Gathering detailed insights and metrics for graphql-schema-linter
Gathering detailed insights and metrics for graphql-schema-linter
Gathering detailed insights and metrics for graphql-schema-linter
Gathering detailed insights and metrics for graphql-schema-linter
Validate GraphQL schema definitions against a set of rules
npm install graphql-schema-linter
Module System
Min. Node Version
Typescript Support
Node Version
NPM Version
694 Stars
483 Commits
62 Forks
10 Watching
23 Branches
26 Contributors
Updated on 01 Nov 2024
Minified
Minified + Gzipped
JavaScript (100%)
Cumulative downloads
Total Downloads
Last day
-15.5%
11,015
Compared to previous day
Last week
-0.8%
67,167
Compared to previous week
Last month
21.7%
307,134
Compared to previous month
Last year
-33%
2,900,680
Compared to previous year
5
1
This package provides a command line tool to validate GraphQL schema definitions against a set of rules.
If you're looking to lint your GraphQL queries, check out this ESLint plugin: apollographql/eslint-plugin-graphql.
graphql-schema-linter
depends on graphql
as a peer dependency.
In order to use graphql-schema-linter
, you can either add it to an existing project that uses the graphql
package:
# Using yarn
yarn add graphql-schema-linter
# Using npm
npm install --save graphql-schema-linter
Or, you may install it globally along side graphql
:
# Using yarn
yarn global add graphql-schema-linter graphql
# Using npm
npm install -g graphql-schema-linter graphql
Usage: graphql-schema-linter [options] [schema.graphql ...]
Options:
-r, --rules <rules>
only the rules specified will be used to validate the schema
example: --rules fields-have-descriptions,types-have-descriptions
-o, --rules-options <rulesOptions>
configure the specified rules with the passed in configuration options
example: --rules-options '{"enum-values-sorted-alphabetically":{"sortOrder":"lexicographical"}}'
-i, --ignore <ignore list>
ignore errors for specific schema members (see "Inline rule overrides" for an alternative way to do this)
example: --ignore '{"fields-have-descriptions":["Obvious","Query.obvious","Query.something.obvious"]}'
-f, --format <format>
choose the output format of the report
possible values: compact, json, text
-s, --stdin
schema definition will be read from STDIN instead of specified file
-c, --config-directory <path>
path to begin searching for config files
-p, --custom-rule-paths <paths>
path to additional custom rules to be loaded. Example: rules/*.js
--comment-descriptions
use old way of defining descriptions in GraphQL SDL
--old-implements-syntax
use old way of defining implemented interfaces in GraphQL SDL
--version
output the version number
-h, --help
output usage information
Using lint-staged and husky, you can lint your staged GraphQL schema file before you commit. First, install these packages:
1yarn add --dev lint-staged husky
Then add a precommit
script and a lint-staged
key to your package.json
like so:
1{ 2 "scripts": { 3 "precommit": "lint-staged" 4 }, 5 "lint-staged": { 6 "*.graphql": ["graphql-schema-linter path/to/*.graphql"] 7 } 8}
The above configuration assumes that you have either one schema.graphql
file or multiple .graphql
files that should
be concatenated together and linted as a whole.
If your project has .graphql
query files and .graphql
schema files, you'll likely need multiple entries in the
lint-staged
object - one for queries and one for schema. For example:
1{ 2 "scripts": { 3 "precommit": "lint-staged" 4 }, 5 "lint-staged": { 6 "client/*.graphql": ["eslint . --ext .js --ext .gql --ext .graphql"], 7 "server/*.graphql": ["graphql-schema-linter server/*.graphql"] 8 } 9}
If you have multiple schemas in the same folder, your lint-staged
configuration will need to be more specific, otherwise
graphql-schema-linter
will assume they are all parts of one schema. For example:
Correct:
1{ 2 "scripts": { 3 "precommit": "lint-staged" 4 }, 5 "lint-staged": { 6 "server/schema.public.graphql": ["graphql-schema-linter"], 7 "server/schema.private.graphql": ["graphql-schema-linter"] 8 } 9}
Incorrect (if you have multiple schemas):
1{ 2 "scripts": { 3 "precommit": "lint-staged" 4 }, 5 "lint-staged": { 6 "server/*.graphql": ["graphql-schema-linter"] 7 } 8}
In addition to being able to configure graphql-schema-linter
via command line options, it can also be configured via
one of the following configuration files.
For now, only rules
, schemaPaths
, customRulePaths
, and rulesOptions
can be configured in a configuration file, but more options may be added in the future.
package.json
1{ 2 "graphql-schema-linter": { 3 "rules": ["enum-values-sorted-alphabetically"], 4 "schemaPaths": ["path/to/my/schema/files/**.graphql"], 5 "customRulePaths": ["path/to/my/custom/rules/*.js"], 6 "rulesOptions": { 7 "enum-values-sorted-alphabetically": { "sortOrder": "lexicographical" } 8 } 9 } 10}
.graphql-schema-linterrc
1{ 2 "rules": ["enum-values-sorted-alphabetically"], 3 "schemaPaths": ["path/to/my/schema/files/**.graphql"], 4 "customRulePaths": ["path/to/my/custom/rules/*.js"], 5 "rulesOptions": { 6 "enum-values-sorted-alphabetically": { "sortOrder": "lexicographical" } 7 } 8}
graphql-schema-linter.config.js
1module.exports = { 2 rules: ['enum-values-sorted-alphabetically'], 3 schemaPaths: ['path/to/my/schema/files/**.graphql'], 4 customRulePaths: ['path/to/my/custom/rules/*.js'], 5 rulesOptions: { 6 'enum-values-sorted-alphabetically': { sortOrder: 'lexicographical' } 7 } 8};
There could be cases where a linter rule is undesirable for a specific part of a GraphQL schema.
Rather than disable the rule for the entire schema, it is possible to disable it for that specific part of the schema using an inline configuration.
There are 4 different inline configurations:
lint-disable rule1, rule2, ..., ruleN
will disable the specified rules, starting at the line it is defined, and until the end of the file or until the rule is re-enabled by an inline configuration.
lint-enable rule1, rule2, ..., ruleN
will enable the specified rules, starting at the line it is defined, and until the end of the file or until the rule is disabled by an inline configuration.
lint-disable-line rule1, rule2, ..., ruleN
will disable the specified rules for the given line.
lint-enable-line rule1, rule2, ..., ruleN
will enable the specified rules for the given line.
One can use these inline configurations by adding them directly to the GraphQL schema as comments.
1# lint-disable types-have-descriptions, fields-have-descriptions 2type Query { 3 field: String 4} 5# lint-enable types-have-descriptions, fields-have-descriptions 6 7""" 8Mutation root 9""" 10type Mutation { 11 """ 12 Field description 13 """ 14 field: String 15 16 field2: String # lint-disable-line fields-have-descriptions 17}
Note: If you are authoring your GraphQL schema using a tool that prevents you from adding comments, you may use the --ignore
to obtain the same functionality.
arguments-have-descriptions
This rule will validate that all field arguments have a description.
defined-types-are-used
This rule will validate that all defined types are used at least once in the schema.
deprecations-have-a-reason
This rule will validate that all deprecations have a reason.
descriptions-are-capitalized
This rule will validate that all descriptions, if present, start with a capital letter.
enum-values-all-caps
This rule will validate that all enum values are capitalized.
enum-values-have-descriptions
This rule will validate that all enum values have a description.
enum-values-sorted-alphabetically
This rule will validate that all enum values are sorted alphabetically.
Accepts following rule options:
sortOrder
: <String>
- either alphabetical
or lexicographical
, defaults: alphabetical
fields-are-camel-cased
This rule will validate that object type field and interface type field names are camel cased.
fields-have-descriptions
This rule will validate that object type fields and interface type fields have a description.
input-object-fields-sorted-alphabetically
This rule will validate that all input object fields are sorted alphabetically.
Accepts following rule options:
sortOrder
: <String>
- either alphabetical
or lexicographical
, defaults: alphabetical
input-object-values-are-camel-cased
This rule will validate that input object value names are camel cased.
input-object-values-have-descriptions
This rule will validate that input object values have a description.
interface-fields-sorted-alphabetically
This rule will validate that all interface object fields are sorted alphabetically.
Accepts following rule options:
sortOrder
: <String>
- either alphabetical
or lexicographical
, defaults: alphabetical
relay-connection-types-spec
This rule will validate the schema adheres to section 2 (Connection Types) of the Relay Cursor Connections Specification.
More specifically:
Connection
. These object types are considered connection types.edges
field that returns a list type.pageInfo
field that returns a non-null PageInfo
object.relay-connection-arguments-spec
This rule will validate the schema adheres to section 4 (Arguments) of the Relay Cursor Connections Specification.
More specifically:
Connection
must include forward pagination arguments, backward pagination arguments, or both.first: Int
and after: *
.last: Int
and before: *
.Note: If only forward pagination is enabled, the first
argument can be specified as non-nullable (i.e., Int!
instead of Int
). Similarly, if only backward pagination is enabled, the last
argument can be specified as non-nullable.
This rule will validate the schema adheres to section 5 (PageInfo) of the Relay Cursor Connections Specification.
More specifically:
PageInfo
object type.PageInfo
type must have a hasNextPage: Boolean!
field.PageInfo
type must have a hasPreviousPage: Boolean!
field.type-fields-sorted-alphabetically
This rule will validate that all type object fields are sorted alphabetically.
Accepts following rule options:
sortOrder
: <String>
- either alphabetical
or lexicographical
, defaults: alphabetical
types-are-capitalized
This rule will validate that interface types and object types have capitalized names.
types-have-descriptions
This will will validate that interface types, object types, union types, scalar types, enum types and input types have descriptions.
The format of the output can be controlled via the --format
option.
The following formatters are currently available: text
, compact
, json
.
Sample output:
app/schema.graphql
5:1 The object type `QueryRoot` is missing a description. types-have-descriptions
6:3 The field `QueryRoot.songs` is missing a description. fields-have-descriptions
app/songs.graphql
1:1 The object type `Song` is missing a description. types-have-descriptions
3 errors detected
Each error is prefixed with the line number and column the error occurred on.
Sample output:
app/schema.graphql:5:1 The object type `QueryRoot` is missing a description. (types-have-descriptions)
app/schema.graphql:6:3 The field `QueryRoot.a` is missing a description. (fields-have-descriptions)
app/songs.graphql:1:1 The object type `Song` is missing a description. (types-have-descriptions)
Each error is prefixed with the path, the line number and column the error occurred on.
Sample output:
1{ 2 "errors": [ 3 { 4 "message": "The object type `QueryRoot` is missing a description.", 5 "location": { 6 "line": 5, 7 "column": 1, 8 "file": "schema.graphql" 9 }, 10 "rule": "types-have-descriptions" 11 }, 12 { 13 "message": "The field `QueryRoot.a` is missing a description.", 14 "location": { 15 "line": 6, 16 "column": 3, 17 "file": "schema.graphql" 18 }, 19 "rule": "fields-have-descriptions" 20 } 21 ] 22}
Verifying the exit code of the graphql-schema-lint
process is a good way of programmatically knowing the
result of the validation.
If the process exits with 0
it means all rules passed.
If the process exits with 1
it means one or many rules failed. Information about these failures can be obtained by
reading the stdout
and using the appropriate output formatter.
If the process exits with 2
it means an invalid configuration was provided. Information about this can be obtained by
reading the stderr
.
If the process exits with 3
it means an uncaught error happened. This most likely means you found a bug.
graphql-schema-linter
comes with a set of rules, but it's possible that it doesn't exactly match your expectations.
The --rules <rules>
allows you pick and choose what rules you want to use to validate your schema.
In some cases, you may want to write your own rules. graphql-schema-linter
leverages GraphQL.js' visitor.js
in order to validate a schema.
You may define custom rules by following the usage of visitor.js and saving your newly created rule as a .js
file.
You can then instruct graphql-schema-linter
to include this rule using the --custom-rule-paths <paths>
option flag.
For sample rules, see the src/rules
folder of this repository or
GraphQL.js' src/validation/rules
folder.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
license file detected
Details
Reason
Found 5/21 approved changesets -- score normalized to 2
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
Reason
project is not fuzzed
Details
Reason
branch protection not enabled on development/release branches
Details
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
Reason
14 existing vulnerabilities detected
Details
Score
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More