{"id":13438855,"url":"https://github.com/graphql/graphql-playground","last_synced_at":"2026-01-15T22:20:52.647Z","repository":{"id":37181972,"uuid":"80016159","full_name":"graphql/graphql-playground","owner":"graphql","description":"🎮  GraphQL IDE for better development workflows (GraphQL Subscriptions, interactive docs \u0026 collaboration)","archived":false,"fork":false,"pushed_at":"2025-10-02T15:15:48.000Z","size":6064,"stargazers_count":8855,"open_issues_count":402,"forks_count":722,"subscribers_count":81,"default_branch":"main","last_synced_at":"2026-01-13T04:06:36.642Z","etag":null,"topics":["graphiql","graphql","graphql-playground","ide","prisma"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/graphql.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2017-01-25T13:19:29.000Z","updated_at":"2026-01-08T22:17:18.000Z","dependencies_parsed_at":"2023-02-07T17:15:58.044Z","dependency_job_id":"acbf68f3-d75a-43e0-8dab-249c08ec1767","html_url":"https://github.com/graphql/graphql-playground","commit_stats":{"total_commits":991,"total_committers":110,"mean_commits":9.00909090909091,"dds":0.5237134207870837,"last_synced_commit":"91ed7d8b1c1b76f1bf738b7c97a666360aaab516"},"previous_names":["graphcool/graphql-playground","prisma-labs/graphql-playground","prisma/graphql-playground","prismagraphql/graphql-playground"],"tags_count":107,"template":false,"template_full_name":null,"purl":"pkg:github/graphql/graphql-playground","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graphql%2Fgraphql-playground","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graphql%2Fgraphql-playground/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graphql%2Fgraphql-playground/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graphql%2Fgraphql-playground/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/graphql","download_url":"https://codeload.github.com/graphql/graphql-playground/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graphql%2Fgraphql-playground/sbom","scorecard":{"id":443752,"data":{"date":"2025-08-11","repo":{"name":"github.com/graphql/graphql-playground","commit":"91ed7d8b1c1b76f1bf738b7c97a666360aaab516"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.6,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Security-Policy","score":4,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Warn: no linked content found","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":4,"reason":"Found 14/30 approved changesets -- score normalized to 4","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.8.10 not signed: https://api.github.com/repos/graphql/graphql-playground/releases/15733883","Warn: release artifact v1.8.9 not signed: https://api.github.com/repos/graphql/graphql-playground/releases/15313996","Warn: release artifact v1.8.8 not signed: https://api.github.com/repos/graphql/graphql-playground/releases/15258824","Warn: release artifact v1.8.7 not signed: https://api.github.com/repos/graphql/graphql-playground/releases/15211849","Warn: release artifact v1.8.6 not signed: https://api.github.com/repos/graphql/graphql-playground/releases/15203418","Warn: release artifact v1.8.10 does not have provenance: https://api.github.com/repos/graphql/graphql-playground/releases/15733883","Warn: release artifact v1.8.9 does not have provenance: https://api.github.com/repos/graphql/graphql-playground/releases/15313996","Warn: release artifact v1.8.8 does not have provenance: https://api.github.com/repos/graphql/graphql-playground/releases/15258824","Warn: release artifact v1.8.7 does not have provenance: https://api.github.com/repos/graphql/graphql-playground/releases/15211849","Warn: release artifact v1.8.6 does not have provenance: https://api.github.com/repos/graphql/graphql-playground/releases/15203418"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 17 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"195 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q","Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38","Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc","Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw","Warn: Project is vulnerable to: GHSA-whgm-jr23-g3j9","Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw","Warn: Project is vulnerable to: GHSA-r4pf-3v7r-hh55","Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25","Warn: Project is vulnerable to: GHSA-rrc9-gqf8-8rwg","Warn: Project is vulnerable to: GHSA-4w2v-q235-vp99","Warn: Project is vulnerable to: GHSA-cph5-m8f7-6c5x","Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx","Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6","Warn: Project is vulnerable to: GHSA-pp7h-53gx-mx7r","Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-cwfw-4gq5-mrqx","Warn: Project is vulnerable to: GHSA-g95f-p29q-9xw4","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw","Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5","Warn: Project is vulnerable to: GHSA-4gw3-8f77-f72c","Warn: Project is vulnerable to: GHSA-257v-vj4p-3w2h","Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x","Warn: Project is vulnerable to: GHSA-7gc6-qh9x-w6h8","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c","Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq","Warn: Project is vulnerable to: GHSA-3wcq-x3mq-6r9p","Warn: Project is vulnerable to: GHSA-ff7x-qrg7-qggm","Warn: Project is vulnerable to: GHSA-phwq-j96m-2c2q","Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6","Warn: Project is vulnerable to: GHSA-6vrv-94jv-crrg","Warn: Project is vulnerable to: GHSA-f9mq-jph6-9mhm","Warn: Project is vulnerable to: GHSA-h9jc-284h-533g","Warn: Project is vulnerable to: GHSA-m93v-9qjc-3g79","Warn: Project is vulnerable to: GHSA-hvf8-h2qh-37m9","Warn: Project is vulnerable to: GHSA-mpjm-v997-c4h4","Warn: Project is vulnerable to: GHSA-3p22-ghq8-v749","Warn: Project is vulnerable to: GHSA-77xc-hjv8-ww97","Warn: Project is vulnerable to: GHSA-mq8j-3h7h-p8g7","Warn: Project is vulnerable to: GHSA-p2jh-44qj-pf2v","Warn: Project is vulnerable to: GHSA-p7v2-p9m8-qqg7","Warn: Project is vulnerable to: GHSA-7x97-j373-85x5","Warn: Project is vulnerable to: GHSA-7m48-wc93-9g85","Warn: Project is vulnerable to: GHSA-qqvq-6xgj-jw8g","Warn: Project is vulnerable to: GHSA-6r2x-8pq8-9489","Warn: Project is vulnerable to: GHSA-9jxc-qjr9-vjxq","Warn: Project is vulnerable to: GHSA-vh7m-p724-62c2","Warn: Project is vulnerable to: GHSA-r9p9-mrjm-926w","Warn: Project is vulnerable to: GHSA-434g-2637-qmqr","Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m","Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw","Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p","Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747","Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh","Warn: Project is vulnerable to: GHSA-6h5x-7c5m-7cr7","Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc","Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx","Warn: Project is vulnerable to: GHSA-74fj-2j2h-c42q","Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c","Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc","Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6","Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97","Warn: Project is vulnerable to: GHSA-x4r7-m2q9-69c8","Warn: Project is vulnerable to: GHSA-4852-vrh7-28rf","Warn: Project is vulnerable to: GHSA-765h-qjxv-5f44","Warn: Project is vulnerable to: GHSA-f2jv-r9rf-7988","Warn: Project is vulnerable to: GHSA-c429-5p7v-vgjp","Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj","Warn: Project is vulnerable to: GHSA-pfq8-rq6v-vf5m","Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j","Warn: Project is vulnerable to: GHSA-6x33-pw7p-hmpq","Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27","Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37","Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22","Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp","Warn: Project is vulnerable to: GHSA-7r28-3m3f-r2pr","Warn: Project is vulnerable to: GHSA-r8j5-h5cx-65gg","Warn: Project is vulnerable to: GHSA-2pr6-76vf-7546","Warn: Project is vulnerable to: GHSA-8j8c-7jfh-h6hx","Warn: Project is vulnerable to: GHSA-896r-f27r-55mw","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-8cf7-32gw-wr33","Warn: Project is vulnerable to: GHSA-hjrf-2m68-5959","Warn: Project is vulnerable to: GHSA-qwph-4952-7xr6","Warn: Project is vulnerable to: GHSA-jg8v-48h5-wgxg","Warn: Project is vulnerable to: GHSA-36fh-84j7-cv5h","Warn: Project is vulnerable to: GHSA-593f-38f6-jp5m","Warn: Project is vulnerable to: GHSA-x2rg-q646-7m2v","Warn: Project is vulnerable to: GHSA-jgmv-j7ww-jx2x","Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq","Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488","Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g","Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw","Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-6vfc-qv3f-vr6c","Warn: Project is vulnerable to: GHSA-4xcv-9jjx-gfj3","Warn: Project is vulnerable to: GHSA-7wpw-2hjm-89gp","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-8hfj-j24r-96c4","Warn: Project is vulnerable to: GHSA-wc69-rhjr-hc9g","Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g","Warn: Project is vulnerable to: GHSA-w7rc-rwvf-8q5r","Warn: Project is vulnerable to: GHSA-92xj-mqp7-vmcj","Warn: Project is vulnerable to: GHSA-wxgw-qj99-44c2","Warn: Project is vulnerable to: GHSA-5rrq-pxf6-6jx5","Warn: Project is vulnerable to: GHSA-8fr3-hfg3-gpgp","Warn: Project is vulnerable to: GHSA-gf8q-jrpm-jvxq","Warn: Project is vulnerable to: GHSA-2r2c-g63r-vccr","Warn: Project is vulnerable to: GHSA-cfm4-qjh2-4765","Warn: Project is vulnerable to: GHSA-x4jg-mjrx-434g","Warn: Project is vulnerable to: GHSA-5fw9-fq32-wv5p","Warn: Project is vulnerable to: GHSA-px4h-xg32-q955","Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr","Warn: Project is vulnerable to: GHSA-76c9-3jph-rj3q","Warn: Project is vulnerable to: GHSA-28xh-wpgr-7fm8","Warn: Project is vulnerable to: GHSA-3j8f-xvm3-ffx4","Warn: Project is vulnerable to: GHSA-4p35-cfcx-8653","Warn: Project is vulnerable to: GHSA-7f3x-x4pr-wqhj","Warn: Project is vulnerable to: GHSA-jpp7-7chh-cf67","Warn: Project is vulnerable to: GHSA-q6wq-5p59-983w","Warn: Project is vulnerable to: GHSA-j9fq-vwqv-2fm2","Warn: Project is vulnerable to: GHSA-pqw5-jmp5-px4v","Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9","Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j","Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w","Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6","Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59","Warn: Project is vulnerable to: GHSA-566m-qj78-rww5","Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j","Warn: Project is vulnerable to: GHSA-hwj9-h5mp-3pm3","Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp","Warn: Project is vulnerable to: GHSA-5q6m-3h65-w53x","Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg","Warn: Project is vulnerable to: GHSA-hxcc-f52p-wc94","Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p","Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7","Warn: Project is vulnerable to: GHSA-wpg7-2c88-r8xv","Warn: Project is vulnerable to: GHSA-vx3p-948g-6vhq","Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9","Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw","Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc","Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh","Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36","Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx","Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v","Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc","Warn: Project is vulnerable to: GHSA-29xr-v42j-r956","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-jgrx-mgxx-jf9v","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3","Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v","Warn: Project is vulnerable to: GHSA-38fc-wpqx-33j7","Warn: Project is vulnerable to: GHSA-662x-fhqg-9p8v","Warn: Project is vulnerable to: GHSA-394c-5j6w-4xmx","Warn: Project is vulnerable to: GHSA-78cj-fxph-m83p","Warn: Project is vulnerable to: GHSA-fhg7-m89q-25r3","Warn: Project is vulnerable to: GHSA-3329-pjwv-fjpg","Warn: Project is vulnerable to: GHSA-p6j9-7xhc-rhwp","Warn: Project is vulnerable to: GHSA-89gv-h8wf-cg8r","Warn: Project is vulnerable to: GHSA-gcv8-gh4r-25x6","Warn: Project is vulnerable to: GHSA-gmv4-r438-p67f","Warn: Project is vulnerable to: GHSA-8h2f-7jc4-7m3m","Warn: Project is vulnerable to: GHSA-3vjf-82ff-p4r3","Warn: Project is vulnerable to: GHSA-g694-m8vq-gv9h","Warn: Project is vulnerable to: GHSA-9m6j-fcg5-2442","Warn: Project is vulnerable to: GHSA-hh27-ffr2-f2jc","Warn: Project is vulnerable to: GHSA-rqff-837h-mm52","Warn: Project is vulnerable to: GHSA-8v38-pw62-9cw2","Warn: Project is vulnerable to: GHSA-hgjh-723h-mx2j","Warn: Project is vulnerable to: GHSA-jf5r-8hm2-f872","Warn: Project is vulnerable to: GHSA-qgmg-gppg-76g5","Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6","Warn: Project is vulnerable to: GHSA-cf66-xwfp-gvc4","Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v","Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h","Warn: Project is vulnerable to: GHSA-g78m-2chm-r7qv","Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7","Warn: Project is vulnerable to: GHSA-6fc8-4gx4-v693","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q","Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc","Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh","Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T06:11:52.721Z","repository_id":37181972,"created_at":"2025-08-19T06:11:52.721Z","updated_at":"2025-08-19T06:11:52.721Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28472626,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-15T22:13:38.078Z","status":"ssl_error","status_checked_at":"2026-01-15T22:12:11.737Z","response_time":62,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["graphiql","graphql","graphql-playground","ide","prisma"],"created_at":"2024-07-31T03:01:09.010Z","updated_at":"2026-01-15T22:20:52.630Z","avatar_url":"https://github.com/graphql.png","language":"TypeScript","readme":"\u003cp align=\"center\"\u003e\u003cimg src=\"https://imgur.com/5fzMbyV.png\" width=\"269\"\u003e\u003c/p\u003e\n\n[![npm version](https://badge.fury.io/js/graphql-playground-react.svg)](https://badge.fury.io/js/graphql-playground-react)\n[![graphql](https://circleci.com/gh/graphql/graphql-playground.svg?style=shield)](https://circleci.com/gh/graphql/graphql-playground)\n\n\u003e **SECURITY WARNING:** both `graphql-playground-html` and [all four (4) of it's middleware dependents](#impacted-packages) until `graphql-playground-html@1.6.22` were subject to an  **XSS Reflection attack vulnerability only to unsanitized user input strings** to the functions therein. This was resolved in `graphql-playground-html@^1.6.22`. [More Information](#security-details) [CVE-2020-4038](https://github.com/graphql/graphql-playground/security/advisories/GHSA-4852-vrh7-28rf)\n\n\n**Future of this repository**: See [this issue](https://github.com/graphql/graphql-playground/issues/1366#issuecomment-1062088978) for details.\n\n---\n\nGraphQL IDE for better development workflows (GraphQL Subscriptions, interactive docs \u0026 collaboration). \u003cbr /\u003e\n\n[![](https://i.imgur.com/AE5W6OW.png)](https://graphqlbin.com/v2/6RQ6TM)\n\n## Installation\n\n```sh\n$ brew install --cask graphql-playground\n```\n\n## Features\n\n- ✨ Context-aware autocompletion \u0026 error highlighting\n- 📚 Interactive, multi-column docs (keyboard support)\n- ⚡️ Supports real-time GraphQL Subscriptions\n- ⚙ GraphQL Config support with multiple Projects \u0026 Endpoints\n- 🚥 Apollo Tracing support\n\n## Security Details\n\u003e **NOTE: only _unsanitized user input_ to the functions in these packages is vulnerable** to the recently reported XSS Reflection attack.\n\n### Impact\n\n\u003e Impacted are any and all unsanitized **user-defined** input to:\n-`renderPlaygroundPage()`\n-`koaPlayground()`\n-`expressPlayground()`\n-`koaPlayground()`\n-`lambdaPlayground()\n\n\u003e  If you used static values, such as `graphql-playground-electron` does in [it's webpack config](https://github.com/prisma-labs/graphql-playground/blob/main/packages/graphql-playground-electron/webpack.config.build.js#L16), as well as the most common middleware implementations out there, they were not vulnerable to the attack.\n\nThe only reason this vulnerability exists is because we are using template strings in `renderPlaygroundPage()` with potentially unsanitized user defined variables. This allows an attacker to inject html and javascript into the page. \n- [Read more about preventing XSS in react](https://pragmaticwebsecurity.com/files/cheatsheets/reactxss.pdf)\n\nCommon examples may be user-defined path parameters, query string, unsanitized UI provided values in database, etc., that are used to build template strings or passed directly to a `renderPlaygroundPage()` or the matching middleware function equivalent listed above.\n\n### Impacted Packages\n\n**All versions of these packages are impacted until the ones specified below**, which are now safe for user defined input:\n\n- `graphql-playground-html`: **☔ safe** @ `1.6.22`\n- `graphql-playground-express` **☔ safe** @ `1.7.16`\n- `graphql-playground-koa` **☔ safe** @ `1.6.15`\n- `graphql-playground-hapi` **☔ safe** @ `1.6.13`\n- `graphql-playground-lambda` **☔ safe** @ `1.7.17`\n- `graphql-playground-electron` has always been **☔ safe** from XSS attacks! This is because configuration is statically defined [it's webpack config](https://github.com/prisma-labs/graphql-playground/blob/main/packages/graphql-playground-electron/webpack.config.build.js#L16)\n- `graphql-playground-react` is safe because it does not use `renderPlaygroundPage()` anywhere, and thus is not susceptible to template string XSS reflection attacks.\n\n### More Information\n\nSee the [security docs](./SECURITY.md) for more details on how your implementation might be impacted by this vulnerability. It contains safe examples, unsafe examples, workarounds, and more details.\n\nWe've also provided ['an example of the xss using the express middleware]('https://github.com/prisma-labs/graphql-playground/tree/main/packages/graphql-playground-html/examples/xss-attack')\n\n## FAQ\n\n### How is this different from [GraphiQL](https://github.com/graphql/graphiql)?\n\nGraphQL Playground uses components of GraphiQL under the hood but is meant as a more powerful GraphQL IDE enabling better (local) development workflows. Compared to GraphiQL, the GraphQL Playground ships with the following additional features:\n\n- Interactive, multi-column schema documentation\n- Automatic schema reloading\n- Support for GraphQL Subscriptions\n- Query history\n- Configuration of HTTP headers\n- Tabs\n\nSee the following question for more additonal features.\n\n### What's the difference between the desktop app and the web version?\n\nThe desktop app is the same as the web version but includes these additional features:\n\n- Partial support for [graphql-config](https://github.com/prismagraphql/graphql-config) enabling features like multi-environment setups (no support for sending HTTP headers).\n- Double click on `*.graphql` files.\n\n### How does GraphQL Bin work?\n\nYou can easily share your Playgrounds with others by clicking on the \"Share\" button and sharing the generated link. You can think about GraphQL Bin like Pastebin for your GraphQL queries including the context (endpoint, HTTP headers, open tabs etc).\n\n\u003ca href=\"https://graphqlbin.com/OksD\" target=\"_blank\"\u003e\n \u003cimg src=\"https://camo.githubusercontent.com/daf8c64dbde3097fdbe782c0645552550d530a73/68747470733a2f2f696d6775722e636f6d2f48316e36346c4c2e706e67\" alt=\"\" data-canonical-src=\"https://imgur.com/H1n64lL.png\" style=\"max-width:100%;\"\u003e\n\u003c/a\u003e\n\n\u003e You can also find the announcement blog post [here](https://blog.graph.cool/introducing-graphql-playground-f1e0a018f05d).\n\n## Settings\n\nIn the top right corner of the Playground window you can click on the settings icon.\nThese are the settings currently available:\n\n```js\n{\n  'editor.cursorShape': 'line', // possible values: 'line', 'block', 'underline'\n  'editor.fontFamily': `'Source Code Pro', 'Consolas', 'Inconsolata', 'Droid Sans Mono', 'Monaco', monospace`,\n  'editor.fontSize': 14,\n  'editor.reuseHeaders': true, // new tab reuses headers from last tab\n  'editor.theme': 'dark', // possible values: 'dark', 'light'\n  'general.betaUpdates': false,\n  'prettier.printWidth': 80,\n  'prettier.tabWidth': 2,\n  'prettier.useTabs': false,\n  'request.credentials': 'omit', // possible values: 'omit', 'include', 'same-origin'\n  'schema.polling.enable': true, // enables automatic schema polling\n  'schema.polling.endpointFilter': '*localhost*', // endpoint filter for schema polling\n  'schema.polling.interval': 2000, // schema polling interval in ms\n  'schema.disableComments': boolean,\n  'tracing.hideTracingResponse': true,\n  'tracing.tracingSupported': true, // set false to remove x-apollo-tracing header from Schema fetch requests\n}\n```\n\n## Usage\n\n### Properties\n\nThe React component `\u003cPlayground /\u003e` and all middlewares expose the following options:\n\n- `props` (Middlewares \u0026 React Component)\n  - `endpoint` [`string`](optional) - the GraphQL endpoint url.\n  - `subscriptionEndpoint` [`string`](optional) - the GraphQL subscriptions endpoint url.\n  - `workspaceName` [`string`](optional) - in case you provide a GraphQL Config, you can name your workspace here\n  - `config` [`string`](optional) - the JSON of a GraphQL Config. See an example [here](https://github.com/prismagraphql/graphql-playground/blob/main/packages/graphql-playground-react/src/localDevIndex.tsx#L47)\n  - `settings` [`ISettings`](optional) - Editor settings in json format as [described here](https://github.com/prismagraphql/graphql-playground#settings)\n\n```ts\ninterface ISettings {\n  'editor.cursorShape': 'line' | 'block' | 'underline'\n  'editor.fontFamily': string\n  'editor.fontSize': number\n  'editor.reuseHeaders': boolean\n  'editor.theme': 'dark' | 'light'\n  'general.betaUpdates': boolean\n  'prettier.printWidth': number\n  'prettier.tabWidth': number\n  'prettier.useTabs': boolean\n  'request.credentials': 'omit' | 'include' | 'same-origin'\n  'request.globalHeaders': { [key: string]: string }\n  'schema.polling.enable': boolean\n  'schema.polling.endpointFilter': string\n  'schema.polling.interval': number\n  'schema.disableComments': boolean\n  'tracing.hideTracingResponse': boolean\n  'tracing.tracingSupported': boolean\n}\n```\n\n- `schema` [`IntrospectionResult`](optional) - The result of an introspection query (an object of this form: `{__schema: {...}}`) The playground automatically fetches the schema from the endpoint. This is only needed when you want to override the schema.\n- `tabs` [`Tab[]`](optional) - An array of tabs to inject. **Note: When using this feature, tabs will be resetted each time the page is reloaded**\n\n```ts\ninterface Tab {\n  endpoint: string\n  query: string\n  name?: string\n  variables?: string\n  responses?: string[]\n  headers?: { [key: string]: string }\n}\n```\n\nIn addition to this, the React app provides some more properties:\n\n- `props` (React Component)\n- `createApolloLink` [`(session: Session, subscriptionEndpoint?: string) =\u003e ApolloLink`] - this is the equivalent to the `fetcher` of GraphiQL. For each query that is being executed, this function will be called\n\n`createApolloLink` is only available in the React Component and not the middlewares, because the content must be serializable as it is being printed into a HTML template.\n\n### As HTML Page\n\nIf you simply want to render the Playground HTML on your own, for example when implementing a GraphQL Server, there are 2 options for you:\n\n1.  [The bare minimum HTML needed to render the Playground](https://github.com/prismagraphql/graphql-playground/blob/main/packages/graphql-playground-html/minimal.html)\n2.  [The Playground HTML with full loading animation](https://github.com/prismagraphql/graphql-playground/blob/main/packages/graphql-playground-html/withAnimation.html)\n\nNote: In case you do not want to serve assets from a CDN (like jsDelivr) and instead use a local copy, you will need to install `graphql-playground-react` from npm, and then replace all instances of `//cdn.jsdelivr.net/npm` with `./node_modules`. An example can be found [here](https://github.com/prismagraphql/graphql-playground/blob/main/packages/graphql-playground-html/minimalWithoutCDN.html)\n\n### As React Component\n\n#### Install\n\n```sh\nyarn add graphql-playground-react\n```\n\n#### Use\n\nGraphQL Playground provides a React component responsible for rendering the UI and Session management.\nThere are **3 dependencies** needed in order to run the `graphql-playground-react` React component.\n\n1.  _Open Sans_ and _Source Code Pro_ fonts\n2.  Rendering the `\u003cPlayground /\u003e` component\n\nThe GraphQL Playground requires **React 16**.\n\nIncluding Fonts (`1.`)\n\n```html\n\u003clink\n  href=\"https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700|Source+Code+Pro:400,700\"\n  rel=\"stylesheet\"\n/\u003e\n```\n\nIncluding stylesheet and the component (`2., 3.`)\n\n```js\nimport React from 'react'\nimport ReactDOM from 'react-dom'\nimport { Provider } from 'react-redux'\nimport { Playground, store } from 'graphql-playground-react'\n\nReactDOM.render(\n  \u003cProvider store={store}\u003e\n    \u003cPlayground endpoint='https://api.graph.cool/simple/v1/swapi' /\u003e\n  \u003c/Provider\u003e,\n  document.body,\n)\n```\n\n### As Server Middleware\n\n#### Install\n\n```sh\n# Pick the one that matches your server framework\nyarn add graphql-playground-middleware-express  # for Express or Connect\nyarn add graphql-playground-middleware-hapi\nyarn add graphql-playground-middleware-koa\nyarn add graphql-playground-middleware-lambda\n```\n\n#### Usage with example\n\nWe have a full example for each of the frameworks below:\n\n- **Express:** See [packages/graphql-playground-middleware-express/examples/basic](https://github.com/prismagraphql/graphql-playground/tree/main/packages/graphql-playground-middleware-express/examples/basic)\n\n- **Hapi:** See [packages/graphql-playground-middleware-hapi](https://github.com/prismagraphql/graphql-playground/tree/main/packages/graphql-playground-middleware-hapi)\n\n- **Koa:** See [packages/graphql-playground-middleware-koa](https://github.com/prismagraphql/graphql-playground/tree/main/packages/graphql-playground-middleware-koa)\n\n- **Lambda (as serverless handler):** See [serverless-graphql-apollo](https://github.com/serverless/serverless-graphql-apollo) or a quick example below.\n\n### As serverless handler\n\n#### Install\n\n```sh\nyarn add graphql-playground-middleware-lambda\n```\n\n#### Usage\n\n`handler.js`\n\n```js\nimport lambdaPlayground from 'graphql-playground-middleware-lambda'\n// or using require()\n// const lambdaPlayground = require('graphql-playground-middleware-lambda').default\n\nexports.graphqlHandler = function graphqlHandler(event, context, callback) {\n  function callbackFilter(error, output) {\n    // eslint-disable-next-line no-param-reassign\n    output.headers['Access-Control-Allow-Origin'] = '*'\n    callback(error, output)\n  }\n\n  const handler = graphqlLambda({ schema: myGraphQLSchema })\n  return handler(event, context, callbackFilter)\n}\n\nexports.playgroundHandler = lambdaPlayground({\n  endpoint: '/dev/graphql',\n})\n```\n\n`serverless.yml`\n\n```yaml\nfunctions:\n  graphql:\n    handler: handler.graphqlHandler\n    events:\n      - http:\n          path: graphql\n          method: post\n          cors: true\n  playground:\n    handler: handler.playgroundHandler\n    events:\n      - http:\n          path: playground\n          method: get\n          cors: true\n```\n\n#### Security Issue\n\nThere is an [XSS Reflection Vulnerability](./SECURITY.md) when using these middlewares with unsanitized user input before\n\n## Development\n\n```sh\n$ cd packages/graphql-playground-react\n$ yarn\n$ yarn start\n```\n\nOpen\n[localhost:3000/localDev.html?endpoint=https://api.graph.cool/simple/v1/swapi](http://localhost:3000/localDev.html?endpoint=https://api.graph.cool/simple/v1/swapi) for local development!\n\n### Contributing to this project\n\nThis repository is managed by EasyCLA. Project participants must sign the free ([GraphQL Specification Membership agreement](https://preview-spec-membership.graphql.org) before making a contribution. You only need to do this one time, and it can be signed by [individual contributors](http://individual-spec-membership.graphql.org/) or their [employers](http://corporate-spec-membership.graphql.org/).\n\nTo initiate the signature process please open a PR against this repo. The EasyCLA bot will block the merge if we still need a membership agreement from you.\n\nYou can find [detailed information here](https://github.com/graphql/graphql-wg/tree/main/membership). If you have issues, please email [operations@graphql.org](mailto:operations@graphql.org).\n\nIf your company benefits from GraphQL and you would like to provide essential financial support for the systems and people that power our community, please also consider membership in the [GraphQL Foundation](https://foundation.graphql.org/join).\n\n## Custom Theme\n\nFrom `graphql-playground-react@1.7.0` on you can provide a `codeTheme` property to the React Component to customize your color theme.\nThese are the available options:\n\n```ts\nexport interface EditorColours {\n  property: string\n  comment: string\n  punctuation: string\n  keyword: string\n  def: string\n  qualifier: string\n  attribute: string\n  number: string\n  string: string\n  builtin: string\n  string2: string\n  variable: string\n  meta: string\n  atom: string\n  ws: string\n  selection: string\n  cursorColor: string\n  editorBackground: string\n  resultBackground: string\n  leftDrawerBackground: string\n  rightDrawerBackground: string\n}\n```\n\n### Versions\n\nThis is repository is a \"mono repo\" and contains multiple packages using [Yarn workspaces](https://yarnpkg.com/lang/en/docs/workspaces/). Please be aware that versions are **not** synchronised between packages. The versions of the [release page](https://github.com/graphcool/graphql-playground/releases) refer to the electron app.\n\n### Packages\n\nIn the folder `packages` you'll find the following packages:\n\n- `graphql-playground-electron`: Cross-platform electron app which uses `graphql-playground-react`\n- `graphql-playground-html`: Simple HTML page rendering a version of `graphql-playground-react` hosted on JSDeliver\n- `graphql-playground-middleware-express`: Express middleware using `graphql-playground-html`\n- `graphql-playground-middleware-hapi`: Hapi middleware using `graphql-playground-html`\n- `graphql-playground-middleware-koa`: Koa middleware using `graphql-playground-html`\n- `graphql-playground-middleware-lambda`: AWS Lambda middleware using `graphql-playground-html`\n- `graphql-playground-react`: Core of GraphQL Playground built with ReactJS\n\n\u003ca name=\"help-and-community\" /\u003e\n\n## Help \u0026 Community [![Discord](https://img.shields.io/discord/586999333447270440.svg)](https://discord.gg/EXUYPaY)\n\nJoin our [Discord Server](https://discord.gg/EXUYPaY) if you run into issues or have questions. We love talking to you!\n\n\u003cp align=\"center\"\u003e\u003ca href=\"https://oss.prisma.io\"\u003e\u003cimg src=\"https://imgur.com/IMU2ERq.png\" alt=\"Prisma\" height=\"170px\"\u003e\u003c/a\u003e\u003c/p\u003e\n","funding_links":[],"categories":["Tools","HarmonyOS","TypeScript","⚙️ Backend \u0026 APIs","Building","Uncategorized","GraphQL [🔝](#readme)","Integrations"],"sub_categories":["Windows Manager","Workflows","Uncategorized","Tools"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgraphql%2Fgraphql-playground","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgraphql%2Fgraphql-playground","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgraphql%2Fgraphql-playground/lists"}