graphql-query-complexity
graphql-spec
graphql-query-complexity | graphql-spec | |
---|---|---|
4 | 37 | |
681 | 14,230 | |
0.1% | 0.2% | |
0.0 | 5.8 | |
7 months ago | 29 days ago | |
TypeScript | Shell | |
MIT License | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
graphql-query-complexity
-
Migrating Netflix to GraphQL Safely
https://github.com/slicknode/graphql-query-complexity
In addition you could introduce CI tools to enforce your devs stop writing such complex queries. Also see the @skip and @include directives that can further be used to control what data is queried. In practice, however, this isn't something that comes up too much. In cases where I have seen this happen, it's usually because a developer is trying to reuse fragments without considering what data they are querying, and whether they should be reusing those fragments.
https://graphql.org/learn/queries/#fragments
-
GraphQL DoS amount-attack "breadth"
very cool! I was looking at https://github.com/slicknode/graphql-query-complexity
-
Preventing GraphQL batching attacks
There are a couple of techniques that can be used to prevent this kind of problem one of them is GraphQL Query Complexity Analysis which is, as the name suggests, very complex to implement correctly. It requires analysis of how the graphql API is used, and what queries and mutations are most often called. If you get this wrong, there is a danger of the server denying perfectly valid queries.
-
To GraphQL or not to GraphQL? Pros and Cons
The problem is that those queries are not prevented by commonly available rate limiters. You can send a single request to a GraphQL server that completely overwhelms the servers. To prevent such queries to GraphQL APIs, I wrote graphql-query-complexity, an extensible open-source library that detects such queries and rejects pathological queries before consuming too many resources on the server. You can assign each field a complexity value, and queries that exceed a threshold will be rejected. In Slicknode this protection is added automatically based on the number of nodes that are being returned.
graphql-spec
-
Show HN: REST Alternative to GraphQL and tRPC
GraphQL's first draft release was 8 years ago. [1]
It's first non-draft release was 5 years ago. [2]
It's first release under a community foundation was 2 years ago. [3]
[1] https://spec.graphql.org/July2015/
[2] https://github.com/graphql/graphql-spec/releases/tag/June201...
[3] https://github.com/graphql/graphql-spec/releases/tag/October...
-
Intro to PostGraphile V5 (Part 3): Introspection and Abstraction
I'm a big believer in GraphQL (in fact, at time of writing I'm #2 contributor to the GraphQL spec itself) so it pains me that a tool I built doesn't always have easy ways to achieve the "versionless schema" design that GraphQL encourages when it comes to making significant breaking changes to your underlying database tables. (Personally, I think you should aim for your database schema itself to be versionless, but this is not always possible.) Of course you can build your PostGraphile schema over views instead of tables, but views have their own problems that I won't go into here…
-
Migrating Netflix to GraphQL Safely
I created a proposal for Map type but didn’t make it through.
https://github.com/graphql/graphql-spec/pull/888
The issue with GraphQL is it tries to appease too many masters.
Similar to jsx. The language isn’t evolving.
The good thing is the spec is (almost) frozen, so there’s many implementations, the bad is it can encompass the flexibility of json schema can do.
-
GraphQL Live Queries with live directive
Longer thread - Subscriptions RFC: Are Subscriptions and Live Queries the same thing?
https://github.com/graphql/graphql-spec/issues/284
-
Ask HN: Tutorials Written with Heavy Dependencies
You’ve probably figured it out by now, but for others who may be in a similar position; GraphQL is a specification (with various implementations) and you can read up on the spec here: https://spec.graphql.org/
-
GraphQL object schemas - how to represent (and query?) Graph (hierarchical objects) in GraphQL?
If you're asking whether GraphQL supports anonymous objects that can be arbitrarily nested then no, it doesn't.
- Union for an input to a mutation arg
-
Thanks graphql, I hate it.
show this feature request some love https://github.com/graphql/graphql-spec/issues/174
-
Deprecation Notice: GraphQL for Packages
* Performance: It's just hard to track down what makes an operation slow. The waterfall nature of resolvers is a big contributor
[1] https://github.com/graphql/graphql-spec/issues/488
-
GraphQL error handling to the max with Typescript, codegen and fp-ts
:::note GraphQL Union is available for Types only, not for Inputs. However, the oneOf directive will bridge the gap in the future.
What are some alternatives?
dataloader - DataLoader is a generic utility to be used as part of your application's data fetching layer to provide a consistent API over various backends and reduce requests to those backends via batching and caching.
apollo-server - 🌍 Spec-compliant and production ready JavaScript GraphQL server that lets you develop in a schema-first way. Built for Express, Connect, Hapi, Koa, and more.
starter-nextjs-blog - NextJS + Slicknode Headless GraphQL CMS blog starter kit
Hasura - Blazing fast, instant realtime GraphQL APIs on your DB with fine grained access control, also trigger webhooks on database events.
crystal - 🔮 Graphile's Crystal Monorepo; home to Grafast, PostGraphile, pg-introspection, pg-sql2 and much more!
graphql-ws - Coherent, zero-dependency, lazy, simple, GraphQL over WebSocket Protocol compliant server and client.
graphql-no-batched-queries - Graphql validation to disable batched queries and mutations.
Neo4j - Graphs for Everyone
analysis-ui - Front-end for Conveyal Analysis. Model and analyze transport scenarios.
graphql-shield - 🛡 A GraphQL tool to ease the creation of permission layer.
falcor - A JavaScript library for efficient data fetching
gRPC - The C based gRPC (C++, Python, Ruby, Objective-C, PHP, C#)