{"id":13727130,"url":"https://github.com/lunchboxer/graphql-subscriptions-client","last_synced_at":"2026-01-17T18:29:53.390Z","repository":{"id":34604159,"uuid":"180725679","full_name":"lunchboxer/graphql-subscriptions-client","owner":"lunchboxer","description":"A websocket client for graphql-ws protocol based on subscriptions-transport-ws","archived":false,"fork":false,"pushed_at":"2024-01-06T04:26:24.000Z","size":628,"stargazers_count":55,"open_issues_count":2,"forks_count":5,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-10-02T17:59:32.765Z","etag":null,"topics":["graphql","subscriptions","websocket"],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lunchboxer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2019-04-11T06:08:01.000Z","updated_at":"2025-08-02T07:58:54.000Z","dependencies_parsed_at":"2023-02-15T17:16:09.301Z","dependency_job_id":"beeea631-b088-463f-9dbd-b1856f065333","html_url":"https://github.com/lunchboxer/graphql-subscriptions-client","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/lunchboxer/graphql-subscriptions-client","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lunchboxer%2Fgraphql-subscriptions-client","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lunchboxer%2Fgraphql-subscriptions-client/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lunchboxer%2Fgraphql-subscriptions-client/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lunchboxer%2Fgraphql-subscriptions-client/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lunchboxer","download_url":"https://codeload.github.com/lunchboxer/graphql-subscriptions-client/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lunchboxer%2Fgraphql-subscriptions-client/sbom","scorecard":{"id":605234,"data":{"date":"2025-08-11","repo":{"name":"github.com/lunchboxer/graphql-subscriptions-client","commit":"5fbd88179104133dc7e478ee777c877f85298ab5"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.9,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 0/7 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/auto-assign.yml:8: update your workflow using https://app.stepsecurity.io/secureworkflow/lunchboxer/graphql-subscriptions-client/auto-assign.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/auto-labeler.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/lunchboxer/graphql-subscriptions-client/auto-labeler.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/lunchboxer/graphql-subscriptions-client/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/lunchboxer/graphql-subscriptions-client/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/lunchboxer/graphql-subscriptions-client/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/lunchboxer/graphql-subscriptions-client/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/lunchboxer/graphql-subscriptions-client/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/lunchboxer/graphql-subscriptions-client/codeql-analysis.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-drafter.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/lunchboxer/graphql-subscriptions-client/release-drafter.yml/main?enable=pin","Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:21","Info:   0 out of   6 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   3 third-party GitHubAction dependencies pinned","Info:   0 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:28","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:29","Warn: no topLevel permission defined: .github/workflows/auto-assign.yml:1","Warn: no topLevel permission defined: .github/workflows/auto-labeler.yml:1","Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Warn: no topLevel permission defined: .github/workflows/release-drafter.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":7,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 0 commits out of 23 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"13 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-3mv9-4h5g-vhg3","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T01:26:39.203Z","repository_id":34604159,"created_at":"2025-08-21T01:26:39.203Z","updated_at":"2025-08-21T01:26:39.203Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28515697,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-17T18:28:00.501Z","status":"ssl_error","status_checked_at":"2026-01-17T18:28:00.150Z","response_time":85,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["graphql","subscriptions","websocket"],"created_at":"2024-08-03T01:03:40.861Z","updated_at":"2026-01-17T18:29:53.351Z","avatar_url":"https://github.com/lunchboxer.png","language":"TypeScript","readme":"# graphql-subscriptions-client\n\n## graphql-ws\n\nThis library works fine, but you may consider using [graphql-ws](https://github.com/enisdenjo/graphql-ws). It's popular, well-maintained, works, and has zero dependencies.\n\n## What is this package\n\nThis is based directly on the client from [subscriptions-transport-ws](https://github.com/apollographql/subscriptions-transport-ws). As the name suggests, it's only for use as a client. It uses native websockets to communicate with a graphql server which is using ['graphql-ws' protocol](https://github.com/apollographql/subscriptions-transport-ws/blob/master/PROTOCOL.md). It plays nice with rollup, too.\n\n## Why this package\n\ntldr; It works with rollup, and its lightweight\n\nsubscriptions-transport-ws works fine in many cases, so if you aren't having problems with it, you might want to use it instead. If you have tried to use that package with rollup however then you may have become frustrated and hopeless.\n\nI found that the imports from the graphql module were causing problems and that I didn't have much need for them. This module ends up being therefore much smaller and simpler, but one difference is that queries **must be strings** and it only uses native WebSocket, so you may end up with problems if you aren't targeting modern browsers or if you like using graphql-tag's gql template string functions to define your queries.\n\n### Subscriptions without apollo-client\n\nI couldn't find any roll-your-own solutions that worked on the client for subscriptions. Making websockets work isn't difficult, but if you want automatic reconnection and a few other obvious necessities then it gets more complicated. This package includes them and not much more. You can use subscriptions without apollo-client at all. You can use it for all your graphql queries if you want, but using fetch instead is probably a better idea.\n\n## Usage\n\nIf you have a apollo-server instance you can use this for subscriptions only, pass all requests over the websocket.\nThe API is similar to what's described at [subscriptions-transport-ws docs](https://github.com/apollographql/subscriptions-transport-ws#api-docs) except that it doesn't support middleware and requires queries to be strings.\n\nAlso, this client supports batch messages as arrays from the server, and they will be processed as if they were received one after another, for example:\n\n```javascript\n[{ id: \"1\", type: \"data\", ... }, { id: \"1\", type: \"complete\" }]\n```\n\n```js\nimport { SubscriptionClient } from \"graphql-subscriptions-client\";\n\n// get ready\nconst GRAPHQL_ENDPOINT = \"ws://localhost:3000/graphql\";\n\nconst query = `subscription onNewItem {\n        newItemCreated {\n            id\n        }\n    }`;\n\n// set up the client, which can be reused\nconst client = new SubscriptionClient(GRAPHQL_ENDPOINT, {\n  reconnect: true,\n  lazy: true, // only connect when there is a query\n  connectionCallback: (error) =\u003e {\n    error \u0026\u0026 console.error(error);\n  },\n});\n\n// make the actual request\nclient.request({ query });\n\n// the above doesn't do much though\n\n// call subscription.unsubscribe() later to clean up\nconst subscription = client\n  .request({ query })\n  // so lets actually do something with the response\n  .subscribe({\n    next({ data }) {\n      if (data) {\n        console.log(\"We got something!\", data);\n      }\n    },\n  });\n```\n\nQuery must be a string.\n\n## Warning\n\nDon't use this with apollo-client. You'd really be defeating the purpose. If you are using apollo-client then maybe stick to their way of doings, so use subscriptions-transport-ws instead.\n","funding_links":[],"categories":["TypeScript"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flunchboxer%2Fgraphql-subscriptions-client","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flunchboxer%2Fgraphql-subscriptions-client","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flunchboxer%2Fgraphql-subscriptions-client/lists"}