| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| graphify-self-graph.tar.gz | 2026-07-13 | 253.7 kB | |
| graphifyy-0.9.15-py3-none-any.whl | 2026-07-13 | 1.1 MB | |
| graphifyy-0.9.15.tar.gz | 2026-07-13 | 1.4 MB | |
| README.md | 2026-07-13 | 1.5 kB | |
| v0.9.15 source code.tar.gz | 2026-07-13 | 3.5 MB | |
| v0.9.15 source code.zip | 2026-07-13 | 4.0 MB | |
| Totals: 6 Items | 10.3 MB | 4 | |
A small, security-focused patch on top of 0.9.14.
Highlights
- Security (stored XSS): the exported
graph.htmlis fixed (#1838). The report's neighbor links dropped an unescaped stringified node id into an inlineonclick— which broke every neighbor link and, when a node id/label contained a double-quote (e.g. from a document or a title scraped viagraphify add <url>), let a hostile source inject a live event handler into a report opened locally. The id is now carried in an HTML-escapeddata-nidattribute dispatched through a single delegated listener. If you generate reports from untrusted corpora, upgrade.
All fixes
- Security: close a stored XSS and repair the (previously always-broken) neighbor "focus" links in the exported
graph.html(#1838, thanks @edgestack-ai). - Fix: detection honors nested
.gitignore/.graphifyignorefiles below the scan root, matching git — avendor/sub/.gitignoredeeper in the tree is now applied to its own subtree instead of being ignored (#1847, thanks @Mohak-Agrawal). Composes with.git/info/exclude(0.9.14): a nearer!re-include still wins. - Fix:
graphify updatenow keeps human-readablecommunity_namelabels instead of stripping them back to numeric ids on every incremental rebuild (#1808 / [#1855], thanks @latreon).
Install
pip install --upgrade graphifyy
# or
uv tool install graphifyy@0.9.15
Then graphify install to update the skill for your agent.