altair-graphql-core MIT 19 versions

altair-graphql-core

npm Repository Homepage

Several of the core logic for altair graphql client

19

Versions

MIT

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

imolorhe

Keywords

altairgraphql

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
email-domain	unclaimed-email:sirmuel.design	AI (email-domain): Author's personal domain used consistently across 188 versions; no evidence of hijack or impersonation.	ai	2026/06/08
publish-pattern	rapid-publish	AI (publish-pattern): Automated CI/CD publishing via GitHub Actions; rapid successive publishes are expected for this package.	ai	2026/06/07
semgrep	semgrep:child-process-import	AI (semgrep): child_process used only in build script (scripts/build.js), not in runtime package code.	ai	2026/04/29
phantom-deps	phantom-dep:apollo-link	AI (phantom-deps): apollo-link is a declared runtime dep used transitively; phantom-dep heuristic is a false positive here.	ai	2026/04/29
phantom-deps	phantom-dep:apollo-link-http	AI (phantom-deps): apollo-link-http is a declared runtime dep; phantom-dep heuristic is a false positive here.	ai	2026/04/29
phantom-deps	phantom-dep:apollo-cache-inmemory	AI (phantom-deps): apollo-cache-inmemory is a declared runtime dep; phantom-dep heuristic is a false positive here.	ai	2026/04/29

Versions (showing 19 of 19)

Version	Deps	Published
8.5.7	27 / 28	2026-06-06
8.5.6	27 / 28	2026-06-06
8.5.5	27 / 28	2026-06-04
8.5.4	27 / 28	2026-06-03
8.5.3	27 / 28	2026-05-24
8.5.2	27 / 27	2026-03-08
8.5.1	27 / 27	2025-12-24
8.5.0	27 / 27	2025-12-20
8.4.4	26 / 31	2025-12-13
8.4.3	26 / 31	2025-12-11
8.4.2	26 / 31	2025-12-10
8.4.1	26 / 31	2025-10-28
8.4.0	26 / 31	2025-10-18
8.3.0	26 / 30	2025-10-04
8.2.8	26 / 30	2025-09-24
8.2.7	26 / 30	2025-08-17
8.2.5	25 / 29	2025-05-29
8.2.4	25 / 29	2025-05-28
8.2.3	25 / 29	2025-05-27

v8.5.7

2 findings

HIGH Unclaimed maintainer email domain: sirmuel.design email-domain

Maintainer email '[email protected]' uses domain 'sirmuel.design' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.5.6

2 findings

HIGH Unclaimed maintainer email domain: sirmuel.design email-domain

Maintainer email '[email protected]' uses domain 'sirmuel.design' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.5.5

2 findings

HIGH Unclaimed maintainer email domain: sirmuel.design email-domain

Maintainer email '[email protected]' uses domain 'sirmuel.design' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.5.4

2 findings

HIGH Unclaimed maintainer email domain: sirmuel.design email-domain

Maintainer email '[email protected]' uses domain 'sirmuel.design' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.5.3

2 findings

HIGH Unclaimed maintainer email domain: sirmuel.design email-domain

Maintainer email '[email protected]' uses domain 'sirmuel.design' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.5.1

2 findings

HIGH Unclaimed maintainer email domain: sirmuel.design email-domain

Maintainer email '[email protected]' uses domain 'sirmuel.design' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.5.0

2 findings

HIGH Unclaimed maintainer email domain: sirmuel.design email-domain

Maintainer email '[email protected]' uses domain 'sirmuel.design' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.4.4

2 findings

HIGH Unclaimed maintainer email domain: sirmuel.design email-domain

Maintainer email '[email protected]' uses domain 'sirmuel.design' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.4.3

2 findings

HIGH Unclaimed maintainer email domain: sirmuel.design email-domain

Maintainer email '[email protected]' uses domain 'sirmuel.design' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.4.2

2 findings

HIGH Unclaimed maintainer email domain: sirmuel.design email-domain

Maintainer email '[email protected]' uses domain 'sirmuel.design' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.4.1

2 findings

HIGH Unclaimed maintainer email domain: sirmuel.design email-domain

Maintainer email '[email protected]' uses domain 'sirmuel.design' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.4.0

2 findings

HIGH Unclaimed maintainer email domain: sirmuel.design email-domain

Maintainer email '[email protected]' uses domain 'sirmuel.design' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v8.3.0

2 findings

HIGH Unclaimed maintainer email domain: sirmuel.design email-domain

Maintainer email '[email protected]' uses domain 'sirmuel.design' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v8.2.8

2 findings

HIGH Unclaimed maintainer email domain: sirmuel.design email-domain

Maintainer email '[email protected]' uses domain 'sirmuel.design' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v8.2.7

2 findings

HIGH Unclaimed maintainer email domain: sirmuel.design email-domain

Maintainer email '[email protected]' uses domain 'sirmuel.design' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v8.2.5

2 findings

HIGH Unclaimed maintainer email domain: sirmuel.design email-domain

Maintainer email '[email protected]' uses domain 'sirmuel.design' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v8.2.4

2 findings

HIGH Unclaimed maintainer email domain: sirmuel.design email-domain

Maintainer email '[email protected]' uses domain 'sirmuel.design' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v8.2.3

2 findings

HIGH Unclaimed maintainer email domain: sirmuel.design email-domain

Maintainer email '[email protected]' uses domain 'sirmuel.design' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.