DEV.co
Open-Source Observability · graphql-hive

graphql-inspector

GraphQL Inspector is an open-source tool that compares GraphQL schemas, detects breaking changes, validates operations, and identifies schema coverage. It runs as a CLI, GitHub App, GitHub Action, or programmatic API for teams managing GraphQL APIs.

Source: GitHub — github.com/graphql-hive/graphql-inspector
1.8k
GitHub stars
215
Forks
TypeScript
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositorygraphql-hive/graphql-inspector
Ownergraphql-hive
Primary languageTypeScript
LicenseMIT — OSI-approved
Stars1.8k
Forks215
Open issues137
Latest releaserelease-1781692943029 (2026-06-17)
Last updated2026-06-17
Sourcehttps://github.com/graphql-hive/graphql-inspector

What graphql-inspector is

TypeScript-based schema comparison and validation engine that produces detailed change reports (breaking/non-breaking/dangerous), validates GraphQL operations and fragments against schemas, and identifies duplicate types. Supports multiple deployment modes: CLI, serverless, Docker, and GitHub automation.

Quickstart

Get the graphql-inspector source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/graphql-hive/graphql-inspector.gitcd graphql-inspector# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

CI/CD Breaking Change Detection

Integrate as a GitHub Action or CLI in pull request workflows to automatically detect and report schema changes before merging, preventing client-breaking updates.

Schema Registry & Governance

Use programmatic API to build schema comparison pipelines for schema registries, tracking changes across multiple GraphQL services and enforcing governance rules.

GraphQL API Documentation & Coverage

Analyze schema coverage based on operations and fragments to identify unused types and unused fields, guiding deprecation and documentation efforts.

Implementation considerations

  • Requires Node.js runtime; Docker image available for containerized deployments but adds image management overhead.
  • Schema input flexibility: accepts SDL files, introspection URLs, or programmatic GraphQL schema objects; confirm your schema source is compatible.
  • Change classification rules (breaking/dangerous) are deterministic; validate against your team's breaking change policy before enforcing in CI/CD.
  • GitHub App and Action require repo permissions; review scope carefully and consider audit/compliance implications.
  • Monorepo support via CLI/API but no built-in orchestration for multi-repo schema coordination.

When to avoid it — and what to weigh

  • Real-Time Runtime Validation — Inspector is a static schema analysis tool, not a request-time validator. For production runtime validation of queries, consider middleware or gateway solutions.
  • Non-GraphQL APIs — The tool is GraphQL-specific. REST, gRPC, or other protocol schemas require different tooling.
  • Complex Custom Breaking Change Rules — Breaking change detection is built-in but may not cover domain-specific or custom breaking semantics; extending requires code contribution or workarounds.
  • Multi-Tenant Schema Versioning at Scale — The tool excels at pairwise comparison. Managing hundreds of schema versions simultaneously or complex federation scenarios may benefit from dedicated schema registries like Apollo Studio or GraphQL Hive.

License & commercial use

MIT License. Permissive open-source license allowing use, modification, and distribution in commercial and proprietary projects. No copyleft obligations.

MIT license permits commercial use without requiring source disclosure or derivative work licensing. Suitable for closed-source commercial products. No commercial support terms or liability guarantees stated in the data; review project's support channels (Discord, GitHub issues) for commercial support expectations.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationStrong
License clarityClear
Deployment complexityLow
DEV.co fitStrong
Assessment confidenceHigh
Security considerations

Tool performs static analysis only; no injection attacks via introspection or query strings. Consider: (1) If running as GitHub App, it has read access to schema/repo content—review GitHub App permissions and credentials scope; (2) CLI/API accepts schema URLs; validate source to avoid SSRF; (3) No cryptographic operations or secrets management visible; store API tokens/URLs securely in CI/CD environment variables; (4) Community-maintained project with no formal security audit mentioned in data—assess risk tolerance for schema governance criticality.

Alternatives to consider

Apollo Schema Registry / Apollo GraphOS

Commercial SaaS offering schema registry, change detection, and breach detection. Managed service eliminates self-hosting burden but introduces vendor lock-in and subscription cost.

GraphQL Hive (by The Guild)

Same maintainers as Inspector; Hive is a full schema registry + monitoring platform. Offers self-hosting and managed cloud. More comprehensive but steeper learning curve if only schema comparison needed.

Postman / REST client schema validators

Alternative for teams already in Postman ecosystem; supports GraphQL but not purpose-built for schema comparison. Less specialized than Inspector.

Software development agency

Build on graphql-inspector with DEV.co software developers

Use GraphQL Inspector to catch breaking changes before they reach production. Available as CLI, GitHub Action, Docker image, or programmatic API. MIT licensed, zero external dependencies.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

graphql-inspector FAQ

Does Inspector validate that queries actually run, or just parse them?
Inspector performs static validation: it checks that operations conform to the schema definition (types, fields, arguments exist and are correct). It does not execute queries against a live GraphQL server.
Can I use Inspector to monitor schema changes in production?
Inspector compares two schema snapshots at a point in time. For continuous production monitoring, pair it with a schema registry (like GraphQL Hive) or build a custom polling/webhook system to feed schema changes to Inspector.
Is there a way to customize what counts as a 'breaking change'?
Built-in breaking change rules are fixed. Custom logic requires forking, contributing back to the project, or wrapping the programmatic API with custom classification logic.
Can Inspector handle federated GraphQL schemas?
Not explicitly stated in provided data. Requires review of documentation or GitHub issues to confirm Apollo Federation, schema stitching, or subgraph comparison support.

Custom software development services

Need help beyond evaluating graphql-inspector? DEV.co is a software development agency offering software development services and web development for teams of every size. Our software developers and web developers build custom software, web applications, APIs, and open-source observability integrations — and maintain them long-term.

Integrate Schema Validation Into Your GraphQL Workflow

Use GraphQL Inspector to catch breaking changes before they reach production. Available as CLI, GitHub Action, Docker image, or programmatic API. MIT licensed, zero external dependencies.