@gapi/voyager
##### Original Voyager module you can find here [VoyagerGraphql](https://github.com/APIs-guru/graphql-voyager)
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | dormant-publish | AI (publish-pattern): Publisher has 181 approved / 0 rejected packages; no material changes in this version; low-risk wrapper package. | ai | |
| provenance | no-provenance | AI (provenance): Established package with 583 versions; lack of provenance is consistent across its history and not a risk signal here. | ai |
Versions (showing 39 of 39)
| Version | Deps | Published |
|---|---|---|
| 1.8.228 | 1 / 4 | |
| 1.8.227 | 1 / 4 | |
| 1.8.226 | 1 / 4 | |
| 1.8.225 | 1 / 4 | |
| 1.8.224 | 1 / 4 | |
| 1.8.223 | 1 / 4 | |
| 1.8.222 | 1 / 4 | |
| 1.8.220 | 1 / 4 | |
| 1.8.219 | 1 / 4 | |
| 1.8.218 | 1 / 4 | |
| 1.8.217 | 1 / 4 | |
| 1.8.216 | 1 / 4 | |
| 1.8.215 | 1 / 4 | |
| 1.8.212 | 1 / 4 | |
| 1.8.211 | 1 / 4 | |
| 1.8.208 | 1 / 4 | |
| 1.8.207 | 1 / 4 | |
| 1.8.205 | 1 / 4 | |
| 1.8.203 | 1 / 4 | |
| 1.8.202 | 1 / 4 | |
| 1.8.201 | 1 / 4 | |
| 1.8.199 | 1 / 4 | |
| 1.8.195 | 1 / 4 | |
| 1.8.194 | 1 / 4 | |
| 1.8.193 | 1 / 4 | |
| 1.8.192 | 1 / 4 | |
| 1.8.191 | 1 / 4 | |
| 1.8.190 | 1 / 4 | |
| 1.8.189 | 1 / 4 | |
| 1.8.187 | 1 / 4 | |
| 1.8.186 | 1 / 4 | |
| 1.8.185 | 1 / 4 | |
| 1.8.183 | 1 / 4 | |
| 1.8.179 | 1 / 4 | |
| 1.8.176 | 1 / 4 | |
| 1.8.168 | 1 / 4 | |
| 1.8.160 | 1 / 4 | |
| 1.8.159 | 1 / 4 | |
| 1.8.153 | 1 / 4 |
v1.8.228
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.227
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.226
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.225
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.224
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.223
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.222
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.220
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.219
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.218
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.216
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.215
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.212
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.211
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.208
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.207
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.205
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.203
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.202
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.201
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.199
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.195
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.194
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.193
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.192
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.191
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.190
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.189
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.187
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.186
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.185
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.183
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.179
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.176
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.168
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.160
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.159
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.153
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.