Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
@microsoft/mgt
Advanced tools
The Microsoft Graph Toolkit is a collection of reusable, framework-agnostic components and authentication providers for accessing and working with Microsoft Graph. The components are fully functional right of out of the box, with built in providers that authenticate with and fetch data from Microsoft Graph.
The @microsoft/mgt
package brings all mgt packages together (with the exception of @microsoft/mgt-react
) and bundles them in this one convenient package.
You can now explore components and samples with the playground.
The Microsoft Graph Toolkit includes a collection of web components for the most commonly built experiences powered by Microsoft Graph APIs.
The components are also available as React components.
Providers enable authentication and provide the implementation for acquiring access tokens on various platforms and expose a Microsoft Graph Client for calling the Microsoft Graph APIs. The components work best when used with a provider, but the providers can be used on their own.
Watch the Getting Started Video
You can use the components by installing the npm package or importing them from a CDN (unpkg).
The benefits of using MGT through NPM is that you have full control of the bundling process and you can bundle only the code you need for your site. First, add the npm package:
npm install @microsoft/mgt-components
npm install @microsoft/mgt-msal2-provider
Now you can reference all components and providers at the page you are using:
<script type="module">
import { Providers } from 'node_modules/@microsoft/mgt-element/dist/es6/index.js';
import { Msal2Provider } from 'node_modules/@microsoft/mgt-msal2-provider/dist/es6/index.js';
import { registerMgtLoginComponent, registerMgtAgendaComponent } from 'node_modules/@microsoft/mgt-components/dist/es6/index.js';
Providers.globalProvider = new Msal2Provider({clientId: '[CLIENT-ID]'});
registerMgtLoginComponent();
registerMgtAgendaComponent();
</script>
<mgt-login></mgt-login>
<mgt-agenda></mgt-agenda>
The following script tag downloads the code from the CDN, configures an MSAL2 provider, and makes all the components available for use in the web page.
<script type="module">
import { registerMgtComponents, Providers, Msal2Provider } from 'https://unpkg.com/@microsoft/mgt@4';
Providers.globalProvider = new Msal2Provider({clientId: '[CLIENT-ID]'});
registerMgtComponents();
</script>
<mgt-login></mgt-login>
<mgt-agenda></mgt-agenda>
NOTE: This link will load the highest available version of @microsoft/mgt in the range
>= 4.0.0 < 5.0.0
, omitting the@4
fragment from the url results in loading the latest version. This could result in loading a new major version and breaking the application.
NOTE: MSAL requires the page to be hosted in a web server for the authentication redirects. If you are just getting started and want to play around, the quickest way is to use something like live server in vscode.
For general questions and support, please use Stack Overflow where questions should be tagged with microsoft-graph-toolkit
Please use GitHub Issues for bug reports and feature requests. We highly recommend you browse existing issues before opening new issues.
FAQs
The Microsoft Graph Toolkit
The npm package @microsoft/mgt receives a total of 6,359 weekly downloads. As such, @microsoft/mgt popularity was classified as popular.
We found that @microsoft/mgt demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.