graphql-multipart-request-spec
Faker.js
graphql-multipart-request-spec | Faker.js | |
---|---|---|
11 | 66 | |
981 | 1,569 | |
- | - | |
1.5 | 1.7 | |
about 1 month ago | over 2 years ago | |
JavaScript | ||
- | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
graphql-multipart-request-spec
-
How can I upload a file in the GraphQL PLayground?
The GraphQL specification itself doesn't natively support file uploads, so the solution typically involves using extensions or additional libraries. The easiest and most straightforward way is by converting the file to Base64 before sending it to the server, you can include it as a string in the GraphQL request. This offcourse has a downside, it can increase the payload size, so it may not be the most efficient solution for large files. Other options that involve using extensions or additional libraries are using GraphQL multipart request specification and Apollo Server with Apollo Upload Client
-
GraphQL - From Excitement to Deception
Also, we manage to upload files via GraphQL just fine. Turns out nothing prevents you from putting a GraphQL query in a multipart form. Frameworks support this just fine, and if not, just write your own middleware, it's not even that hard.
-
Is it possible to pass CSV data to a mutation as an input parameter?
There is a specification (and implementation) for sending files through GraphQL. https://github.com/jaydenseric/graphql-multipart-request-spec
-
Forging GraphQL Bombs, the 2022 version of Zip Bombs
We figured out that it was possible to reference a file several times by implementing the reference spec (https://github.com/jaydenseric/graphql-multipart-request-spec) for both a client and a server. We have no record of this vulnerability used in the wild, but we know for sure that a lot of popular projects on GitHub are vulnerable.
The GraphQL multipart specification describes how to implement file uploads in GraphQL. While usual GraphQL queries are sent as application/json, file uploads are sent as multipart/form-data. This means that the HTTP request body has multiple parts, and their functions, described in the specification, can be summarized as follows:
-
How to set file data in GraphQL variables?
Hey, graphql-upload works on top of the graphql-multipart-request-spec, of which you can find the specification here.
-
How to Upload a file to GraphQL with VanillaJS
In this article you will learn the widely accepted method of implementing file upload which is becoming increasingly popular in new apps. The technique follows the specification by @jaydenseric.
-
Announcing GraphQL Yoga 2.0!
GraphQL-Multipart-Request: enables great file upload support.
-
GraphQL Tools V8 - Stitch Federation Services
Multipart File Uploads ✔️
-
The Stack #3
One important thing which GraphQL Spec did not discuss about is a way to transmit files over the wire when using GraphQL. This is where GraphQL Upload comes in. While not an official spec from GraphQL foundation, Jayden had done a great job to put together a multi part spec to address exactly this problem.
Faker.js
-
JavaScript News and Updates of January 2022
Early this month, the malicious attack on free-to-use libraries, namely color.js and faker.js, created a real uproar in the development community. These tools are used in thousands of projects and their downloading rate from npm is estimated in millions per week. To everyone’s surprise, it turned out to be an inside job. Marak Squires, the creator of these libraries, intentionally committed malicious code to his projects and published updated codebases on GitHub and npm. It is said that this sabotage was caused by unsuccessful attempts of Mr. Squires to monetize his projects. Fortunately, malicious packages were quickly removed and the attacker’s account was suspended. The story sparked a new wave of discussion in the development community on possible steps to make the development and maintenance of open-source projects more sustainable.
-
Unofficial Faker.js fork positions itself as official successor and assumes name and Open Collective sponsors
For anyone else curious about the allusion to Aaron Swartz, it can be found here and reads (as of posting):
-
This is not normal.
Sorry little boy--- I needed to update my LinkedIn profile, hire a professional to write my resume and photograph me, and work on an open-source project no one will use (or worse- work on something everyone uses)"
-
Is there something wrong with OpenSource model?
So people, I've been reading the news regarding some great packages on GitHub, like the Colors and the Faker. I understand that this isn't related entirely with the linux community, but it is something that we should pay attention.
-
Re: the faker.js debacle: A daily reminder that htmx & hyperscript are dependency free
A developer appears to have purposefully corrupted a pair of open-source libraries on GitHub and software registry npm — “faker.js” and “colors.js” — that thousands of users depend on, rendering any project that contains these libraries useless, as reported by Bleeping Computer.
-
Open source developer corrupts widely-used libraries, affecting tons of projects
I mean he also maliciously changed all of the links on a faker.js issue to point to conspiracy theories (which I am pretty sure is against Github's TOS): https://github.com/Marak/faker.js/pull/2
- What happened with fakerjs
-
The EndGame - Fakerjs
About Four (4) Days Ago, the Author of Fakerjs a popular JavaScript library with more than 2 million weekly Download from NPM Deleted the repository and replaced it with one that only has the modified ReadMe "What really happened with Aaron Swartz?" and no content, and pushed an empty package to npm as the latest version (6.6.6).
- Marak, creator of faker.js who recently deleted the project due to lack of funding and abuse of open source projects/developers pushed some strange Anti American update which has an infinite loop
- Marak adds infinite loop test to popular colors.js
What are some alternatives?
graphql-tools - :wrench: Utility library for GraphQL to build, stitch and mock GraphQL schemas in the SDL-first approach
jest-playwright - Running tests using Jest & Playwright
altair - ✨⚡️ A beautiful feature-rich GraphQL Client for all platforms.
simplecrawler - Flexible event driven crawler for node.
apollo-server - 🌍 Spec-compliant and production ready JavaScript GraphQL server that lets you develop in a schema-first way. Built for Express, Connect, Hapi, Koa, and more.
casual - Fake data generator for javascript
graphiql - GraphiQL & the GraphQL LSP Reference Ecosystem for building browser & IDE tools.
fake-store-api - FakeStoreAPI is a free online REST API that provides you fake e-commerce JSON data
graphql-live-query - Realtime GraphQL Live Queries with JavaScript
Electron - :electron: Build cross-platform desktop apps with JavaScript, HTML, and CSS
insomnia - The open-source, cross-platform API client for GraphQL, REST, WebSockets, SSE and gRPC. With Cloud, Local and Git storage.
msw - Seamless REST/GraphQL API mocking library for browser and Node.js.