graphql-query-complexity
crystal
graphql-query-complexity | crystal | |
---|---|---|
4 | 28 | |
681 | 12,413 | |
0.1% | 0.2% | |
0.0 | 9.9 | |
7 months ago | 6 days ago | |
TypeScript | TypeScript | |
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
graphql-query-complexity
-
Migrating Netflix to GraphQL Safely
https://github.com/slicknode/graphql-query-complexity
In addition you could introduce CI tools to enforce your devs stop writing such complex queries. Also see the @skip and @include directives that can further be used to control what data is queried. In practice, however, this isn't something that comes up too much. In cases where I have seen this happen, it's usually because a developer is trying to reuse fragments without considering what data they are querying, and whether they should be reusing those fragments.
https://graphql.org/learn/queries/#fragments
-
GraphQL DoS amount-attack "breadth"
very cool! I was looking at https://github.com/slicknode/graphql-query-complexity
-
Preventing GraphQL batching attacks
There are a couple of techniques that can be used to prevent this kind of problem one of them is GraphQL Query Complexity Analysis which is, as the name suggests, very complex to implement correctly. It requires analysis of how the graphql API is used, and what queries and mutations are most often called. If you get this wrong, there is a danger of the server denying perfectly valid queries.
-
To GraphQL or not to GraphQL? Pros and Cons
The problem is that those queries are not prevented by commonly available rate limiters. You can send a single request to a GraphQL server that completely overwhelms the servers. To prevent such queries to GraphQL APIs, I wrote graphql-query-complexity, an extensible open-source library that detects such queries and rejects pathological queries before consuming too many resources on the server. You can assign each field a complexity value, and queries that exceed a threshold will be rejected. In Slicknode this protection is added automatically based on the number of nodes that are being returned.
crystal
-
Ask HN: What Underrated Open Source Project Deserves More Recognition?
I didn't see a v5 tag in order to know, and I have no idea what "utils/graphile" does for the project, but one will want to ensure they are aware of its licensing scheme https://github.com/graphile/crystal/blob/db8894c74eb0ec3fe96...
- v4.13.0
-
PostgREST – Serve a RESTful API from Any Postgres Database
I was about to say “but this one is!” and realized I had confused PostgREST with PostGraphile. If you’re interested in GraphQL, you can check out PostGraphile here: https://github.com/graphile/postgraphile
-
Best Orm that uses Graphql and Postgres
If you point is to abstract all the CRUD/GraphQL application, Go isn’t needed. You can go with PostgREST or Postgraphile.
- v4.12.12
-
Ask HN: Locally generate GraphQL schema and resolvers from DB
What do you mean locally? Hasura is OSS, and you can run it locally (you have autogenerated SQL statements) Here you can just use Nhost and its CLI;
Alternatives are https://github.com/graphile/postgraphile or dgraph as you mentioned. Hasura is working on support for sqlite, so you may have some blockers there, you can also look into the Prisma engine which has GQL as an intermediate (for resolvers, for example)
- v4.12.11
-
Supabase (YC S20) raises $80M Series B
I've personally found Postgraphile to be fantastic. Nicer to use than Hasura and fully OSS: https://github.com/graphile/postgraphile/
- v4.12.10
-
GraphQL is now available on Supabase
Hi all, this sounds very cool. How does pg_graphql compare to Postgraphile? https://github.com/graphile/postgraphile (besides I guess running in the DB with PLpgSQL instead of as a NodeJS server)
Did you think about integrating Postgraphile with the Supabase ecosystem or have specific limitations with it?
Thanks!
What are some alternatives?
dataloader - DataLoader is a generic utility to be used as part of your application's data fetching layer to provide a consistent API over various backends and reduce requests to those backends via batching and caching.
Hasura - Blazing fast, instant realtime GraphQL APIs on your DB with fine grained access control, also trigger webhooks on database events.
starter-nextjs-blog - NextJS + Slicknode Headless GraphQL CMS blog starter kit
pg_graphql - GraphQL support for PostgreSQL
graphql-no-batched-queries - Graphql validation to disable batched queries and mutations.
starter - Opinionated SaaS quick-start with pre-built user account and organization system for full-stack application development in React, Node.js, GraphQL and PostgreSQL. Powered by PostGraphile, TypeScript, Apollo Client, Graphile Worker, Graphile Migrate, GraphQL Code Generator, Ant Design and Next.js
analysis-ui - Front-end for Conveyal Analysis. Model and analyze transport scenarios.
supabase - The open source Firebase alternative.
falcor - A JavaScript library for efficient data fetching
supabase-graphql-example - A HackerNews-like clone built with Supabase and pg_graphql
foundation - GraphQL Foundation Charter and Legal Documents
tensei - 🚀 Content management and distribution with a touch of elegance.