graphql-inspector
GraphQL Inspector is an open-source tool that compares GraphQL schemas, detects breaking changes, validates operations, and identifies schema coverage. It runs as a CLI, GitHub App, GitHub Action, or programmatic API for teams managing GraphQL APIs.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | graphql-hive/graphql-inspector |
| Owner | graphql-hive |
| Primary language | TypeScript |
| License | MIT — OSI-approved |
| Stars | 1.8k |
| Forks | 215 |
| Open issues | 137 |
| Latest release | release-1781692943029 (2026-06-17) |
| Last updated | 2026-06-17 |
| Source | https://github.com/graphql-hive/graphql-inspector |
What graphql-inspector is
TypeScript-based schema comparison and validation engine that produces detailed change reports (breaking/non-breaking/dangerous), validates GraphQL operations and fragments against schemas, and identifies duplicate types. Supports multiple deployment modes: CLI, serverless, Docker, and GitHub automation.
Get the graphql-inspector source
Clone the repository and explore it locally.
git clone https://github.com/graphql-hive/graphql-inspector.gitcd graphql-inspector# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Requires Node.js runtime; Docker image available for containerized deployments but adds image management overhead.
- Schema input flexibility: accepts SDL files, introspection URLs, or programmatic GraphQL schema objects; confirm your schema source is compatible.
- Change classification rules (breaking/dangerous) are deterministic; validate against your team's breaking change policy before enforcing in CI/CD.
- GitHub App and Action require repo permissions; review scope carefully and consider audit/compliance implications.
- Monorepo support via CLI/API but no built-in orchestration for multi-repo schema coordination.
When to avoid it — and what to weigh
- Real-Time Runtime Validation — Inspector is a static schema analysis tool, not a request-time validator. For production runtime validation of queries, consider middleware or gateway solutions.
- Non-GraphQL APIs — The tool is GraphQL-specific. REST, gRPC, or other protocol schemas require different tooling.
- Complex Custom Breaking Change Rules — Breaking change detection is built-in but may not cover domain-specific or custom breaking semantics; extending requires code contribution or workarounds.
- Multi-Tenant Schema Versioning at Scale — The tool excels at pairwise comparison. Managing hundreds of schema versions simultaneously or complex federation scenarios may benefit from dedicated schema registries like Apollo Studio or GraphQL Hive.
License & commercial use
MIT License. Permissive open-source license allowing use, modification, and distribution in commercial and proprietary projects. No copyleft obligations.
MIT license permits commercial use without requiring source disclosure or derivative work licensing. Suitable for closed-source commercial products. No commercial support terms or liability guarantees stated in the data; review project's support channels (Discord, GitHub issues) for commercial support expectations.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Strong |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Strong |
| Assessment confidence | High |
Tool performs static analysis only; no injection attacks via introspection or query strings. Consider: (1) If running as GitHub App, it has read access to schema/repo content—review GitHub App permissions and credentials scope; (2) CLI/API accepts schema URLs; validate source to avoid SSRF; (3) No cryptographic operations or secrets management visible; store API tokens/URLs securely in CI/CD environment variables; (4) Community-maintained project with no formal security audit mentioned in data—assess risk tolerance for schema governance criticality.
Alternatives to consider
Apollo Schema Registry / Apollo GraphOS
Commercial SaaS offering schema registry, change detection, and breach detection. Managed service eliminates self-hosting burden but introduces vendor lock-in and subscription cost.
GraphQL Hive (by The Guild)
Same maintainers as Inspector; Hive is a full schema registry + monitoring platform. Offers self-hosting and managed cloud. More comprehensive but steeper learning curve if only schema comparison needed.
Postman / REST client schema validators
Alternative for teams already in Postman ecosystem; supports GraphQL but not purpose-built for schema comparison. Less specialized than Inspector.
Build on graphql-inspector with DEV.co software developers
Use GraphQL Inspector to catch breaking changes before they reach production. Available as CLI, GitHub Action, Docker image, or programmatic API. MIT licensed, zero external dependencies.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
graphql-inspector FAQ
Does Inspector validate that queries actually run, or just parse them?
Can I use Inspector to monitor schema changes in production?
Is there a way to customize what counts as a 'breaking change'?
Can Inspector handle federated GraphQL schemas?
Custom software development services
Need help beyond evaluating graphql-inspector? DEV.co is a software development agency offering software development services and web development for teams of every size. Our software developers and web developers build custom software, web applications, APIs, and open-source observability integrations — and maintain them long-term.
Integrate Schema Validation Into Your GraphQL Workflow
Use GraphQL Inspector to catch breaking changes before they reach production. Available as CLI, GitHub Action, Docker image, or programmatic API. MIT licensed, zero external dependencies.