🛡️ Dead-simple, yet highly customizable security middleware for Apollo GraphQL servers and Envelop 🛡️

Related tags

Learning resource graphql security middleware typescript apollo apollo-server envelop
Overview

GraphQL Armor 🛡️

GraphQL Armor is a dead-simple yet highly customizable security middleware for various GraphQL server engines.

GraphQL-Armor banner

CI release npm

Contents

Supported GraphQL Engines

We support the following engines :

We additionnaly support the following engines through the Envelop plugin system :

  • GraphQL-Helix
  • Node.js HTTP
  • GraphQL-WS
  • GraphQL-SSE
  • Azure Functions
  • Cloudflare Workers
  • Google Cloud Functions
  • Lambda AWS
  • type-graphql
  • nexus
  • express-graphql

See here for more information about Envelop compatibility.

Getting Started

Refer to the Examples directory for specific implementation examples. (such as NestJS with Apollo Server)

Apollo Server

import { ApolloArmor } from '@escape.tech/graphql-armor';

const armor = new ApolloArmor();

const server = new ApolloServer({
  typeDefs,
  resolvers,
  ...armor.protect()
});

If you already have some plugins or validation rules, proceed this way:

import { ApolloArmor } from '@escape.tech/graphql-armor';

const armor = new ApolloArmor();
const protection = armor.protect()

const server = new ApolloServer({
  typeDefs,
  resolvers,
  ...protection,
  plugins: [...protection.plugins, myPlugin1, myPlugin2 ]
  validationRules: [, ...protection.validationRules, myRule1, myRule2 ]
});

GraphQL Yoga

import { EnvelopArmor } from '@escape.tech/graphql-armor';

const armor = new EnvelopArmor();
const protection = armor.protect()

async function main() {
  const server = createServer({
    schema,
    plugins: [...protection.plugins],
  });
  await server.start();
}

main();

Envelop

import { EnvelopArmor } from '@escape.tech/graphql-armor';

const armor = new EnvelopArmor();
const protection = armor.protect()

const getEnveloped = envelop({
  plugins: [otherPlugins, ...protection.plugins],
});

Getting Started with configuration

GraphQL Armor is fully configurable in a per-plugin fashion.

View the per plugin configuration section for more information about how to configure each plugin separately.

import { ApolloArmor } from '@escape.tech/graphql-armor';

const armor = new ApolloArmor({
    costAnalysis: {
        maxCost: 1000,
    },
    characterLimit: {
        maxLength: 15000,
    }
  }
});

Per plugin configuration

The provided values are the default values.

This section describes how to configure each plugin individually.

Stacktraces (Apollo Only)

This plugin is for Apollo Server only, and is enabled by default.

Stacktraces are managed by the Apollo configuration parameter debug which may have true as a default value in some setups. GraphQL Armor changes this default value to false.

For rolling back to Apollo's default parameter, you can use the following code:

import { ApolloArmor } from '@escape.tech/graphql-armor';

const armor = new ApolloArmor();
const server = new ApolloServer({
  typeDefs,
  resolvers,
  ...armor.protect(),
  debug: true // Ignore Armor's recommandation
});

Batched queries (Apollo Only)

This plugin is for Apollo Server only, and is enabled by default.

Batched queries are enabled by default, which makes DoS attacks easier by stacking expensive requests. We make them disabled by default.

For rolling back to Apollo's default parameter, you can use the following code:

import { ApolloArmor } from '@escape.tech/graphql-armor';

const armor = new ApolloArmor();
const server = new ApolloServer({
  typeDefs,
  resolvers,
  ...armor.protect(),
  allowBatchedHttpRequests: true // Ignore Armor's recommandations
});

Character Limit

This plugin is enabled by default.

It enforces a character limit on your GraphQL queries.

The limit is not applied to the whole HTTP body - multipart form data/file upload will still work.

Configuration

{
  characterLimit: {
    enabled: true,
    maxLength: 15000,
  }
}

Cost Analysis

This plugin is enabled by default.

It analyzes incoming GraphQL queries and applies a cost analysis algorithm to prevent resource overload by blocking too expensive requests (DoS attack attempts).

The cost computation is quite simple (and naive) at the moment but there are plans to make it evolve toward a extensive plugin with many features.

Configuration

{
  costAnalysis: {
    enabled: true,
    maxCost: 5000, // maximum cost of a request before it is rejected
    objectCost: 2, // cost of retrieving an object
    scalarCost: 1, // cost of retrieving a scalar
    depthCostFactor: 1.5, // multiplicative cost of depth
    ignoreIntrospection: true, // by default, introspection queries are ignored.
  }
}

Field Suggestion

This plugin is enabled by default.

It will prevent suggesting fields in case of an erroneous request. Suggestions can lead to the leak of your schema even with disabled introspection, which can be very detrimental in case of a private API. One could use GraphDNA to recover an API schema even with disabled introspection, as long as field suggestions are enabled.

Example of such a suggestion :

Cannot query field "sta" on type "Media". Did you mean "stats", "staff", or "status"?

{
  blockFieldSuggestion: {
    enabled: true,
  }
}

Aliases Limit

This plugin is enabled by default.

Put a limit on the number of aliases.

{
  maxAliases: {
    enabled: true,
    n: 15,
  }
}

Directives Limit

This plugin is enabled by default.

Put a limit on the number of directives.

{
  maxDirectives: {
    enabled: true,
    n: 50,
  }
}

Depth Limit

This plugin is enabled by default.

Put a depth limit to the request.

{
  maxDepth: {
    enabled: true,
    n: 6,
  }
}

Contributing

Ensure you have read the Contributing Guide before contributing.

To setup your project, make sure you run the install-dev.sh script.

git clone [email protected]:Escape-Technologies/graphql-armor.git
cd graphql-armor
bash ./install-dev.sh

We are using yarn as our package manager and the workspaces monorepo setup. Please read the associated documentation and feel free to open issues if you encounter problems when developing on our project!

This project is young so there might be bugs but we are very reactive so feel free to open issues.

Comments
  • Status code on validation fail

    Status code on validation fail

    Hello, I found such bug in returned status code when using Apollo (even in the example in this repository).

    If some validation failed Apollo return status 500. I would say status code should be 400 because it is client error, not server error.

    I was digging a little bit deeper. In my opinion the problem is, that you are throwing GraphQlError in error cases. But in all examples from graphql recommended in Apollo docs, they are calling ValidationContext.reportError(new GraphQlError(...) instead.

    I can make pull request and we can discuss it more then.

    bug apollo stuck 
    opened by PatizonP 9
  • Using graphql-armor with apollo-server-koa

    Using graphql-armor with apollo-server-koa

    Hello, I am using graphql-armor with apollo-server-koa and everything works just fine, except I am getting warning from npm during package instalation, that I am missing apollo-server package. Thats true, but its also working with mine apollo-server-koa package. Would be possible to somehow fix that warning ? I am guessing that same issue will be for apollo-server- Express, Hapi, Lambda...

    dependencies 
    opened by PatizonP 9
  • Simplify 'EnvelopArmor' usage with 'OnPluginInit' hook

    Simplify 'EnvelopArmor' usage with 'OnPluginInit' hook

    Thanks for this great library :) Instead of calling .protect and using array spread, the class itself can be a Plugin that adds other plugins within onPluginInit. I think this simplifies the usage,

    opened by ardatan 9
  • Configure suggestion mask string

    Configure suggestion mask string

    Adding and optional parameter to the block-field-suggestion plugin to replace the current [Suggestion message hidden by GraphQLArmor] in case users would like to obscure their usage of Armor for security. This parameter is also added to the Apollo and Envelop Armor sections.

    https://github.com/Escape-Technologies/graphql-armor/issues/116

    opened by defond0 6
  • Customizing errors

    Customizing errors

    It would be great to have a way to customize errors. This could potentially be tied into #124, but having some sort of callback that returns (or throws?) errors would be super useful. Customizing the error message would be an improvement, but ideally I think throwing custom errors (so that extensions can be added) would be more useful.

    enhancement next-up 
    opened by hayes 5
  • bug: max-depth not working with apollo gateway

    bug: max-depth not working with apollo gateway

    Hello, we've been working with apollo federation, and we were looking at alternatives for securing our graphql API, and graphql-armor seems to address many of the security concerns we have identified.

    When testing max-depth, for some reason, it seems to identify fields as "depth" as you can see in the images below.

    image

    image

    I put my sample code in this repo: https://github.com/fimassuda/apollo-federation-example

    Thank you for the great work on consolidating all these security issues for GraphQL in a centralized library. Looking forward to see the increase of adoption of this library.

    bug 
    opened by fimassuda 5
  • chore(deps): bump json5 from 2.2.1 to 2.2.3

    chore(deps): bump json5 from 2.2.1 to 2.2.3

    Bumps json5 from 2.2.1 to 2.2.3.

    Release notes

    Sourced from json5's releases.

    v2.2.3

    v2.2.2

    • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).
    Changelog

    Sourced from json5's changelog.

    v2.2.3 [code, diff]

    v2.2.2 [code, diff]

    • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).
    Commits
    • c3a7524 2.2.3
    • 94fd06d docs: update CHANGELOG for v2.2.3
    • 3b8cebf docs(security): use GitHub security advisories
    • f0fd9e1 docs: publish a security policy
    • 6a91a05 docs(template): bug -> bug report
    • 14f8cb1 2.2.2
    • 10cc7ca docs: update CHANGELOG for v2.2.2
    • 7774c10 fix: add proto to objects and arrays
    • edde30a Readme: slight tweak to intro
    • 97286f8 Improve example in readme
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot will merge this PR once it's up-to-date and CI passes on it, as requested by @c3b5aw.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 4
  • chore(deps): update dependency apollo-server-types to v3.7.1

    chore(deps): update dependency apollo-server-types to v3.7.1

    Mend Renovate

    This PR contains the following updates:

    | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | apollo-server-types | 3.7.0 -> 3.7.1 | age | adoption | passing | confidence |

    Configuration

    đź“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

    â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    🔕 Ignore: Close this PR and you won't be reminded about this update again.

    • [ ] If you want to rebase/retry this PR, check this box

    This PR has been generated by Mend Renovate. View repository job log here.

    opened by renovate[bot] 3
  • chore(deps): update dependency apollo-server-core to v3.11.1

    chore(deps): update dependency apollo-server-core to v3.11.1

    Mend Renovate

    This PR contains the following updates:

    | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | apollo-server-core | 3.11.0 -> 3.11.1 | age | adoption | passing | confidence |

    Release Notes

    apollographql/apollo-server

    v3.11.1

    Compare Source

    Configuration

    đź“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

    â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    🔕 Ignore: Close this PR and you won't be reminded about this update again.

    • [ ] If you want to rebase/retry this PR, check this box

    This PR has been generated by Mend Renovate. View repository job log here.

    opened by renovate[bot] 3
  • Scoped package raise on Windows Powershell

    Scoped package raise on Windows Powershell

    The usage of a scoped package like @escape.tech/graphql-armor can cause the following issue in VS Code terminal:

    • yarn add @escape.tech/graphql-armor
    •      ~~~~~~~

    The splatting operator '@' cannot be used to reference variables in an expression. '@escape' can be used only as an argument to a command. To reference variables in an expression use '$escape'.

    You may date your docs to suggest using windows cmd or other directly the project's directory.

    opened by candouss 3
  • Character Limit still in docs despite deprecation

    Character Limit still in docs despite deprecation

    I was just taking graphql-armor for a spin and noticed that I was getting an error for characterLimit no longer existing on the GraphQLArmorConfig type.

    I saw it was mentioned in issue #176 (and subsequently removed PR #184), but while the docs were updated, they aren't reflecting this change.

    opened by mjfwebb 3
  • chore(deps): update dependency @preconstruct/cli to v2.3.0

    chore(deps): update dependency @preconstruct/cli to v2.3.0

    Mend Renovate

    This PR contains the following updates:

    | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | @preconstruct/cli (source) | 2.2.2 -> 2.3.0 | age | adoption | passing | confidence |

    Release Notes

    preconstruct/preconstruct

    v2.3.0

    Compare Source

    Minor Changes
    Patch Changes

    Configuration

    đź“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

    â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    🔕 Ignore: Close this PR and you won't be reminded about this update again.

    • [ ] If you want to rebase/retry this PR, check this box

    This PR has been generated by Mend Renovate. View repository job log here.

    opened by renovate[bot] 2
  • fix: exports GraphQLArmorConfig type globally

    fix: exports GraphQLArmorConfig type globally

    This PR fixes/improves the way one can use the GraphQLArmorConfig type by exporting it globally.

    Prior to this PR, if you wanted to use the type, one would have to import it this way:

    import type { GraphQLArmorConfig } from '@escape.tech/graphql-armor/dist/declarations/src/config'

    Notice that the import uses the dist.

    Now, one should be able to

    import type { GraphQLArmorConfig } from '@escape.tech/graphql-armor'

    Since

    import type { GraphQLArmorConfig } from '../src/index';

    is exported globally.

    A quick sanity test was added to ensure the export exists at the global/index level.

    opened by dthyresson 6
  • feat: allow functions to be passed to `enabled` option

    feat: allow functions to be passed to `enabled` option

    Why

    for https://github.com/Escape-Technologies/graphql-armor/issues/310

    What

    Add the enabled option to each plugin. This option can accept a bool or a function.

    opened by izumin5210 1
  • enable or disable rules based on dynamic parameters

    enable or disable rules based on dynamic parameters

    I want to control rules based on GraphQL Operation and incoming requests/headers. For example, enable field suggestions only when certain request headers are present in the development environment.

    The @envelop/disable-introspection plugin allows passing a function to disableIf, but we would like to add a similar option to each of the graphql-armor plugins.

    enhancement envelop 
    opened by izumin5210 1
  • chore(deps): update babel monorepo

    chore(deps): update babel monorepo

    Mend Renovate

    This PR contains the following updates:

    | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | @babel/core (source) | 7.20.5 -> 7.20.12 | age | adoption | passing | confidence | | @babel/plugin-proposal-decorators (source) | 7.20.5 -> 7.20.7 | age | adoption | passing | confidence |

    Release Notes

    babel/babel

    v7.20.12

    Compare Source

    :bug: Bug Fix
    :nail_care: Polish

    v7.20.7

    Compare Source

    :eyeglasses: Spec Compliance
    • babel-helper-member-expression-to-functions, babel-helper-replace-supers, babel-plugin-proposal-class-properties, babel-plugin-transform-classes
    • babel-helpers, babel-plugin-proposal-class-properties, babel-plugin-transform-classes, babel-plugin-transform-object-super
    :bug: Bug Fix
    :nail_care: Polish
    :house: Internal
    • babel-helper-define-map, babel-plugin-transform-property-mutators
    • babel-core, babel-plugin-proposal-class-properties, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-parameters, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-traverse
    :running_woman: Performance

    Configuration

    đź“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

    â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    đź‘» Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

    • [ ] If you want to rebase/retry this PR, check this box

    This PR has been generated by Mend Renovate. View repository job log here.

    opened by renovate[bot] 1
  • chore(deps): update yarn to v3.3.1

    chore(deps): update yarn to v3.3.1

    Mend Renovate

    This PR contains the following updates:

    | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | yarn | 3.3.0 -> 3.3.1 | age | adoption | passing | confidence |

    Release Notes

    yarnpkg/berry

    v3.3.1

    Compare Source

    Configuration

    đź“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

    â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    🔕 Ignore: Close this PR and you won't be reminded about this update again.

    • [ ] If you want to rebase/retry this PR, check this box

    This PR has been generated by Mend Renovate. View repository job log here.

    opened by renovate[bot] 1
Releases(@escape.tech/[email protected])

  • @escape.tech/[email protected](Nov 22, 2022)

    Minor Changes

    • 59626ad: feat(docs): dedicated docs site

      fix(dev): install-dev script mookme init

      chore(deps/example): bump chore(deps/monorepo): bump linters & tools chore(optional-deps/): envelop v3 support chore(optional-deps/): bump apollo-server to 3.11

    Patch Changes

    Source code(tar.gz)
    Source code(zip)

  • @escape.tech/[email protected](Nov 22, 2022)

    Minor Changes

    • 59626ad: feat(docs): dedicated docs site

      fix(dev): install-dev script mookme init

      chore(deps/example): bump chore(deps/monorepo): bump linters & tools chore(optional-deps/): envelop v3 support chore(optional-deps/): bump apollo-server to 3.11

    Source code(tar.gz)
    Source code(zip)

  • @escape.tech/[email protected](Nov 22, 2022)

    Minor Changes

    • 59626ad: feat(docs): dedicated docs site

      fix(dev): install-dev script mookme init

      chore(deps/example): bump chore(deps/monorepo): bump linters & tools chore(optional-deps/): envelop v3 support chore(optional-deps/): bump apollo-server to 3.11

    Source code(tar.gz)
    Source code(zip)

  • @escape.tech/[email protected](Nov 22, 2022)

    Minor Changes

    • 59626ad: feat(docs): dedicated docs site

      fix(dev): install-dev script mookme init

      chore(deps/example): bump chore(deps/monorepo): bump linters & tools chore(optional-deps/): envelop v3 support chore(optional-deps/): bump apollo-server to 3.11

    Source code(tar.gz)
    Source code(zip)

  • @escape.tech/[email protected](Nov 22, 2022)

    Minor Changes

    • 59626ad: feat(docs): dedicated docs site

      fix(dev): install-dev script mookme init

      chore(deps/example): bump chore(deps/monorepo): bump linters & tools chore(optional-deps/): envelop v3 support chore(optional-deps/): bump apollo-server to 3.11

    Source code(tar.gz)
    Source code(zip)

  • @escape.tech/[email protected](Nov 22, 2022)

    Minor Changes

    • 59626ad: feat(docs): dedicated docs site

      fix(dev): install-dev script mookme init

      chore(deps/example): bump chore(deps/monorepo): bump linters & tools chore(optional-deps/): envelop v3 support chore(optional-deps/): bump apollo-server to 3.11

    Source code(tar.gz)
    Source code(zip)

  • @escape.tech/[email protected](Nov 22, 2022)

    Minor Changes

    • 59626ad: feat(docs): dedicated docs site

      fix(dev): install-dev script mookme init

      chore(deps/example): bump chore(deps/monorepo): bump linters & tools chore(optional-deps/): envelop v3 support chore(optional-deps/): bump apollo-server to 3.11

    Source code(tar.gz)
    Source code(zip)

  • @escape.tech/[email protected](Nov 22, 2022)

    Minor Changes

    • 59626ad: feat(docs): dedicated docs site

      fix(dev): install-dev script mookme init

      chore(deps/example): bump chore(deps/monorepo): bump linters & tools chore(optional-deps/): envelop v3 support chore(optional-deps/): bump apollo-server to 3.11

    Source code(tar.gz)
    Source code(zip)

  • @escape.tech/[email protected](Nov 22, 2022)

    Minor Changes

    • 59626ad: feat(docs): dedicated docs site

      fix(dev): install-dev script mookme init

      chore(deps/example): bump chore(deps/monorepo): bump linters & tools chore(optional-deps/): envelop v3 support chore(optional-deps/): bump apollo-server to 3.11

    Source code(tar.gz)
    Source code(zip)

  • @escape.tech/[email protected](Oct 10, 2022)

    Minor Changes

    • 3b204b6: refactor(apollo): throwOnRejection #220

      • throwOnRejection became propagateOnRejection.

      • Apollo will now report to context by default. Errors might be very verbose but this is the best way to handle it until Apollo Server 4 is released. If you want to still throw errors, you can use the onReject callback, however, you will need to handle the HTTP 500 afterwards yourself.

    Patch Changes

    Source code(tar.gz)
    Source code(zip)

  • @escape.tech/[email protected](Oct 10, 2022)

    Minor Changes

    • 3b204b6: refactor(apollo): throwOnRejection #220

      • throwOnRejection became propagateOnRejection.

      • Apollo will now report to context by default. Errors might be very verbose but this is the best way to handle it until Apollo Server 4 is released. If you want to still throw errors, you can use the onReject callback, however, you will need to handle the HTTP 500 afterwards yourself.

    Source code(tar.gz)
    Source code(zip)

  • @escape.tech/[email protected](Oct 10, 2022)

    Minor Changes

    • 3b204b6: refactor(apollo): throwOnRejection #220

      • throwOnRejection became propagateOnRejection.

      • Apollo will now report to context by default. Errors might be very verbose but this is the best way to handle it until Apollo Server 4 is released. If you want to still throw errors, you can use the onReject callback, however, you will need to handle the HTTP 500 afterwards yourself.

    Source code(tar.gz)
    Source code(zip)

  • @escape.tech/[email protected](Oct 10, 2022)

    Minor Changes

    • 3b204b6: refactor(apollo): throwOnRejection #220

      • throwOnRejection became propagateOnRejection.

      • Apollo will now report to context by default. Errors might be very verbose but this is the best way to handle it until Apollo Server 4 is released. If you want to still throw errors, you can use the onReject callback, however, you will need to handle the HTTP 500 afterwards yourself.

    Source code(tar.gz)
    Source code(zip)

  • @escape.tech/[email protected](Oct 10, 2022)

    Minor Changes

    • 3b204b6: refactor(apollo): throwOnRejection #220

      • throwOnRejection became propagateOnRejection.

      • Apollo will now report to context by default. Errors might be very verbose but this is the best way to handle it until Apollo Server 4 is released. If you want to still throw errors, you can use the onReject callback, however, you will need to handle the HTTP 500 afterwards yourself.

    Source code(tar.gz)
    Source code(zip)

  • @escape.tech/[email protected](Oct 10, 2022)

    Minor Changes

    • 3b204b6: refactor(apollo): throwOnRejection #220

      • throwOnRejection became propagateOnRejection.

      • Apollo will now report to context by default. Errors might be very verbose but this is the best way to handle it until Apollo Server 4 is released. If you want to still throw errors, you can use the onReject callback, however, you will need to handle the HTTP 500 afterwards yourself.

    Source code(tar.gz)
    Source code(zip)

  • @escape.tech/[email protected](Oct 10, 2022)

    Minor Changes

    • 3b204b6: refactor(apollo): throwOnRejection #220

      • throwOnRejection became propagateOnRejection.

      • Apollo will now report to context by default. Errors might be very verbose but this is the best way to handle it until Apollo Server 4 is released. If you want to still throw errors, you can use the onReject callback, however, you will need to handle the HTTP 500 afterwards yourself.

    Source code(tar.gz)
    Source code(zip)

  • @escape.tech/[email protected](Oct 10, 2022)

    Minor Changes

    • 3b204b6: refactor(apollo): throwOnRejection #220

      • throwOnRejection became propagateOnRejection.

      • Apollo will now report to context by default. Errors might be very verbose but this is the best way to handle it until Apollo Server 4 is released. If you want to still throw errors, you can use the onReject callback, however, you will need to handle the HTTP 500 afterwards yourself.

    Source code(tar.gz)
    Source code(zip)

  • @escape.tech/[email protected](Sep 30, 2022)

  • @escape.tech/[email protected](Sep 30, 2022)

  • @escape.tech/[email protected](Sep 30, 2022)

  • @escape.tech/[email protected](Sep 29, 2022)

    Minor Changes

    • c16a2bb: v1.3.0

      • Feat(plugins)/provide-custom-configuration-callbacks #162
      • Refactor(apollo): changed protection default behavior to contextual report #191
      • Chore(deps): new types packages (@escape.tech/graphql-armor-types)
      • Chore(deps): updated devDependencies

    Patch Changes

    Source code(tar.gz)
    Source code(zip)

  • @escape.tech/[email protected](Sep 29, 2022)

    Minor Changes

    • c16a2bb: Created a new package dedicated to typing

    • c16a2bb: Feat(plugins)/provide-custom-configuration-callbacks

      {
  onAccept: [],
  onReject: [],
  throwRejection: bool,
}

      • Granted the ability to choose whenever you want to throw or not.

      • Introduced callbacks that can be runned before reject the query, for observability purposes.

      • added devDependencies to @escape.tech/graphql-armor-types

    Source code(tar.gz)
    Source code(zip)

  • @escape.tech/[email protected](Sep 29, 2022)

    Minor Changes

    • c16a2bb: Feat(plugins)/provide-custom-configuration-callbacks

      {
  onAccept: [],
  onReject: [],
  throwRejection: bool,
}

      • Granted the ability to choose whenever you want to throw or not.

      • Introduced callbacks that can be runned before reject the query, for observability purposes.

      • added devDependencies to @escape.tech/graphql-armor-types

    Source code(tar.gz)
    Source code(zip)

  • @escape.tech/[email protected](Sep 29, 2022)

    Minor Changes

    • c16a2bb: Feat(plugins)/provide-custom-configuration-callbacks

      {
  onAccept: [],
  onReject: [],
  throwRejection: bool,
}

      • Granted the ability to choose whenever you want to throw or not.

      • Introduced callbacks that can be runned before reject the query, for observability purposes.

      • added devDependencies to @escape.tech/graphql-armor-types

    Source code(tar.gz)
    Source code(zip)

  • @escape.tech/[email protected](Sep 29, 2022)

    Minor Changes

    • c16a2bb: Feat(plugins)/provide-custom-configuration-callbacks

      {
  onAccept: [],
  onReject: [],
  throwRejection: bool,
}

      • Granted the ability to choose whenever you want to throw or not.

      • Introduced callbacks that can be runned before reject the query, for observability purposes.

      • added devDependencies to @escape.tech/graphql-armor-types

    Source code(tar.gz)
    Source code(zip)

  • @escape.tech/[email protected](Sep 29, 2022)

    Minor Changes

    • c16a2bb: Feat(plugins)/provide-custom-configuration-callbacks

      {
  onAccept: [],
  onReject: [],
  throwRejection: bool,
}

      • Granted the ability to choose whenever you want to throw or not.

      • Introduced callbacks that can be runned before reject the query, for observability purposes.

      • added devDependencies to @escape.tech/graphql-armor-types

    Source code(tar.gz)
    Source code(zip)

  • @escape.tech/[email protected](Sep 29, 2022)

    Minor Changes

    • c16a2bb: Feat(plugins)/provide-custom-configuration-callbacks

      {
  onAccept: [],
  onReject: [],
  throwRejection: bool,
}

      • Granted the ability to choose whenever you want to throw or not.

      • Introduced callbacks that can be runned before reject the query, for observability purposes.

      • added devDependencies to @escape.tech/graphql-armor-types

    Source code(tar.gz)
    Source code(zip)

  • @escape.tech/[email protected](Sep 29, 2022)

    Minor Changes

    • c16a2bb: Feat(plugins)/provide-custom-configuration-callbacks

      {
  onAccept: [],
  onReject: [],
  throwRejection: bool,
}

      • Granted the ability to choose whenever you want to throw or not.

      • Introduced callbacks that can be runned before reject the query, for observability purposes.

      • added devDependencies to @escape.tech/graphql-armor-types

    Source code(tar.gz)
    Source code(zip)

  • @escape.tech/[email protected](Sep 28, 2022)

  • @escape.tech/[email protected](Sep 28, 2022)

    Patch Changes

    • feaaf34: chore(deps):

      • Drop peerDependencies in favor of optionalDependencies.
      • GraphQL JS has been fixed to v16.6.0 in devDependencies and examples.
    Source code(tar.gz)
    Source code(zip)
Owner
Escape – GraphQL Security
Never worry about your GraphQL Security again
Escape – GraphQL Security
GitHub https://www.npmjs.com/package/@escape.tech/graphql-armor
remix + type-graphql + envelop + helix + urql

Remix GraphQL Example What is it? GraphQL schema is defined using type-graphql and then used in remix loaders through urql client (with exchange-execu

Paul Chavard 6 May 25, 2022
GraphQL-first boilerplate that scales with TypeScript + Node Express + Apollo GraphQL APIs.

graphql-typescript-boilerplate A boilerplate project for quickly building Graphql APIs and with typescript ?? Installation Install the dependencies: y

Youssef Hajjari 6 May 15, 2022
next-graphql-server is a library for building production-grade GraphQL servers using Next.js with API Routes

next-graphql-server next-graphql-server is an easy to use Next.js library for creating performant GraphQL endpoints on top of Next.js API Routes. Star

Jakub Neander 82 Nov 21, 2022
LunaSec - Open Source Security Software built by Security Engineers. Scan your dependencies for Log4Shell, or add Data Tokenization to prevent data leaks. Try our live Tokenizer demo: https://app.lunasec.dev

Our Software We're a team of Security Engineers on a mission to make awesome Open Source Application Security tooling. It all lives in this repo. Here

LunaSec 1.2k Jan 7, 2023
Grupprojekt för kurserna 'Javascript med Ramverk' och 'Agil Utveckling'

JavaScript-med-Ramverk-Laboration-3 Grupprojektet för kurserna Javascript med Ramverk och Agil Utveckling. Utvecklingsguide För information om hur utv

Svante Jonsson IT-Högskolan 3 May 18, 2022
Hemsida för personer i Sverige som kan och vill erbjuda boende till människor på flykt

Getting Started with Create React App This project was bootstrapped with Create React App. Available Scripts In the project directory, you can run: np

null 4 May 3, 2022
Kurs-repo för kursen Webbserver och Databaser

Webbserver och databaser This repository is meant for CME students to access exercises and codealongs that happen throughout the course. I hope you wi

null 14 Jan 3, 2023
Create a maintainable and scalable Node.js GraphQL API with TypeScript, Express, Mongoose and Apollo Server.

Set up and build a Node.js GraphQL API using Typescript, Express, Mongoose with a maintainable and scalable structure

Adam Khomsi 7 Nov 4, 2022
A Serverless GraphQL Sample project using Apollo and Serverless Framework with TypeScript and Webpack.

Serverless GraphQL Boilerplate This is a base project with a structure that includes Serverless Framework, Apollo, TypeScript and Webpack. It can be d

Ravi Souza 5 Aug 23, 2022
A simple to-do list application that helps to organize your daily tasks and keep track of the task you have completed and the task you are yet to have completed, and also deleting the completed task leaving those yet to be completed.

To-Do-List A To-Do-List App helps users to get their task cordinated and organised. This project is from microverse javascript curriculum which tests

zieeco 12 Jul 8, 2022
This simple library allows you to create awesome responsive and highly customizable popups importing just one JavaScript file.

Creativa - Popup This is a simple library that allows you to create awesome popups importing just one JavaScript file. Getting started You can import

Eduardo Mollo 5 Mar 29, 2022
Type Identity - a powerful and highly customizable authentication and authrozation and access-control framework

Type Identity is a powerful and highly customizable authentication and authrozation and access-control framework. It is the de-facto standard for securing Type Script api beta release

Saeed Mohammed Al-abidi 2 Jan 1, 2023
`raaghu-mfe` is an opensource micro front end framework built on top of `raaghu-elements`, Bootstrap 5 and Storybook offering highly customizable UI components and built-in pages

`raaghu-mfe` is an opensource micro front end framework built on top of `raaghu-elements`, Bootstrap 5 and Storybook offering highly customizable UI components and built-in pages. Raaghu mfe can be used as a base to build complex components and UI layouts whilst maintaining a high level of reusability,flexibility with ease of maintenance.

Wai Technologies 160 Dec 30, 2022
Highly customizable checkboxes and radio buttons (jQuery & Zepto)

iCheck plugin 1.0.3 Highly customizable checkboxes and radio buttons for jQuery and Zepto. Refer to the iCheck website for examples. Note: iCheck v2.0

Dar Gullin 7.4k Dec 25, 2022
Highly customizable checkboxes and radio buttons (jQuery & Zepto)

iCheck plugin 1.0.3 Highly customizable checkboxes and radio buttons for jQuery and Zepto. Refer to the iCheck website for examples. Note: iCheck v2.0

Dar Gullin 7.5k Aug 24, 2022
A highly customizable homepage (or startpage / application dashboard) with Docker and service API integrations.

Features Web Bookmarks Service Bookmarks Docker Integration Status light + CPU, Memory & Network Reporting (click on the status light) Service Integra

Ben Phelps 3.5k Dec 30, 2022
jQuery easy ticker is a news ticker like plugin, which scrolls the list infinitely. It is highly customizable, flexible with lot of features and works in all browsers.

jQuery Easy Ticker plugin jQuery easy ticker is a news ticker like plugin which scrolls a list infinitely. It is highly customizable, flexible with lo

Aakash Chakravarthy 208 Dec 20, 2022
A beautiful, responsive, highly customizable and accessible replacement for JavaScript's popup boxes. Zero dependencies.Alerts ,dialogs

AsgarAlert (v1) for JS Install <script defer src="/asgar-alert.js"></script> Examples The most basic message: asgar("Hello world!"); A message signali

Asgar Aliyev 5 Dec 20, 2022
A highly customizable platform ready to be a portfolio website, and become a lot more with some of your own components

Vextra Elegant and animated portfolio website. Demo: vextra.vercel.app Vextra is a portfolio template, packed with animations with a satisfying flow t

null 3 Sep 19, 2022