Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
@microsoft/mgt
Advanced tools
The Microsoft Graph Toolkit is a collection of web components powered by the Microsoft Graph.
Components are functional and work automatically with the Microsoft Graph
Components work with any web framework and on all modern browsers. IE 11 is also supported
The toolkit currently includes the following components:
And the following providers:
You can now explore components and samples with the playground powered by storybook.
Watch the Getting Started Video
You can use the components by referencing the loader directly (via unpkg), or installing the npm package
<script src="https://unpkg.com/@microsoft/mgt/dist/bundle/mgt-loader.js"></script>
You can then start using the components in your html page. Here is a full working example with the Msal provider:
<script src="https://unpkg.com/@microsoft/mgt/dist/bundle/mgt-loader.js"></script>
<mgt-msal-provider client-id="[CLIENT-ID]"></mgt-msal-provider>
<mgt-login></mgt-login>
<!-- <script>
// alternatively, you can set the provider in code and provide more options
mgt.Providers.globalProvider = new mgt.MsalProvider({clientId: '[CLIENT-ID]'});
</script> -->
NOTE: MSAL requires the page to be hosted in a web server for the authentication redirects. If you are just getting started and want to play around, the quickest way is to use something like live server in vscode.
The benefits of using MGT through NPM is that you have full control of the bundling process and you can bundle only the code you need for your site. First, add the npm package:
npm install @microsoft/mgt
Now you can reference all components at the page you are using:
<script src="node_modules/@microsoft/mgt/dist/es6/components.js"></script>
Or, just reference the component you need and avoid loading everything else:
<script src="node_modules/@microsoft/mgt/dist/es6/components/mgt-login/mgt-login.js"></script>
Similarly, to add a provider, you can add it as a component:
<script src="node_modules/@microsoft/mgt/dist/es6/components/providers/mgt-msal-provider.js"></script>
<mgt-msal-provider client-id="[CLIENT-ID]"></mgt-msal-provider>
or, add it in your code:
<script type="module">
import { Providers, MsalProvider } from '@microsoft/mgt';
Providers.globalProvider = new MsalProvider({ clientId: '[CLIENT-ID]' });
</script>
The components work best when used with a provider. The provider exposes authentication and Microsoft Graph apis used by the components to call into the Microsoft Graph.
The toolkit contains providers for MSAL, SharePoint, and Teams. You can also create your own providers by extending the IProvider abstract class.
We enthusiastically welcome contributions and feedback. Please read the contributing guide before you begin.
For general questions and support, please use Stack Overflow where questions should be tagged with microsoft-graph-toolkit
Please use GitHub Issues for bug reports and feature requests. We highly recommend you browse existing issues before opening new issues.
All files in this GitHub repository are subject to the MIT license. This project also references fonts and icons from a CDN, which are subject to a separate asset license.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
FAQs
The Microsoft Graph Toolkit
We found that @microsoft/mgt demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.