Gathering detailed insights and metrics for @graphql-tools/graphql-tag-pluck
Gathering detailed insights and metrics for @graphql-tools/graphql-tag-pluck
🔧 Utility library for GraphQL to build, stitch and mock GraphQL schemas in the SDL-first approach
Installations
npm install @graphql-tools/graphql-tag-pluckScore
82.7
Supply Chain
67.2
Quality
97.7
Maintenance
100
Vulnerability
100
License
Releases
1,428
November 27, 2024
release-1732735109178
Published on 27 Nov 2024
November 22, 2024
release-1732269407946
Published on 22 Nov 2024
November 13, 2024
release-1731509960802
Published on 13 Nov 2024
November 08, 2024
release-1731080717646
Published on 08 Nov 2024
November 01, 2024
release-1730468946128
Published on 01 Nov 2024
October 31, 2024
release-1730380473863
Published on 31 Oct 2024
Developer
Developer Guide
BETA
Module System
ESM
Min. Node Version
>=16.0.0
Typescript Support
No
Node Version
22.11.0
NPM Version
10.9.0
Statistics
5,354 Stars
6,176 Commits
818 Forks
78 Watching
30 Branches
384 Contributors
Updated on 27 Nov 2024
Languages
TypeScript (90.74%)
MDX (8.17%)
JavaScript (1.07%)
Shell (0.02%)
Total Downloads
Cumulative downloads
Total Downloads
465,750,118
Last day
-1.9%
771,321
Compared to previous day
Last week
4.4%
3,960,641
Compared to previous week
Last month
12%
16,248,989
Compared to previous month
Last year
25.4%
170,663,467
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
7
Peer Dependencies
1
Versions
This package provides a few useful ways to create a GraphQL schema:
- Use the GraphQL schema language to generate a schema with full support for resolvers, interfaces, unions, and custom scalars. The schema produced is completely compatible with GraphQL.js.
- Mock your GraphQL API with fine-grained per-type mocking
- Automatically stitch multiple schemas together into one larger API
Documentation
Binding to HTTP
If you want to bind your JavaScript GraphQL schema to an HTTP server, you can use
GraphQL Yoga .
You can develop your JavaScript based GraphQL API with graphql-tools and GraphQL Yoga together:
One to write the schema and resolver code, and the other to connect it to a web server.
Example
When using graphql-tools, you describe the schema as a GraphQL type language string:
1const typeDefs = /* GraphQL */ ` 2 type Author { 3 id: ID! # the ! means that every author object _must_ have an id 4 firstName: String 5 lastName: String 6 """ 7 the list of Posts by this author 8 """ 9 posts: [Post] 10 } 11 12 type Post { 13 id: ID! 14 title: String 15 author: Author 16 votes: Int 17 } 18 19 # the schema allows the following query: 20 type Query { 21 posts: [Post] 22 } 23 24 # this schema allows the following mutation: 25 type Mutation { 26 upvotePost(postId: ID!): Post 27 } 28 29 # we need to tell the server which types represent the root query 30 # and root mutation types. We call them RootQuery and RootMutation by convention. 31 schema { 32 query: Query 33 mutation: Mutation 34 } 35` 36 37export default typeDefs
Then you define resolvers as a nested object that maps type and field names to resolver functions:
1const resolvers = { 2 Query: { 3 posts() { 4 return posts 5 } 6 }, 7 Mutation: { 8 upvotePost(_, { postId }) { 9 const post = find(posts, { id: postId }) 10 if (!post) { 11 throw new Error(`Couldn't find post with id ${postId}`) 12 } 13 post.votes += 1 14 return post 15 } 16 }, 17 Author: { 18 posts(author) { 19 return filter(posts, { authorId: author.id }) 20 } 21 }, 22 Post: { 23 author(post) { 24 return find(authors, { id: post.authorId }) 25 } 26 } 27} 28 29export default resolvers
At the end, the schema and resolvers are combined using makeExecutableSchema:
1import { makeExecutableSchema } from '@graphql-tools/schema' 2 3const executableSchema = makeExecutableSchema({ 4 typeDefs, 5 resolvers 6})
GraphQL-Tools schema can be consumed by frameworks like GraphQL Yoga, Apollo GraphQL or express-graphql For example in Node.js;
1const { createYoga } = require('graphql-yoga') 2const { createServer } = require('http') 3 4const yoga = createYoga({ 5 schema: executableSchema 6}) 7 8const server = createServer(yoga) 9 10server.listen(4000, () => { 11 console.log('Yoga is listening at http://localhost:4000/graphql') 12})
You can check GraphQL Yoga for other JavaScript platforms and frameworks besides vanilla Node.js HTTP.
This example has the entire type definition in one string and all resolvers in one file, but you can combine types and resolvers from multiple files and objects, as documented in the modularizing type definitions and merging resolvers section of the docs.
Contributions
Contributions, issues and feature requests are very welcome. If you are using this package and fixed a bug for yourself, please consider submitting a PR!
And if this is your first time contributing to this project, please do read our Contributor Workflow Guide before you get started off.
Code of Conduct
Help us keep GraphQL Tools open and inclusive. Please read and follow our Code of Conduct as adopted from Contributor Covenant
Maintainers
No vulnerabilities found.
Reason
30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
1 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Reason
dependency not pinned by hash detected -- score normalized to 1
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/ardatan/graphql-tools/tests.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/ardatan/graphql-tools/tests.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/ardatan/graphql-tools/tests.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/ardatan/graphql-tools/tests.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/ardatan/graphql-tools/tests.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/ardatan/graphql-tools/tests.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:138: update your workflow using https://app.stepsecurity.io/secureworkflow/ardatan/graphql-tools/tests.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:142: update your workflow using https://app.stepsecurity.io/secureworkflow/ardatan/graphql-tools/tests.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/ardatan/graphql-tools/tests.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/website.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/ardatan/graphql-tools/website.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/website.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/ardatan/graphql-tools/website.yml/master?enable=pin
- Info: 6 out of 7 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 10 third-party GitHubAction dependencies pinned
Reason
Found 1/21 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr.yml:16
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:10
- Warn: no topLevel permission defined: .github/workflows/pr.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Warn: no topLevel permission defined: .github/workflows/tests.yml:1
- Warn: no topLevel permission defined: .github/workflows/website.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 28 are checked with a SAST tool
Score
5.5
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More