{"id":13452312,"url":"https://github.com/wp-graphql/wp-graphql","last_synced_at":"2026-04-23T23:01:16.020Z","repository":{"id":37271048,"uuid":"72453516","full_name":"wp-graphql/wp-graphql","owner":"wp-graphql","description":":rocket: GraphQL API for WordPress","archived":false,"fork":false,"pushed_at":"2026-04-20T15:54:52.000Z","size":103833,"stargazers_count":3775,"open_issues_count":111,"forks_count":470,"subscribers_count":60,"default_branch":"main","last_synced_at":"2026-04-20T16:38:04.570Z","etag":null,"topics":["api","gatsby","graphql","graphql-api","graphql-php-library","graphql-server","hacktoberfest","wordpress","wordpress-plugin","wp-plugin","wpgraphql"],"latest_commit_sha":null,"homepage":"https://www.wpgraphql.com","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wp-graphql.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2016-10-31T16:06:18.000Z","updated_at":"2026-04-20T15:50:08.000Z","dependencies_parsed_at":"2024-02-20T20:31:02.293Z","dependency_job_id":"1a2a273f-d621-437e-8429-8cb6a0eca200","html_url":"https://github.com/wp-graphql/wp-graphql","commit_stats":{"total_commits":4306,"total_committers":175,"mean_commits":"24.605714285714285","dds":0.4505341384115188,"last_synced_commit":"617f6c7266b29f280b65b969759ac08bb7d27583"},"previous_names":[],"tags_count":260,"template":false,"template_full_name":null,"purl":"pkg:github/wp-graphql/wp-graphql","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wp-graphql%2Fwp-graphql","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wp-graphql%2Fwp-graphql/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wp-graphql%2Fwp-graphql/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wp-graphql%2Fwp-graphql/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wp-graphql","download_url":"https://codeload.github.com/wp-graphql/wp-graphql/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wp-graphql%2Fwp-graphql/sbom","scorecard":{"id":414525,"data":{"date":"2025-08-04","repo":{"name":"github.com/wp-graphql/wp-graphql","commit":"374c9b4e46ab0d2510cc6b8acf448d1d8f864c77"},"scorecard":{"version":"v5.2.1-28-gc1d103a9","commit":"c1d103a9bb9f635ec7260bf9aa0699466fa4be0e"},"score":3.9,"checks":[{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#cii-best-practices"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#maintained"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: docs/security.md:1","Info: Found linked content: docs/security.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: docs/security.md:1","Info: Found text in security policy: docs/security.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#security-policy"}},{"name":"Code-Review","score":2,"reason":"Found 3/14 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: jobLevel 'contents' permission set to 'write': .github/workflows/changeset-generation.yml:44","Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:36","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:37","Info: jobLevel 'contents' permission set to 'read': .github/workflows/deploy-docker-image.yml:12","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/milestone-branch-management.yml:48","Warn: no topLevel permission defined: .github/workflows/build-graphiql.yml:1","Warn: no topLevel permission defined: .github/workflows/changeset-generation.yml:1","Warn: no topLevel permission defined: .github/workflows/code-quality.yml:1","Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Warn: no topLevel permission defined: .github/workflows/deploy-docker-image.yml:1","Warn: no topLevel permission defined: .github/workflows/graphiql-e2e-tests.yml:1","Warn: no topLevel permission defined: .github/workflows/lint-pr.yml:1","Warn: no topLevel permission defined: .github/workflows/milestone-branch-management.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Warn: no topLevel permission defined: .github/workflows/schema-linter.yml:1","Warn: no topLevel permission defined: .github/workflows/testing-integration.yml:1","Warn: no topLevel permission defined: .github/workflows/upload-schema-artifact.yml:1","Warn: no topLevel permission defined: .github/workflows/wordpress-coding-standards.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#token-permissions"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#license"}},{"name":"Dangerous-Workflow","score":0,"reason":"dangerous workflow patterns detected","details":["Warn: script injection with untrusted input ' github.event.pull_request.head.ref ': .github/workflows/changeset-generation.yml:33","Warn: script injection with untrusted input ' github.event.pull_request.title ': .github/workflows/changeset-generation.yml:33","Warn: script injection with untrusted input ' github.event.pull_request.head.ref ': .github/workflows/milestone-branch-management.yml:37","Warn: script injection with untrusted input ' github.event.pull_request.title ': .github/workflows/milestone-branch-management.yml:37","Warn: script injection with untrusted input ' github.event.pull_request.head.ref ': .github/workflows/release.yml:145","Warn: script injection with untrusted input ' github.event.pull_request.body ': .github/workflows/release.yml:145","Warn: untrusted code checkout '${{ github.event_name == 'workflow_dispatch' \u0026\u0026 'develop' || github.event.pull_request.base.ref }}': .github/workflows/changeset-generation.yml:53","Warn: untrusted code checkout '${{ github.event_name == 'workflow_dispatch' \u0026\u0026 github.event.inputs.milestone_branch || github.event.pull_request.base.ref }}': .github/workflows/milestone-branch-management.yml:57"],"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#dangerous-workflow"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v2.3.3 not signed: https://api.github.com/repos/wp-graphql/wp-graphql/releases/225887873","Warn: release artifact v2.3.0 not signed: https://api.github.com/repos/wp-graphql/wp-graphql/releases/215281848","Warn: release artifact v2.2.0 not signed: https://api.github.com/repos/wp-graphql/wp-graphql/releases/216253351","Warn: release artifact v2.1.1 not signed: https://api.github.com/repos/wp-graphql/wp-graphql/releases/207002695","Warn: release artifact v2.1.0 not signed: https://api.github.com/repos/wp-graphql/wp-graphql/releases/203667651","Warn: release artifact v2.3.3 does not have provenance: https://api.github.com/repos/wp-graphql/wp-graphql/releases/225887873","Warn: release artifact v2.3.0 does not have provenance: https://api.github.com/repos/wp-graphql/wp-graphql/releases/215281848","Warn: release artifact v2.2.0 does not have provenance: https://api.github.com/repos/wp-graphql/wp-graphql/releases/216253351","Warn: release artifact v2.1.1 does not have provenance: https://api.github.com/repos/wp-graphql/wp-graphql/releases/207002695","Warn: release artifact v2.1.0 does not have provenance: https://api.github.com/repos/wp-graphql/wp-graphql/releases/203667651"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/deploy-docker-image.yml:9"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#packaging"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#fuzzing"}},{"name":"SAST","score":8,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 14 commits out of 21 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":1,"reason":"dependency not pinned by hash detected -- score normalized to 1","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-graphiql.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/build-graphiql.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/changeset-generation.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/changeset-generation.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/changeset-generation.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/changeset-generation.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/code-quality.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/code-quality.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/code-quality.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/code-quality.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/code-quality.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/code-quality.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/codeql-analysis.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/codeql-analysis.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/codeql-analysis.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/codeql-analysis.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-docker-image.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/deploy-docker-image.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-docker-image.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/deploy-docker-image.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-docker-image.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/deploy-docker-image.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-docker-image.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/deploy-docker-image.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/graphiql-e2e-tests.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/graphiql-e2e-tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/graphiql-e2e-tests.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/graphiql-e2e-tests.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/graphiql-e2e-tests.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/graphiql-e2e-tests.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/graphiql-e2e-tests.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/graphiql-e2e-tests.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint-pr.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/lint-pr.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/milestone-branch-management.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/milestone-branch-management.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/milestone-branch-management.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/milestone-branch-management.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/release.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/release.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:270: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/release.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:459: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/release.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:511: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/release.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:518: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/release.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:525: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/release.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:541: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/release.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:559: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/release.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:567: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/release.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/schema-linter.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/schema-linter.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/schema-linter.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/schema-linter.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/schema-linter.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/schema-linter.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/schema-linter.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/schema-linter.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/testing-integration.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/testing-integration.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/testing-integration.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/testing-integration.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/testing-integration.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/testing-integration.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/testing-integration.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/testing-integration.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upload-schema-artifact.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/upload-schema-artifact.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/upload-schema-artifact.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/upload-schema-artifact.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/upload-schema-artifact.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/upload-schema-artifact.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/wordpress-coding-standards.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/wordpress-coding-standards.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/wordpress-coding-standards.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/wordpress-coding-standards.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/wordpress-coding-standards.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/wp-graphql/wp-graphql/wordpress-coding-standards.yml/develop?enable=pin","Warn: containerImage not pinned by hash: docker/app.Dockerfile:10","Warn: containerImage not pinned by hash: docker/testing.Dockerfile:9","Warn: downloadThenRun not pinned by hash: docker/testing.Dockerfile:30-32","Warn: downloadThenRun not pinned by hash: docker/testing.Dockerfile:38-43","Warn: npmCommand not pinned by hash: docker/testing.Dockerfile:38-43","Warn: npmCommand not pinned by hash: .github/workflows/schema-linter.yml:54","Warn: npmCommand not pinned by hash: .github/workflows/schema-linter.yml:87","Info:   0 out of  24 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  21 third-party GitHubAction dependencies pinned","Info:   0 out of   2 containerImage dependencies pinned","Info:   0 out of   2 downloadThenRun dependencies pinned","Info:   6 out of   9 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":0,"reason":"15 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-4www-5p9h-95mh","Warn: Project is vulnerable to: GHSA-9gqv-wp59-fq42","Warn: Project is vulnerable to: GHSA-76c9-3jph-rj3q","Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx","Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v","Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T23:28:53.676Z","repository_id":37271048,"created_at":"2025-08-18T23:28:53.676Z","updated_at":"2025-08-18T23:28:53.676Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32201871,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-23T20:19:26.138Z","status":"ssl_error","status_checked_at":"2026-04-23T20:19:23.520Z","response_time":53,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","gatsby","graphql","graphql-api","graphql-php-library","graphql-server","hacktoberfest","wordpress","wordpress-plugin","wp-plugin","wpgraphql"],"created_at":"2024-07-31T07:01:20.309Z","updated_at":"2026-04-23T23:01:11.001Z","avatar_url":"https://github.com/wp-graphql.png","language":"PHP","readme":"\u003cimg src=\"./img/logo.png\" alt=\"WPGraphQL Logo\" width=\"96\" height=\"96\" style=\"max-width: 96px; max-height: 96px;\"\u003e\n\n# WPGraphQL\n\n[![Total Downloads](https://poser.pugx.org/wp-graphql/wp-graphql/downloads)](https://packagist.org/packages/wp-graphql/wp-graphql)\n[![Monthly Downloads](https://poser.pugx.org/wp-graphql/wp-graphql/d/monthly)](https://packagist.org/packages/wp-graphql/wp-graphql)\n[![Daily Downloads](https://poser.pugx.org/wp-graphql/wp-graphql/d/daily)](https://packagist.org/packages/wp-graphql/wp-graphql)\n[![Latest Stable Version](https://poser.pugx.org/wp-graphql/wp-graphql/v/stable)](https://packagist.org/packages/wp-graphql/wp-graphql)\n[![Testing Integration](https://github.com/wp-graphql/wp-graphql/workflows/Testing%20Integration/badge.svg)](https://github.com/wp-graphql/wp-graphql/actions?query=workflow%3A%22Testing+Integration%22)\n[![WordPress Coding Standards](https://github.com/wp-graphql/wp-graphql/workflows/WordPress%20Coding%20Standards/badge.svg)](https://github.com/wp-graphql/wp-graphql/actions?query=workflow%3A%22WordPress+Coding+Standards%22)\n[![Schema Linter](https://github.com/wp-graphql/wp-graphql/workflows/Schema%20Linter/badge.svg)](https://github.com/wp-graphql/wp-graphql/actions?query=workflow%3A%22Schema+Linter%22)\n[![GraphiQL E2E Tests](https://github.com/wp-graphql/wp-graphql/workflows/GraphiQL%20E2E%20Tests/badge.svg)](https://github.com/wp-graphql/wp-graphql/actions?query=workflow%3A%22GraphiQL+E2E+Tests%22)\n[![Code Quality](https://github.com/wp-graphql/wp-graphql/workflows/Code%20Quality/badge.svg)](https://github.com/wp-graphql/wp-graphql/actions?query=workflow%3A%22Code+Quality%22)\n[![codecov](https://codecov.io/gh/wp-graphql/wp-graphql/branch/develop/graph/badge.svg)](https://codecov.io/gh/wp-graphql/wp-graphql)\n\n**Unlock the power of WordPress data with GraphQL**\n\nWPGraphQL provides an extendable GraphQL API for any WordPress site, unlocking modern development workflows.\n\nWhether you're a WordPress developer exploring GraphQL or a GraphQL expert diving into WordPress, WPGraphQL simplifies data interaction and empowers your development workflow.\n\n---\n\n### 🎯 **Vision**\n\nWPGraphQL aims to be the **canonical GraphQL API for WordPress**, providing:\n\n- **A complete, flexible GraphQL schema** for accessing WordPress data\n- **Standards-based implementation** following GraphQL and WordPress best practices\n- **An extensible foundation** for plugins to build upon\n- **Production-ready performance** suitable for high-traffic sites\n- **Long-term stability** with semantic versioning and backward compatibility\n\n#### What Belongs in WPGraphQL Core?\n\n**In scope:**\n\n- GraphQL schema for WordPress core features (posts, pages, users, taxonomies, etc.)\n- Performance optimizations that benefit all users\n- Developer APIs for extending the schema\n- Standards and patterns for the WPGraphQL ecosystem\n\n**Candidates for core (via Experiments):**\n\n- Proposed features that need real-world validation before committing\n- Breaking changes that require community feedback\n- Performance improvements that need testing at scale\n- [Learn more about Experiments →](/docs/experiments)\n\n**Better as extensions:**\n\n- Plugin-specific integrations (ACF, Yoast, WooCommerce, etc.)\n- Opinionated workflows or conventions\n- Features specific to particular frameworks or use cases\n\n**The difference:** Experiments are potential core features being validated. Extensions are intentionally separate functionality that should remain as plugins. Experiments may graduate to core or be removed; extensions live independently forever.\n\nThis focus keeps WPGraphQL maintainable while enabling a rich ecosystem of extensions.\n\n---\n\n### 🚀 **Get Started**\n\n1. 📦 Install WPGraphQL: `wp plugin install wp-graphql --activate`\n2. 👩‍💻 Try it out: [Live Demo](https://repl.wpgraphql.com)\n3. 📖 Read the [Quick Start Guide](https://wpgraphql.com/docs/quick-start).\n4. 💬 Join the [Community on Discord](https://wpgraphql.com/discord)\n5. ⭐ [Star the Repo](https://github.com/wp-graphql/wp-graphql) on GitHub 😉\n\n---\n\n### 🌟 **Key Features**\n\n- **Flexible API**: Access posts, pages, custom post types, taxonomies, users, and more.\n- **Extendable Schema**: Easily add functionality with functions like `register_graphql_field` and `register_graphql_connection`.\n  - Plugins like [WPGraphQL Smart Cache](https://github.com/wp-graphql/wp-graphql-smart-cache), [WPGraphQL for ACF](https://github.com/wp-graphql/wp-graphql-acf) and [other extension plugins](https://wpgraphql.com/extensions) demonstrate the power of extendability.\n- **Modern Framework Integration**: Works seamlessly with [Next.js](https://vercel.com/guides/wordpress-with-vercel), [Svelte](https://www.okupter.com/blog/headless-wordpress-graphql-sveltekit), [Astro](https://docs.astro.build/en/guides/cms/wordpress/) and other frameworks.\n- **Optimized Performance**: Query only the data you need. Collect multiple resources in one request, reducing round-trips. Use [WPGraphQL Smart Cache](https://github.com/wp-graphql/wp-graphql-smart-cache) for enhanced performance and network-level caching and cache-invalidation.\n- **Developer Tools**: Explore the schema with tools like the [GraphiQL IDE](https://www.wpgraphql.com/docs/wp-graphiql) and [WordPress Playground](https://wordpress.org/plugins/wp-graphql/?preview=1).\n\n![graphiql-ide-example.gif](img/graphiql-ide-example.gif)\n\n---\n\n### 📖 **Documentation**\n\n- [Quick Start](https://www.wpgraphql.com/docs/quick-start)\n- [Intro to GraphQL](https://wpgraphql.com/docs/intro-to-graphql)\n- [Intro to WordPress](https://wpgraphql.com/docs/intro-to-wordpress)\n- [Extensions](https://www.wpgraphql.com/extensions)\n- [Advanced Topics](https://www.wpgraphql.com/docs/wpgraphql-concepts)\n\n---\n\n### 🤝 **Community Support**\n\nWPGraphQL is powered by a passionate community of contributors, backers, and sponsors.\n\n\u003ca href=\"https://github.com/wp-graphql/wp-graphql/graphs/contributors\"\u003e\u003cimg src=\"https://opencollective.com/wp-graphql/contributors.svg?width=890\u0026button=false\" /\u003e\u003c/a\u003e\n\n[![Backers on Open Collective](https://opencollective.com/wp-graphql/backers/badge.svg)](https://opencollective.com/wp-graphql#backer) [![Sponsors on Open Collective](https://opencollective.com/wp-graphql/sponsors/badge.svg)](https://opencollective.com/wp-graphql#sponsor)\n\nWant to help maintain and grow WPGraphQL?\n\n- [Support the project on Open Collective](https://opencollective.com/wp-graphql)\n- [Join the Community on Discord](https://wpgraphql.com/discord)\n- [Contribute to the project on GitHub](https://github.com/wp-graphql/wp-graphql)\n\n---\n\n### 🙌 Shout Outs\n\nWe extend our gratitude to the following projects and organizations for their contributions to the WordPress and GraphQL ecosystems:\n\n- **[Webonyx](https://github.com/webonyx/graphql-php)**: For the amazing `graphql-php` library that powers WPGraphQL's core functionality.\n- **[Ivome](https://github.com/ivome/graphql-relay-php)**: For the `graphql-relay-php` library used in relay connections.\n- **[Automattic](https://automattic.com)**: For supporting WPGraphQL's ongoing development as a canonical WordPress plugin.\n- **[Gatsby](https://www.gatsbyjs.com)**: For their contributions to the WPGraphQL ecosystem and support for headless WordPress development.\n- **[WPEngine](https://wpengine.com)**: For funding early development of WPGraphQL and supporting its growth.\n- **[Facebook](https://graphql.org)**: For open-sourcing the GraphQL spec, GraphiQL, and maintaining the JavaScript reference implementation.\n- **[Apollo](https://www.apollographql.com)**: For pushing GraphQL forward and inspiring schema design best practices.\n- **The WordPress REST API Contributors**: For paving the way with the WP-API project, inspiring WPGraphQL's architecture.\n\nThank you to all these organizations and individuals for their efforts in shaping the tools we rely on today.\n\n---\n\n### 🔌 **Canonical Plugin**\n\nWPGraphQL is becoming a [Canonical Plugin on WordPress.org](https://wordpress.org/news/2024/10/wpgraphql/), ensuring long-term support and a growing community of users and contributors.\n\n---\n\n### 🛠 **Privacy \u0026 Telemetry**\n\nWPGraphQL uses the [Appsero SDK](https://appsero.com/privacy-policy) to collect telemetry data **only after user consent**, helping us improve the plugin responsibly.\n","funding_links":["https://opencollective.com/wp-graphql"],"categories":["Uncategorized","Plugins","PHP","Libraries","Programming Languages","Implementations","Specification"],"sub_categories":["Uncategorized","WordPress","PHP Libraries","PHP"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwp-graphql%2Fwp-graphql","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwp-graphql%2Fwp-graphql","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwp-graphql%2Fwp-graphql/lists"}