The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Graphql-query-complexity Alternatives
Similar projects and alternatives to graphql-query-complexity
-
dataloader
DataLoader is a generic utility to be used as part of your application's data fetching layer to provide a consistent API over various backends and reduce requests to those backends via batching and caching.
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
-
graphql-armor
🛡️ The missing GraphQL security security layer for Apollo GraphQL and Yoga / Envelop servers 🛡️
-
apollo-android
:robot: A strongly-typed, caching GraphQL client for the JVM, Android, and Kotlin multiplatform.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
crystal
🔮 Graphile's Crystal Monorepo; home to Grafast, PostGraphile, pg-introspection, pg-sql2 and much more! (by graphile)
-
graphql-no-alias
No alias directive for graphql mutation and query types. It can limit the amount of alias fields that can be used for queries and mutations, preventing batch attacks.
graphql-query-complexity reviews and mentions
-
Migrating Netflix to GraphQL Safely
https://github.com/slicknode/graphql-query-complexity
In addition you could introduce CI tools to enforce your devs stop writing such complex queries. Also see the @skip and @include directives that can further be used to control what data is queried. In practice, however, this isn't something that comes up too much. In cases where I have seen this happen, it's usually because a developer is trying to reuse fragments without considering what data they are querying, and whether they should be reusing those fragments.
https://graphql.org/learn/queries/#fragments
-
GraphQL DoS amount-attack "breadth"
very cool! I was looking at https://github.com/slicknode/graphql-query-complexity
-
Preventing GraphQL batching attacks
There are a couple of techniques that can be used to prevent this kind of problem one of them is GraphQL Query Complexity Analysis which is, as the name suggests, very complex to implement correctly. It requires analysis of how the graphql API is used, and what queries and mutations are most often called. If you get this wrong, there is a danger of the server denying perfectly valid queries.
-
To GraphQL or not to GraphQL? Pros and Cons
The problem is that those queries are not prevented by commonly available rate limiters. You can send a single request to a GraphQL server that completely overwhelms the servers. To prevent such queries to GraphQL APIs, I wrote graphql-query-complexity, an extensible open-source library that detects such queries and rejects pathological queries before consuming too many resources on the server. You can assign each field a complexity value, and queries that exceed a threshold will be rejected. In Slicknode this protection is added automatically based on the number of nodes that are being returned.
-
A note from our sponsor - WorkOS
workos.com | 26 Apr 2024
Stats
slicknode/graphql-query-complexity is an open source project licensed under MIT License which is an OSI approved license.
The primary programming language of graphql-query-complexity is TypeScript.
Popular Comparisons
- graphql-query-complexity VS dataloader
- graphql-query-complexity VS starter-nextjs-blog
- graphql-query-complexity VS crystal
- graphql-query-complexity VS graphql-no-batched-queries
- graphql-query-complexity VS analysis-ui
- graphql-query-complexity VS falcor
- graphql-query-complexity VS foundation
- graphql-query-complexity VS graphql-no-alias
- graphql-query-complexity VS graphql-armor
Sponsored