dep:@constructive-io/graphql-env | AI (phantom-deps): Same-org scoped package; phantom-dep heuristic is a false positive here. | ai | |
| phantom-deps | phantom-dep:pg | AI (phantom-deps): pg is a peer/config dep for a DB testing package; not directly imported but legitimately declared. | ai | |
| phantom-deps | phantom-dep:grafast | AI (phantom-deps): grafast is a graphile ecosystem dep used via config, not direct import; stable false positive. | ai | |
| phantom-deps | phantom-dep:graphql | AI (phantom-deps): graphql is a peer dep used transitively; phantom-dep is a false positive for this package type. | ai | |
| phantom-deps | phantom-dep:mock-req | AI (phantom-deps): Testing utility dep; phantom-dep heuristic false positive. | ai | |
| phantom-deps | phantom-dep:postgraphile | AI (phantom-deps): postgraphile used via config/plugin system, not direct import; stable false positive. | ai | |
| phantom-deps | phantom-dep:@pgpmjs/types | AI (phantom-deps): Type-only dep; phantom-dep heuristic is a false positive for type packages. | ai | |
| phantom-deps | phantom-dep:graphile-config | AI (phantom-deps): graphile-config used via plugin/config system; stable false positive. | ai | |
| phantom-deps | phantom-dep:graphile-build-pg | AI (phantom-deps): graphile-build-pg used via plugin system; stable false positive. | ai |
Versions (showing 100 of 196)
| Version | Deps | Published |
|---|---|---|
| 4.21.8 | 17 / 3 | |
| 4.21.7 | 17 / 3 | |
| 4.21.6 | 17 / 3 | |
| 4.21.5 | 17 / 3 | |
| 4.21.4 | 17 / 3 | |
| 4.21.3 | 17 / 3 | |
| 4.21.2 | 17 / 3 | |
| 4.21.1 | 17 / 3 | |
| 4.21.0 | 17 / 3 | |
| 4.20.3 | 17 / 3 | |
| 4.20.2 | 17 / 3 | |
| 4.20.1 | 17 / 3 | |
| 4.20.0 | 17 / 3 | |
| 4.19.7 | 17 / 3 | |
| 4.19.6 | 17 / 3 | |
| 4.19.5 | 17 / 3 | |
| 4.19.4 | 17 / 3 | |
| 4.19.3 | 17 / 3 | |
| 4.19.2 | 17 / 3 | |
| 4.19.1 | 17 / 3 | |
| 4.19.0 | 17 / 3 | |
| 4.18.10 | 17 / 3 | |
| 4.18.9 | 17 / 3 | |
| 4.18.8 | 17 / 3 | |
| 4.18.7 | 17 / 3 | |
| 4.18.6 | 17 / 3 | |
| 4.18.5 | 17 / 3 | |
| 4.18.4 | 17 / 3 | |
| 4.18.3 | 17 / 3 | |
| 4.18.2 | 17 / 3 | |
| 4.18.0 | 17 / 3 | |
| 4.17.7 | 17 / 3 | |
| 4.17.6 | 17 / 3 | |
| 4.17.5 | 17 / 3 | |
| 4.17.4 | 17 / 3 | |
| 4.17.3 | 17 / 3 | |
| 4.17.2 | 17 / 3 | |
| 4.17.1 | 17 / 3 | |
| 4.17.0 | 17 / 3 | |
| 4.16.2 | 17 / 3 | |
| 4.16.1 | 17 / 3 | |
| 4.16.0 | 17 / 3 | |
| 4.15.4 | 17 / 3 | |
| 4.15.3 | 17 / 3 | |
| 4.15.2 | 17 / 3 | |
| 4.15.1 | 17 / 3 | |
| 4.15.0 | 17 / 3 | |
| 4.14.4 | 17 / 3 | |
| 4.14.3 | 17 / 3 | |
| 4.14.2 | 17 / 3 | |
| 4.14.1 | 17 / 3 | |
| 4.14.0 | 17 / 3 | |
| 4.13.1 | 17 / 3 | |
| 4.13.0 | 17 / 3 | |
| 4.12.3 | 17 / 3 | |
| 4.12.2 | 17 / 3 | |
| 4.12.1 | 17 / 3 | |
| 4.12.0 | 17 / 3 | |
| 4.11.8 | 14 / 3 | |
| 4.11.7 | 14 / 3 | |
| 4.11.6 | 14 / 3 | |
| 4.11.5 | 14 / 3 | |
| 4.11.4 | 14 / 3 | |
| 4.11.3 | 14 / 3 | |
| 4.11.2 | 14 / 3 | |
| 4.11.1 | 14 / 3 | |
| 4.11.0 | 14 / 3 | |
| 4.10.2 | 14 / 3 | |
| 4.10.1 | 14 / 3 | |
| 4.10.0 | 14 / 3 | |
| 4.9.16 | 14 / 3 | |
| 4.9.15 | 14 / 3 | |
| 4.9.14 | 14 / 3 | |
| 4.9.13 | 14 / 3 | |
| 4.9.12 | 14 / 3 | |
| 4.9.11 | 14 / 3 | |
| 4.9.10 | 14 / 3 | |
| 4.9.9 | 14 / 3 | |
| 4.9.8 | 14 / 3 | |
| 4.9.7 | 14 / 3 | |
| 4.9.6 | 14 / 3 | |
| 4.9.5 | 14 / 3 | |
| 4.9.4 | 14 / 3 | |
| 4.9.3 | 14 / 3 | |
| 4.9.2 | 14 / 3 | |
| 4.9.1 | 14 / 3 | |
| 4.9.0 | 14 / 3 | |
| 4.8.6 | 14 / 3 | |
| 4.8.5 | 14 / 3 | |
| 4.8.4 | 14 / 3 | |
| 4.8.3 | 14 / 3 | |
| 4.8.1 | 14 / 3 | |
| 4.8.0 | 14 / 3 | |
| 4.7.2 | 14 / 3 | |
| 4.7.1 | 14 / 3 | |
| 4.7.0 | 14 / 3 | |
| 4.6.8 | 14 / 3 | |
| 4.6.7 | 14 / 3 | |
| 4.6.6 | 14 / 3 | |
| 4.6.5 | 14 / 3 |
v4.21.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.21.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.21.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.21.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.21.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.21.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.21.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.21.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.21.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.20.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.20.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.20.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.20.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.18.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.18.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.18.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.18.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.18.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.18.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.18.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.18.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.18.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.18.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.17.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.17.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.17.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.17.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.17.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.17.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.17.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.17.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.16.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.16.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.16.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.15.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.15.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.15.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.15.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.15.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.14.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.14.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.14.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.14.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.14.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.13.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.13.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.12.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.12.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.12.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.11.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.9.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.9.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.9.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.9.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.9.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.9.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.9.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.8.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.8.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.8.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.8.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.8.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.8.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.6.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.6.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.6.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.6.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.