apollo-boost
The easiest way to get started with Apollo Client
40
Versions
MIT
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
gitHead linked
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
apollo-botbenjamnjbaxleyiiipeggyrayzis
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | source-size-tripled | AI (source-diff): Size increase reflects apollo-boost shipping pre-built UMD bundles via rollup (visible in build scripts). No obfuscation or malicious payload indicators; version diff shows no new large files added unexpectedly. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): mdg removal is part of documented Apollo org transition; not indicative of compromise. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): apollo-bot addition reflects legitimate Apollo org transition; benjamn is established maintainer. | ai | |
| provenance | publisher-changed | AI (provenance): Publisher change from apollo-bot to benjamn in 2019 is a legitimate Apollo team transition; stable for this package. | ai | |
| source-diff | source-size-dropped | AI (source-diff): Source size drop reflects removal of minify/filesize scripts and refactoring to use rollup bundling, not a stub/redirect pattern. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): ts-invariant and tslib are established utility packages; ts-invariant is Apollo's own library, tslib is standard TypeScript helper. | ai | |
| dependencies | unvetted-dep:apollo-link-state | AI (dependencies): apollo-link-state is a core Apollo ecosystem dependency; expected for this meta-package. | ai | |
| dependencies | unvetted-dep:apollo-link | AI (dependencies): Apollo's own ecosystem package; expected dependency for apollo-boost. | ai | |
| dependencies | unvetted-dep:apollo-link-http | AI (dependencies): apollo-link-http is a core Apollo ecosystem dependency; expected for this meta-package. | ai | |
| dependencies | unvetted-dep:apollo-link-error | AI (dependencies): apollo-link-error is a core Apollo ecosystem dependency; expected for this meta-package. | ai | |
| dependencies | unvetted-dep:apollo-cache-inmemory | AI (dependencies): Apollo's own ecosystem package; expected dependency for apollo-boost. | ai | |
| dependencies | unvetted-dep:apollo-cache | AI (dependencies): apollo-cache is a core Apollo ecosystem dependency; expected for this meta-package. | ai | |
| dependencies | unvetted-dep:apollo-client | AI (dependencies): apollo-client is a first-party Apollo GraphQL package from the same apollographql org and trusted publisher; unvetted status is a pipeline artifact, not a security concern. | ai | |
| provenance | no-provenance | AI (provenance): apollo-boost is a long-established official Apollo package; lack of Sigstore provenance is expected for packages predating the feature and poses no material risk here. | ai |
Versions (showing 40 of 40)
| Version | Deps | Published |
|---|---|---|
| 0.4.9 | 9 / 0 | |
| 0.4.8 | 9 / 0 | |
| 0.4.7 | 9 / 0 | |
| 0.4.6 | 9 / 0 | |
| 0.4.4 | 9 / 0 | |
| 0.4.3 | 9 / 0 | |
| 0.4.2 | 9 / 0 | |
| 0.4.1 | 9 / 0 | |
| 0.4.0 | 9 / 0 | |
| 0.3.1 | 9 / 0 | |
| 0.3.0 | 9 / 0 | |
| 0.1.28 | 9 / 0 | |
| 0.1.27 | 9 / 0 | |
| 0.1.26 | 9 / 0 | |
| 0.1.25 | 8 / 0 | |
| 0.1.24 | 8 / 0 | |
| 0.1.23 | 8 / 0 | |
| 0.1.22 | 8 / 0 | |
| 0.1.21 | 8 / 0 | |
| 0.1.20 | 8 / 0 | |
| 0.1.19 | 8 / 0 | |
| 0.1.18 | 8 / 0 | |
| 0.1.17 | 8 / 0 | |
| 0.1.16 | 8 / 0 | |
| 0.1.15 | 8 / 0 | |
| 0.1.14 | 8 / 13 | |
| 0.1.13 | 8 / 13 | |
| 0.1.12 | 8 / 13 | |
| 0.1.11 | 8 / 13 | |
| 0.1.10 | 8 / 13 | |
| 0.1.9 | 8 / 13 | |
| 0.1.8 | 8 / 13 | |
| 0.1.7 | 7 / 13 | |
| 0.1.6 | 7 / 12 | |
| 0.1.5 | 7 / 12 | |
| 0.1.4 | 7 / 12 | |
| 0.1.3 | 7 / 12 | |
| 0.1.2 | 7 / 12 | |
| 0.1.1 | 7 / 12 | |
| 0.1.0 | 7 / 12 |