npmpackage.info

Gathering detailed insights and metrics for graphql

Other packages similar to graphql

@opentelemetry/instrumentation-graphql

0.45.0

OpenTelemetry instrumentation for `graphql` gql query language and runtime for GraphQL

@graphql-tools/graphql-tag-pluck

8.3.6

Pluck graphql-tag template literals

@octokit/graphql

8.1.1

GitHub GraphQL API client for browsers and Node

@graphql-tools/documents

1.0.1

Utilities for GraphQL documents.

Gathering detailed insights and metrics for graphql

graphql

A reference implementation of GraphQL for JavaScript

16.9.0

20,100

MIT

TypeScript

41.04 kB

2,210,131,196 5.6

Installations

npm install graphql

Score

99.4

Supply Chain

100

Quality

98.6

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

65

Total

3,030

Closed

513

Merged

2,452

Issues

Open

86

Total

1,141

Closed

1,055

Releases

155

v17.0.0-alpha.7

Published on 14 Aug 2024

v15.9.0

Published on 21 Jun 2024

v16.9.0

Published on 21 Jun 2024

v17.0.0-alpha.5

Published on 21 Jun 2024

v17.0.0-alpha.4

Published on 21 Jun 2024

v16.8.2

Published on 12 Jun 2024

View all 155 releases

Developer

graphql

Developer Guide

BETA

Module System

CommonJS

Min. Node Version

^12.22.0 || ^14.16.0 || ^16.0.0 || >=17.0.0

Typescript Support

Yes

Node Version

20.11.1

NPM Version

10.2.4 Statistics

20,100 Stars

3,188 Commits

2,027 Forks

399 Watching

31 Branches

195 Contributors

Updated on 27 Nov 2024

Bundle Size

170.18 kB

Minified

41.04 kB

Minified + Gzipped

Bundlephobia

Languages

TypeScript (92.46%)

MDX (4.59%)

JavaScript (2.45%)

CSS (0.42%)

Shell (0.07%)

Total Downloads

Cumulative downloads

Total Downloads

2,210,131,196

Last day

-8.7%

2,583,866

Compared to previous day

Last week

0.9%

14,698,093

Compared to previous week

Last month

9.2%

62,029,797

Compared to previous month

Last year

16.7%

634,642,612

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

No dependencies detected.

Versions

GraphQL.js

The JavaScript reference implementation for GraphQL, a query language for APIs created by Facebook.

See more complete documentation at https://graphql.org/ and https://graphql.org/graphql-js/.

Looking for help? Find resources from the community.

Getting Started

A general overview of GraphQL is available in the README for the Specification for GraphQL. That overview describes a simple set of GraphQL examples that exist as tests in this repository. A good way to get started with this repository is to walk through that README and the corresponding tests in parallel.

Using GraphQL.js

Install GraphQL.js from npm

With npm:

1npm install --save graphql

or using yarn:

1yarn add graphql

GraphQL.js provides two important capabilities: building a type schema and serving queries against that type schema.

First, build a GraphQL type schema which maps to your codebase.

1import {
2  graphql,
3  GraphQLSchema,
4  GraphQLObjectType,
5  GraphQLString,
6} from 'graphql';
7
8var schema = new GraphQLSchema({
9  query: new GraphQLObjectType({
10    name: 'RootQueryType',
11    fields: {
12      hello: {
13        type: GraphQLString,
14        resolve() {
15          return 'world';
16        },
17      },
18    },
19  }),
20});

This defines a simple schema, with one type and one field, that resolves to a fixed value. The resolve function can return a value, a promise, or an array of promises. A more complex example is included in the top-level tests directory.

Then, serve the result of a query against that type schema.

1var source = '{ hello }';
2
3graphql({ schema, source }).then((result) => {
4  // Prints
5  // {
6  //   data: { hello: "world" }
7  // }
8  console.log(result);
9});

This runs a query fetching the one field defined. The graphql function will first ensure the query is syntactically and semantically valid before executing it, reporting errors otherwise.

1var source = '{ BoyHowdy }';
2
3graphql({ schema, source }).then((result) => {
4  // Prints
5  // {
6  //   errors: [
7  //     { message: 'Cannot query field BoyHowdy on RootQueryType',
8  //       locations: [ { line: 1, column: 3 } ] }
9  //   ]
10  // }
11  console.log(result);
12});

Note: Please don't forget to set NODE_ENV=production if you are running a production server. It will disable some checks that can be useful during development but will significantly improve performance.

Want to ride the bleeding edge?

The npm branch in this repository is automatically maintained to be the last commit to main to pass all tests, in the same form found on npm. It is recommended to use builds deployed to npm for many reasons, but if you want to use the latest not-yet-released version of graphql-js, you can do so by depending directly on this branch:

npm install graphql@git://github.com/graphql/graphql-js.git#npm

Experimental features

Each release of GraphQL.js will be accompanied by an experimental release containing support for the @defer and @stream directive proposal. We are hoping to get community feedback on these releases before the proposal is accepted into the GraphQL specification. You can use this experimental release of GraphQL.js by adding the following to your project's package.json file.

"graphql": "experimental-stream-defer"

Community feedback on this experimental release is much appreciated and can be provided on the issue created for this purpose.

Using in a Browser

GraphQL.js is a general-purpose library and can be used both in a Node server and in the browser. As an example, the GraphiQL tool is built with GraphQL.js!

Building a project using GraphQL.js with webpack or rollup should just work and only include the portions of the library you use. This works because GraphQL.js is distributed with both CommonJS (require()) and ESModule (import) files. Ensure that any custom build configurations look for .mjs files!

Contributing

We actively welcome pull requests. Learn how to contribute.

This repository is managed by EasyCLA. Project participants must sign the free (GraphQL Specification Membership agreement before making a contribution. You only need to do this one time, and it can be signed by individual contributors or their employers.

To initiate the signature process please open a PR against this repo. The EasyCLA bot will block the merge if we still need a membership agreement from you.

You can find detailed information here. If you have issues, please email operations@graphql.org.

If your company benefits from GraphQL and you would like to provide essential financial support for the systems and people that power our community, please also consider membership in the GraphQL Foundation.

Changelog

Changes are tracked as GitHub releases.

License

GraphQL.js is MIT-licensed.

Stable Version

The latest stable version of the package.

Stable Version

16.9.0

MODERATE

5.3/10

Summary

graphql Uncontrolled Resource Consumption vulnerability

Affected Versions

>= 16.3.0, < 16.8.1

Patched Versions

16.8.1

10

Maintained

Determines if the project is "actively maintained".

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

10

Security-Policy

Determines if the project has published a security policy.

5

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

5

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 5

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:161: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/ci.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:166: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/ci.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/ci.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/ci.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/ci.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/ci.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/ci.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/ci.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:129: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/ci.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/ci.yml/16.x.x?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:147: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/ci.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:183: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/ci.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/ci.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:200: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/ci.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:211: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/ci.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:216: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/ci.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:227: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/ci.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/ci.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/ci.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/ci.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cmd-publish-pr-on-npm.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/cmd-publish-pr-on-npm.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cmd-publish-pr-on-npm.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/cmd-publish-pr-on-npm.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cmd-publish-pr-on-npm.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/cmd-publish-pr-on-npm.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cmd-publish-pr-on-npm.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/cmd-publish-pr-on-npm.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cmd-publish-pr-on-npm.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/cmd-publish-pr-on-npm.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cmd-publish-pr-on-npm.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/cmd-publish-pr-on-npm.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cmd-publish-pr-on-npm.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/cmd-publish-pr-on-npm.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cmd-publish-pr-on-npm.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/cmd-publish-pr-on-npm.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cmd-run-benchmark.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/cmd-run-benchmark.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cmd-run-benchmark.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/cmd-run-benchmark.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cmd-run-benchmark.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/cmd-run-benchmark.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-artifact-as-branch.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/deploy-artifact-as-branch.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-artifact-as-branch.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/deploy-artifact-as-branch.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/github-actions-bot.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/github-actions-bot.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/github-actions-bot.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/github-actions-bot.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/github-actions-bot.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/github-actions-bot.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/github-actions-bot.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/github-actions-bot.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/github-actions-bot.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/github-actions-bot.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/github-actions-bot.yml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/github-actions-bot.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull_request.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/pull_request.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull_request.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/pull_request.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull_request.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/pull_request.yml/16.x.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull_request_opened.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql/graphql-js/pull_request_opened.yml/16.x.x?enable=pin
Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:77
Info: 0 out of 42 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 1 third-party GitHubAction dependencies pinned
Info: 11 out of 12 npmCommand dependencies pinned

2

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Fuzzing

Determines if the project uses fuzzing.

0

SAST

Determines if the project uses static code analysis.

Score

5.6

/10

Last Scanned on 2024-11-25

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More