Tidelift GraphQL API
GraphQL endpoint to interact with Tidelift package data
Terms of Service
API Endpoints
https://api.tidelift.com/external-api/graphqlHeaders
# Your API token from the Tidelift application. Must be included in all API calls.
Authorization: Bearer <YOUR_TOKEN_HERE>Version
0.0.1
Queries
organization
Description
Find an organization by name
Response
Returns an Organization
Arguments
| Name | Description |
|---|---|
name - String!
|
Name of the organization |
Example
Query
query organization($name: String!) {
organization(name: $name) {
catalogs {
...CatalogConnectionFragment
}
displayName
groups {
...GroupConnectionFragment
}
name
projects {
...ProjectConnectionFragment
}
}
}
Variables
{"name": "xyz789"}
Response
{
"data": {
"organization": {
"catalogs": CatalogConnection,
"displayName": "abc123",
"groups": GroupConnection,
"name": "abc123",
"projects": ProjectConnection
}
}
}
package
Description
Find a package by platform and name
Response
Returns a Package
Example
Query
query package(
$name: String!,
$platform: String!
) {
package(
name: $name,
platform: $platform
) {
contributorsCount
description
latestRecommendedRelease {
...ReleaseFragment
}
latestRelease {
...ReleaseFragment
}
latestStableRelease {
...ReleaseFragment
}
license {
...LicenseFragment
}
name
packageManagerUrl
platform
purl
qualityChecks {
...QualityChecksFragment
}
releases {
...ReleaseConnectionFragment
}
repository {
...PackageRepositoryFragment
}
sdlcEvidence
sdlcPolicy
securityPolicyUrl
tideliftRecommendation
versioningScheme
}
}
Variables
{
"name": "xyz789",
"platform": "abc123"
}
Response
{
"data": {
"package": {
"contributorsCount": 987,
"description": "abc123",
"latestRecommendedRelease": Release,
"latestRelease": Release,
"latestStableRelease": Release,
"license": License,
"name": "abc123",
"packageManagerUrl": "abc123",
"platform": "xyz789",
"purl": "xyz789",
"qualityChecks": QualityChecks,
"releases": ReleaseConnection,
"repository": PackageRepository,
"sdlcEvidence": "xyz789",
"sdlcPolicy": "xyz789",
"securityPolicyUrl": "abc123",
"tideliftRecommendation": "CAUTION_ADVISED",
"versioningScheme": "SEMVER"
}
}
}
release
Description
Find a release by platform, name, and version
Response
Returns a Release
Example
Query
query release(
$name: String!,
$platform: String!,
$version: String!
) {
release(
name: $name,
platform: $platform,
version: $version
) {
directDependencies {
...ReleaseRequirementConnectionFragment
}
latestTideliftRecommendedUpgrade {
...ReleaseFragment
}
license {
...LicenseFragment
}
nearestTideliftRecommendedUpgrade {
...ReleaseFragment
}
package {
...PackageFragment
}
projectsUsing {
...ProjectConnectionFragment
}
publishedAt
purl
tideliftRecommendation
tideliftViolations {
...ViolationInterfaceConnectionFragment
}
version
}
}
Variables
{
"name": "abc123",
"platform": "abc123",
"version": "xyz789"
}
Response
{
"data": {
"release": {
"directDependencies": ReleaseRequirementConnection,
"latestTideliftRecommendedUpgrade": Release,
"license": License,
"nearestTideliftRecommendedUpgrade": Release,
"package": Package,
"projectsUsing": ProjectConnection,
"publishedAt": "2007-12-03T10:15:30Z",
"purl": "abc123",
"tideliftRecommendation": "abc123",
"tideliftViolations": ViolationInterfaceConnection,
"version": "abc123"
}
}
}
vulnerability
Description
Find a vulnerability by ID
Response
Returns a Vulnerability
Arguments
| Name | Description |
|---|---|
vulnId - String!
|
The vulnerability id. CVE-id if a CVE |
Example
Query
query vulnerability($vulnId: String!) {
vulnerability(vulnId: $vulnId) {
affectedPackages {
...VulnerablePackageConnectionFragment
}
description
nistUrl
severity
url
vulnId
}
}
Variables
{"vulnId": "xyz789"}
Response
{
"data": {
"vulnerability": {
"affectedPackages": VulnerablePackageConnection,
"description": "xyz789",
"nistUrl": "abc123",
"severity": 987.65,
"url": "abc123",
"vulnId": "xyz789"
}
}
}
Mutations
testField
Description
An example field added by the generator
Response
Returns a String!
Example
Query
mutation testField {
testField
}
Response
{"data": {"testField": "abc123"}}
Types
Alignment
Description
A project alignment.
Fields
| Field Name | Description |
|---|---|
alignmentPercentage - Float
|
The alignment score for this alignment. |
branch - String
|
The branch that this alignment was for. |
error - AlignmentError
|
Error details for the alignment, if there was one. |
finishedAt - DateTime
|
Time when the alignment finished. |
newlyIntroducedCount - Float
|
Number of new releases in this alignment. |
releases - CatalogReleaseConnection
|
The releases in this alignment |
Arguments
|
|
result - AlignmentResults
|
The result of the alignment. |
revision - String!
|
The revision against which this alignment was run. |
status - AlignmentStatuses!
|
The status of the alignment. |
Example
{
"alignmentPercentage": 123.45,
"branch": "abc123",
"error": AlignmentError,
"finishedAt": "2007-12-03T10:15:30Z",
"newlyIntroducedCount": 987.65,
"releases": CatalogReleaseConnection,
"result": "SUCCESS",
"revision": "xyz789",
"status": "COMPLETE"
}
AlignmentConnection
Description
The connection type for Alignment.
Fields
| Field Name | Description |
|---|---|
edges - [AlignmentEdge]
|
A list of edges. |
nodes - [Alignment]
|
A list of nodes. |
pageInfo - PageInfo!
|
Information to aid in pagination. |
totalCount - Int!
|
The total number of items in this collection |
Example
{
"edges": [AlignmentEdge],
"nodes": [Alignment],
"pageInfo": PageInfo,
"totalCount": 123
}
AlignmentEdge
AlignmentError
Description
Error details about a project alignment.
Example
{
"code": "xyz789",
"details": ["xyz789"],
"message": "xyz789"
}
AlignmentResults
Description
The possible alignment results, for CI purposes
Values
| Enum Value | Description |
|---|---|
|
|
CI for this alignment should pass. |
|
|
CI for this alignment should fail. |
Example
"SUCCESS"
AlignmentStatuses
Description
The possible alignment statuses
Values
| Enum Value | Description |
|---|---|
|
|
Alignment has completed (we analyzed everything and have a result). |
|
|
Alignment has failed to complete (did not get a valid analysis). |
|
|
Alignment is currently in progress. |
|
|
Alignment has been scheduled but is not yet running. |
Example
"COMPLETE"
AllowedLicensesViolation
Description
A violation of the Allowed Licenses standard.
Fields
| Field Name | Description |
|---|---|
catalogStandard - String!
|
The type of the catalog standard that this package violates. |
license - String!
|
The license for the package. |
referenceUrl - String
|
The reference url for the license. |
status - String!
|
The status of the license in the catalog. |
title - String!
|
A readable summary of the violation. |
violationId - String!
|
A unique identifier for the violation. |
Example
{
"catalogStandard": "abc123",
"license": "xyz789",
"referenceUrl": "abc123",
"status": "abc123",
"title": "abc123",
"violationId": "abc123"
}
BlockedListViolation
Description
A violation of the Blocked List standard.
Fields
| Field Name | Description |
|---|---|
blockedAt - DateTime!
|
Time when the release was blocked. |
catalogStandard - String!
|
The type of the catalog standard that this package violates. |
package - Package
|
The package that is blocked, if the scope is package-level. |
reason - String!
|
The reason why the release was blocked. |
release - Release
|
The release that is blocked, if the scope is release-level. |
scope - String!
|
The scope of the block: either 'package' or 'release'. |
title - String!
|
A readable summary of the violation. |
violationId - String!
|
A unique identifier for the violation. |
Example
{
"blockedAt": "2007-12-03T10:15:30Z",
"catalogStandard": "abc123",
"package": Package,
"reason": "abc123",
"release": Release,
"scope": "xyz789",
"title": "abc123",
"violationId": "xyz789"
}
Boolean
Description
Represents true or false values.
Example
true
Catalog
Description
A catalog of open source releases and their approval status for use
Fields
| Field Name | Description |
|---|---|
approvedReleaseCount - Int!
|
Number of approved package releases in the catalog |
createdAt - DateTime!
|
Time when the catalog was created |
displayName - String!
|
The human readable display name of the catalog |
name - String!
|
Name of the catalog to use in the Tidelift API |
releases - CatalogReleaseConnection
|
The releases in this catalog |
Arguments
|
|
updatedAt - DateTime!
|
Time when the catalog metadata was last updated |
Example
{
"approvedReleaseCount": 123,
"createdAt": "2007-12-03T10:15:30Z",
"displayName": "abc123",
"name": "xyz789",
"releases": CatalogReleaseConnection,
"updatedAt": "2007-12-03T10:15:30Z"
}
CatalogConnection
Description
The connection type for Catalog.
Fields
| Field Name | Description |
|---|---|
edges - [CatalogEdge]
|
A list of edges. |
nodes - [Catalog]
|
A list of nodes. |
pageInfo - PageInfo!
|
Information to aid in pagination. |
totalCount - Int!
|
The total number of items in this collection |
Example
{
"edges": [CatalogEdge],
"nodes": [Catalog],
"pageInfo": PageInfo,
"totalCount": 123
}
CatalogEdge
CatalogReleaseConnection
Description
The connection type for Release.
Fields
| Field Name | Description |
|---|---|
edges - [CatalogReleaseEdge]
|
A list of edges. |
nodes - [Release]
|
A list of nodes. |
pageInfo - PageInfo!
|
Information to aid in pagination. |
totalCount - Int!
|
The total number of items in this collection |
Example
{
"edges": [CatalogReleaseEdge],
"nodes": [Release],
"pageInfo": PageInfo,
"totalCount": 987
}
CatalogReleaseEdge
Description
Information about a package release as it pertains to a catalog
Fields
| Field Name | Description |
|---|---|
cursor - String!
|
A cursor for use in pagination. |
latestApprovedUpgrade - Release
|
The latest version for this package that is approved in the catalog. |
nearestApprovedUpgrade - Release
|
The nearest upgraded version for this package that is approved in the catalog. |
node - Release
|
The item at the end of the edge. |
notes - String
|
Catalog notes for this package release |
status - CatalogReleaseStatus
|
The status of the package release in the catalog |
violations - ViolationInterfaceConnection!
|
Catalog volations for this release. |
Example
{
"cursor": "xyz789",
"latestApprovedUpgrade": Release,
"nearestApprovedUpgrade": Release,
"node": Release,
"notes": "abc123",
"status": "APPROVED",
"violations": ViolationInterfaceConnection
}
CatalogReleaseStatus
Description
The status of a package release in a given catalog
Values
| Enum Value | Description |
|---|---|
|
|
The package release is approved in the catalog |
|
|
The package release is denied in the catalog |
|
|
The package release has been requested to the catalog |
Example
"APPROVED"
DateTime
Description
An ISO 8601-encoded datetime
Example
"2007-12-03T10:15:30Z"
DeprecationViolation
Description
A violation of the Deprecation standard.
Fields
| Field Name | Description |
|---|---|
catalogStandard - String!
|
The type of the catalog standard that this package violates. |
deprecatedAt - DateTime
|
Time when the package was deprecated. |
package - Package!
|
The package that is deprecated. |
packageToUseInstead - Package
|
The package to use instead of this one. |
reason - String
|
The reason the package was deprecated. |
title - String!
|
A readable summary of the violation. |
violationId - String!
|
A unique identifier for the violation. |
Example
{
"catalogStandard": "abc123",
"deprecatedAt": "2007-12-03T10:15:30Z",
"package": Package,
"packageToUseInstead": Package,
"reason": "abc123",
"title": "xyz789",
"violationId": "abc123"
}
Float
Description
Represents signed double-precision fractional values as specified by IEEE 754.
Example
987.65
GenericViolation
Description
A generic violation.
Example
{
"catalogStandard": "xyz789",
"title": "abc123",
"violationId": "abc123"
}
Group
Description
A group of projects and/or users inside of an organization
Fields
| Field Name | Description |
|---|---|
name - String!
|
The name of the group |
organization - Organization!
|
The organization this group belongs to |
projects - ProjectConnection
|
The projects which are part of this group |
slug - String!
|
The slug which identifies the group |
Example
{
"name": "abc123",
"organization": Organization,
"projects": ProjectConnection,
"slug": "xyz789"
}
GroupConnection
Description
The connection type for Group.
Fields
| Field Name | Description |
|---|---|
edges - [GroupEdge]
|
A list of edges. |
nodes - [Group]
|
A list of nodes. |
pageInfo - PageInfo!
|
Information to aid in pagination. |
totalCount - Int!
|
The total number of items in this collection |
Example
{
"edges": [GroupEdge],
"nodes": [Group],
"pageInfo": PageInfo,
"totalCount": 123
}
GroupEdge
IdentifiedLicensesViolation
Description
A violation of the Identified Licenses standard.
Fields
| Field Name | Description |
|---|---|
catalogStandard - String!
|
The type of the catalog standard that this package violates. |
originalLicense - String
|
The original license for the package. |
release - Release!
|
The release with the invalid license. |
title - String!
|
A readable summary of the violation. |
violationId - String!
|
A unique identifier for the violation. |
Example
{
"catalogStandard": "abc123",
"originalLicense": "xyz789",
"release": Release,
"title": "abc123",
"violationId": "xyz789"
}
Int
Description
Represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1.
Example
123
License
Description
Details about the license for a package.
Fields
| Field Name | Description |
|---|---|
expression - String
|
The full license expression. |
source - LicenseSourceCategory!
|
The source of the license |
Example
{
"expression": "abc123",
"source": "CORRECTED_BY_TIDELIFT"
}
LicenseSourceCategory
Description
The categorized source of the license
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"CORRECTED_BY_TIDELIFT"
Organization
Description
An organization in Tidelift, containing catalogs and projects.
Fields
| Field Name | Description |
|---|---|
catalogs - CatalogConnection!
|
Catalogs in the organization. |
Arguments
|
|
displayName - String!
|
The name of the organization. |
groups - GroupConnection!
|
Groups in the organization. |
Arguments
|
|
name - String!
|
The url-friendly name of the organization. |
projects - ProjectConnection
|
This organization's projects. |
Arguments
|
|
Example
{
"catalogs": CatalogConnection,
"displayName": "xyz789",
"groups": GroupConnection,
"name": "xyz789",
"projects": ProjectConnection
}
Package
Description
A known software package, available from a supported package manager
Fields
| Field Name | Description |
|---|---|
contributorsCount - Int
|
Number of contributors to this package |
description - String
|
Package description pulled from its repository |
latestRecommendedRelease - Release
|
The latest recommended release of the package |
latestRelease - Release
|
The latest release of the package |
latestStableRelease - Release
|
The latest stable release (not a pre-release) of the package |
license - License
|
The package license |
name - String!
|
The name of the package |
packageManagerUrl - String
|
URL of the package on its package manager |
platform - String!
|
The package manager platform |
purl - String!
|
The package URL as defined by the purl-spec |
qualityChecks - QualityChecks!
|
The package quality checks |
releases - ReleaseConnection!
|
The releases of the package |
repository - PackageRepository!
|
The package repository |
sdlcEvidence - String
|
URL of the software development lifecycle policy for the package |
sdlcPolicy - String
|
URL showing that the software development lifecycle policy for the package is being followed |
securityPolicyUrl - String
|
URL of the security policy for the package |
tideliftRecommendation - TideliftRecommendation!
|
Whether Tidelift has determined this package to be safe to use |
versioningScheme - VersioningScheme!
|
The versioning scheme of the package |
Example
{
"contributorsCount": 987,
"description": "abc123",
"latestRecommendedRelease": Release,
"latestRelease": Release,
"latestStableRelease": Release,
"license": License,
"name": "xyz789",
"packageManagerUrl": "xyz789",
"platform": "xyz789",
"purl": "xyz789",
"qualityChecks": QualityChecks,
"releases": ReleaseConnection,
"repository": PackageRepository,
"sdlcEvidence": "abc123",
"sdlcPolicy": "xyz789",
"securityPolicyUrl": "xyz789",
"tideliftRecommendation": "CAUTION_ADVISED",
"versioningScheme": "SEMVER"
}
PackageRepository
Description
Repository information for the package
Fields
| Field Name | Description |
|---|---|
source - RepositoryUrlSourceCategory!
|
The source of the repository url |
statistics - RepositoryStatistics
|
Activity statistics for the repository |
url - String
|
The URL of the repository |
Example
{
"source": "HUMAN_VERIFIED",
"statistics": RepositoryStatistics,
"url": "xyz789"
}
PageInfo
Description
Information about pagination in a connection.
Fields
| Field Name | Description |
|---|---|
endCursor - String
|
When paginating forwards, the cursor to continue. |
hasNextPage - Boolean!
|
When paginating forwards, are there more items? |
hasPreviousPage - Boolean!
|
When paginating backwards, are there more items? |
startCursor - String
|
When paginating backwards, the cursor to continue. |
Example
{
"endCursor": "abc123",
"hasNextPage": true,
"hasPreviousPage": false,
"startCursor": "abc123"
}
PrereleasesViolation
Description
A violation of the Prereleases standard.
Example
{
"catalogStandard": "abc123",
"release": Release,
"title": "xyz789",
"violationId": "abc123"
}
Project
Description
An organization's project in Tidelift, containing releases and alignments.
Fields
| Field Name | Description |
|---|---|
alignments - AlignmentConnection
|
The alignments that have been run against this project. |
catalog - Catalog!
|
The catalog against which this projects is aligned. |
defaultBranch - String!
|
The default branch that will be used for alignments. |
externalIdentifier - String
|
An identifier for this project used outside of Tidelift. |
groups - GroupConnection
|
Groups that the project belongs to. |
name - String!
|
The name of the project. |
organization - Organization!
|
The organization that the project belongs to. |
Example
{
"alignments": AlignmentConnection,
"catalog": Catalog,
"defaultBranch": "xyz789",
"externalIdentifier": "xyz789",
"groups": GroupConnection,
"name": "xyz789",
"organization": Organization
}
ProjectConnection
Description
The connection type for Project.
Fields
| Field Name | Description |
|---|---|
edges - [ProjectEdge]
|
A list of edges. |
nodes - [Project]
|
A list of nodes. |
pageInfo - PageInfo!
|
Information to aid in pagination. |
totalCount - Int!
|
The total number of items in this collection |
Example
{
"edges": [ProjectEdge],
"nodes": [Project],
"pageInfo": PageInfo,
"totalCount": 123
}
ProjectEdge
QualityCheck
Description
The value of a quality check
Fields
| Field Name | Description |
|---|---|
status - QualityCheckStatus!
|
The status of the quality check |
Example
{"status": "PASSED"}
QualityCheckStatus
Description
The status of a package quality check
Values
| Enum Value | Description |
|---|---|
|
|
The package passes the check |
|
|
The package does not pass the check |
|
|
Unable to perform the check on the package |
|
|
The package check is being analyzed |
Example
"PASSED"
QualityChecks
Description
Quality checks calculated on a package
Fields
| Field Name | Description |
|---|---|
discoverableSecurityPolicy - QualityCheck!
|
Check if the package has a discoverable security policy |
noKnownIssuesInDependenciesForLatestRelease - QualityCheck!
|
Check if there were no known issues in the dependencies of the latest release of this package |
noKnownVulnerabilitiesOnLatestRelease - QualityCheck!
|
Check if there were no known vulnerabilities on the latest release of this package |
packageAppearsMaintained - QualityCheck!
|
Check if the package appears to be maintained |
packageHasAStableReleaseGreaterThanTwoYearsOld - QualityCheck!
|
Check if the package has a stable release older than 2 years |
packageHasMultipleActiveMaintainers - QualityCheck!
|
Check if the package has multiple active maintainers |
packageHasOrganizationalBacking - QualityCheck!
|
Check if the package has organizational backing |
packageIsNotDeprecated - QualityCheck!
|
Check if the package is not deprecated |
packageIsNotEOL - QualityCheck!
|
Check if the package has an end-of-life notification |
releaseManagersAreReviewed - QualityCheck!
|
Check if the package's release managers have been reviewed |
releasesAreDiscoverableUpstream - QualityCheck!
|
Check if the package has available releases upstream |
twoFactorAuthenticationAtSourceRepository - QualityCheck!
|
Check if the package has 2FA enabled on the source repository |
twoFactorAuthenticationForPackageManager - QualityCheck!
|
Check if the package has 2FA enabled on the package manager |
Example
{
"discoverableSecurityPolicy": QualityCheck,
"noKnownIssuesInDependenciesForLatestRelease": QualityCheck,
"noKnownVulnerabilitiesOnLatestRelease": QualityCheck,
"packageAppearsMaintained": QualityCheck,
"packageHasAStableReleaseGreaterThanTwoYearsOld": QualityCheck,
"packageHasMultipleActiveMaintainers": QualityCheck,
"packageHasOrganizationalBacking": QualityCheck,
"packageIsNotDeprecated": QualityCheck,
"packageIsNotEOL": QualityCheck,
"releaseManagersAreReviewed": QualityCheck,
"releasesAreDiscoverableUpstream": QualityCheck,
"twoFactorAuthenticationAtSourceRepository": QualityCheck,
"twoFactorAuthenticationForPackageManager": QualityCheck
}
Release
Description
A package release.
Fields
| Field Name | Description |
|---|---|
directDependencies - ReleaseRequirementConnection!
|
Direct dependencies of this release. |
latestTideliftRecommendedUpgrade - Release
|
The latest upgrade that Tidelift recommends to use. |
license - License!
|
License details for this release. |
nearestTideliftRecommendedUpgrade - Release
|
The nearest upgrade that Tidelift recommends to use. |
package - Package!
|
The package for this release. |
projectsUsing - ProjectConnection
|
The projects in this organization currently using this release. |
Arguments
|
|
publishedAt - DateTime
|
The date that this release was published. |
purl - String!
|
The purl (package URL) for the release. |
tideliftRecommendation - String
|
Tidelift's recommendation for this release. |
tideliftViolations - ViolationInterfaceConnection!
|
Violations for this release, in the Tidelift catalog. |
version - String!
|
The version of the release. |
Example
{
"directDependencies": ReleaseRequirementConnection,
"latestTideliftRecommendedUpgrade": Release,
"license": License,
"nearestTideliftRecommendedUpgrade": Release,
"package": Package,
"projectsUsing": ProjectConnection,
"publishedAt": "2007-12-03T10:15:30Z",
"purl": "abc123",
"tideliftRecommendation": "abc123",
"tideliftViolations": ViolationInterfaceConnection,
"version": "xyz789"
}
ReleaseConnection
Description
The connection type for Release.
Fields
| Field Name | Description |
|---|---|
edges - [ReleaseEdge]
|
A list of edges. |
nodes - [Release]
|
A list of nodes. |
pageInfo - PageInfo!
|
Information to aid in pagination. |
totalCount - Int!
|
The total number of items in this collection |
Example
{
"edges": [ReleaseEdge],
"nodes": [Release],
"pageInfo": PageInfo,
"totalCount": 123
}
ReleaseEdge
ReleaseRequirement
Description
Details about the requirement for a release's dependency.
Example
{
"package": Package,
"requirement": "xyz789",
"scope": "xyz789"
}
ReleaseRequirementConnection
Description
The connection type for ReleaseRequirement.
Fields
| Field Name | Description |
|---|---|
edges - [ReleaseRequirementEdge]
|
A list of edges. |
nodes - [ReleaseRequirement]
|
A list of nodes. |
pageInfo - PageInfo!
|
Information to aid in pagination. |
totalCount - Int!
|
The total number of items in this collection |
Example
{
"edges": [ReleaseRequirementEdge],
"nodes": [ReleaseRequirement],
"pageInfo": PageInfo,
"totalCount": 123
}
ReleaseRequirementEdge
Description
An edge in a connection.
Fields
| Field Name | Description |
|---|---|
cursor - String!
|
A cursor for use in pagination. |
node - ReleaseRequirement
|
The item at the end of the edge. |
Example
{
"cursor": "xyz789",
"node": ReleaseRequirement
}
RepositoryStatistics
Description
Some various statistics that help to track activity in a repository
Fields
| Field Name | Description |
|---|---|
last52WeeksContributors - Int
|
Number of contributors from the last year |
lastCommitAt - DateTime
|
Date of the last commit to the repository |
oneYearClosedIssues - Int
|
Number of issues that were closed in the last year |
oneYearClosedPullRequests - Int
|
Number of pull requests that were closed in the last year |
oneYearTotalIssues - Int
|
Number of issues that were created in the last year |
oneYearTotalPullRequests - Int
|
Number of pull requests opened in the last year |
status - String
|
General status of the repository |
Example
{
"last52WeeksContributors": 987,
"lastCommitAt": "2007-12-03T10:15:30Z",
"oneYearClosedIssues": 987,
"oneYearClosedPullRequests": 123,
"oneYearTotalIssues": 123,
"oneYearTotalPullRequests": 987,
"status": "abc123"
}
RepositoryUrlSourceCategory
Description
The source of the repository url
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"HUMAN_VERIFIED"
String
Description
Represents textual data as UTF-8 character sequences. This type is most often used by GraphQL to represent free-form human-readable text.
Example
"abc123"
TideliftRecommendation
Description
The recommendation status of a package based on Tidelift's calculations
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"CAUTION_ADVISED"
TideliftVulnerabilityOverallRecommendation
Description
An overall recommendation for a vulnerability
Values
| Enum Value | Description |
|---|---|
|
|
The vulnerability can be safely ignored |
|
|
The vulnerable package should be upgraded to an unaffected version |
|
|
The vulnerable package should be upgraded, or the provided workaround should be used |
Example
"IGNORE"
UpToDateViolation
Description
A violation of the Up To Date standard.
Fields
| Field Name | Description |
|---|---|
catalogStandard - String!
|
The type of the catalog standard that this package violates. |
gracePeriod - Int
|
The minimum difference in age between the release and its package's latest release. |
latestRelease - Release
|
The latest release for this package. |
latestStableRelease - Release
|
The latest stable release for this package. |
release - Release!
|
The release that is out of date. |
title - String!
|
A readable summary of the violation. |
violationId - String!
|
A unique identifier for the violation. |
Example
{
"catalogStandard": "xyz789",
"gracePeriod": 123,
"latestRelease": Release,
"latestStableRelease": Release,
"release": Release,
"title": "xyz789",
"violationId": "xyz789"
}
VersioningScheme
Description
The versioning scheme of a package
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"SEMVER"
ViolationInterface
Description
A violation of catalog standards, representing some problem with a package.
Fields
| Field Name | Description |
|---|---|
catalogStandard - String!
|
The type of the catalog standard that this package violates. |
title - String!
|
A readable summary of the violation. |
violationId - String!
|
A unique identifier for the violation. |
Possible Types
| ViolationInterface Types |
|---|
Example
{
"catalogStandard": "abc123",
"title": "abc123",
"violationId": "xyz789"
}
ViolationInterfaceConnection
Description
The connection type for ViolationInterface.
Fields
| Field Name | Description |
|---|---|
edges - [ViolationInterfaceEdge]
|
A list of edges. |
nodes - [ViolationInterface]
|
A list of nodes. |
pageInfo - PageInfo!
|
Information to aid in pagination. |
totalCount - Int!
|
The total number of items in this collection |
Example
{
"edges": [ViolationInterfaceEdge],
"nodes": [ViolationInterface],
"pageInfo": PageInfo,
"totalCount": 123
}
ViolationInterfaceEdge
Description
An edge in a connection.
Fields
| Field Name | Description |
|---|---|
cursor - String!
|
A cursor for use in pagination. |
node - ViolationInterface
|
The item at the end of the edge. |
Example
{
"cursor": "xyz789",
"node": ViolationInterface
}
VulnerabilitiesViolation
Description
A violation of the Vulnerabilities standard.
Fields
| Field Name | Description |
|---|---|
catalogStandard - String!
|
The type of the catalog standard that this package violates. |
title - String!
|
A readable summary of the violation. |
violationId - String!
|
A unique identifier for the violation. |
vulnerability - Vulnerability!
|
The vulnerability. |
Example
{
"catalogStandard": "abc123",
"title": "xyz789",
"violationId": "abc123",
"vulnerability": Vulnerability
}
Vulnerability
Description
A vulnerability affecting a package release
Fields
| Field Name | Description |
|---|---|
affectedPackages - VulnerablePackageConnection!
|
The packages affected by the vulnerability |
description - String
|
The description of the vulnerability |
nistUrl - String
|
The NIST URL of the vulnerability if a CVE |
severity - Float
|
The severity (CVE score) of the vulnerability if a CVE |
url - String
|
The URL to the details of the vulnerability |
vulnId - String
|
The id of the vulnerability. If a CVE, this is the CVE-id |
Example
{
"affectedPackages": VulnerablePackageConnection,
"description": "xyz789",
"nistUrl": "abc123",
"severity": 987.65,
"url": "abc123",
"vulnId": "xyz789"
}
VulnerabilityRecommendation
Description
Tidelift recommendation data regarding a package vulnerability
Fields
| Field Name | Description |
|---|---|
createdAt - DateTime!
|
The date and time the vulnerability was recorded at Tidelift |
falsePositiveReason - String
|
The reason this has been determined to not be a real issue |
impactDescription - String
|
Description of the impact on a user |
impactScore - Int
|
A score indicating the likeliness of a user being impacted |
includesDev - Boolean
|
Indicator that this vulnerability affects this package when used in build tools or as a dev/test dependency |
otherConditions - Boolean
|
Indicator that there are other known conditions which allow this vulnerability to be exploited |
otherConditionsDescription - String
|
Description of any other known conditions which allow this vulnerability to be exploited |
realIssue - Boolean!
|
Indicator that this has been determined to be a real issue |
specificMethodsAffected - Boolean
|
Indicator that this vulnerability affects specific methods |
specificMethodsDescription - String
|
Description of the specific methods affected by this vulnerability |
tideliftOverallRecommendation - TideliftVulnerabilityOverallRecommendation!
|
The overall recommendation for this vulnerability determined by Tidelift |
updatedAt - DateTime!
|
The date and time this vulnerability was last updated at Tidelift |
workaroundAvailable - Boolean
|
Indicator that there is an available workaround for this vulnerability |
workaroundDescription - String
|
A description of the workaround for this vulnerability |
Example
{
"createdAt": "2007-12-03T10:15:30Z",
"falsePositiveReason": "xyz789",
"impactDescription": "xyz789",
"impactScore": 123,
"includesDev": false,
"otherConditions": false,
"otherConditionsDescription": "xyz789",
"realIssue": true,
"specificMethodsAffected": false,
"specificMethodsDescription": "abc123",
"tideliftOverallRecommendation": "IGNORE",
"updatedAt": "2007-12-03T10:15:30Z",
"workaroundAvailable": false,
"workaroundDescription": "xyz789"
}
VulnerablePackageConnection
Description
The connection type for Package.
Fields
| Field Name | Description |
|---|---|
edges - [VulnerablePackageEdge]
|
A list of edges. |
nodes - [Package]
|
A list of nodes. |
pageInfo - PageInfo!
|
Information to aid in pagination. |
totalCount - Int!
|
The total number of items in this collection |
Example
{
"edges": [VulnerablePackageEdge],
"nodes": [Package],
"pageInfo": PageInfo,
"totalCount": 987
}
VulnerablePackageEdge
Description
Additional data to help address the vulnerability on this package
Fields
| Field Name | Description |
|---|---|
affectedReleases - ReleaseConnection!
|
The releases of this package that are affected by the vulnerability |
cursor - String!
|
A cursor for use in pagination. |
node - Package
|
The item at the end of the edge. |
recommendation - VulnerabilityRecommendation
|
Recommendation data to help guide action on this vulnerability |
unaffectedReleases - ReleaseConnection!
|
The releases of this package that are unaffected by the vulnerability |
Example
{
"affectedReleases": ReleaseConnection,
"cursor": "abc123",
"node": Package,
"recommendation": VulnerabilityRecommendation,
"unaffectedReleases": ReleaseConnection
}