Gathering detailed insights and metrics for graphql-upload
Gathering detailed insights and metrics for graphql-upload
Gathering detailed insights and metrics for graphql-upload
Gathering detailed insights and metrics for graphql-upload
@types/graphql-upload
TypeScript definitions for graphql-upload
@apollographql/graphql-upload-8-fork
Fork of graphql-upload@8 that works with graphql@15 for compatibility with apollo-server@2
mercurius-upload
Fastify plugin to support GraphQL uploads using graphql-upload
@graphql-ez/plugin-upload
Integration with [GraphQL Upload](https://github.com/jaydenseric/graphql-upload)
Middleware and a scalar Upload to add support for GraphQL multipart requests (file uploads via queries and mutations) to various Node.js GraphQL servers.
npm install graphql-upload
Module System
Min. Node Version
Typescript Support
Node Version
NPM Version
1,431 Stars
734 Commits
133 Forks
17 Watching
1 Branches
10 Contributors
Updated on 18 Nov 2024
JavaScript (100%)
Cumulative downloads
Total Downloads
Last day
-3.4%
67,601
Compared to previous day
Last week
1.1%
373,872
Compared to previous week
Last month
12.4%
1,555,349
Compared to previous month
Last year
-19.2%
16,603,491
Compared to previous year
3
Middleware and a scalar Upload
to add support for GraphQL multipart requests (file uploads via queries and mutations) to various Node.js GraphQL servers.
Clients implementing the GraphQL multipart request spec upload files as Upload
scalar query or mutation variables. Their resolver values are promises that resolve file upload details for processing and storage. Files are typically streamed into cloud storage but may also be stored in the filesystem.
[!TIP]
First, check if there are GraphQL multipart request spec server implementations (most for Node.js integrate
graphql-upload
) that are more suitable for your environment than a manual setup.
To install graphql-upload
and its peer dependency graphql
with npm, run:
1npm install graphql-upload graphql
Use the middleware graphqlUploadKoa
or graphqlUploadExpress
just before GraphQL middleware. Alternatively, use the function processRequest
to create custom middleware.
A schema built with separate SDL and resolvers (e.g. using the function makeExecutableSchema
from @graphql-tools/schema
) requires the scalar Upload
to be setup.
Then, the scalar Upload
can be used for query or mutation arguments. For how to use the scalar value in resolvers, see the documentation in the module GraphQLUpload.mjs
.
apollo-server-koa
and @apollo/client
.os.tmpdir()
.Promise.all
or a more flexible solution such as Promise.allSettled
where an error in one does not reject them all.createReadStream
before the resolver returns; late calls (e.g. in an unawaited async function or callback) throw an error. Existing streams can still be used after a response is sent, although there are few valid reasons for not awaiting their completion.stream.destroy()
when an incomplete stream is no longer needed, or temporary files may not get cleaned up.The GraphQL multipart request spec allows a file to be used for multiple query or mutation variables (file deduplication), and for variables to be used in multiple places. GraphQL resolvers need to be able to manage independent file streams. As resolvers are executed asynchronously, it’s possible they will try to process files in a different order than received in the multipart request.
busboy
parses multipart request streams. Once the operations
and map
fields have been parsed, scalar Upload
values in the GraphQL operations are populated with promises, and the operations are passed down the middleware chain to GraphQL resolvers.
fs-capacitor
is used to buffer file uploads to the filesystem and coordinate simultaneous reading and writing. As soon as a file upload’s contents begins streaming, its data begins buffering to the filesystem and its associated promise resolves. GraphQL resolvers can then create new streams from the buffer by calling the function createReadStream
. The buffer is destroyed once all streams have ended or closed and the server has responded to the request. Any remaining buffer files will be cleaned when the process exits.
Supported runtime environments:
^18.18.0 || ^20.9.0 || >=22.0.0
.Projects must configure TypeScript to use types from the ECMAScript modules that have a // @ts-check
comment:
compilerOptions.allowJs
should be true
.compilerOptions.maxNodeModuleJsDepth
should be reasonably large, e.g. 10
.compilerOptions.module
should be "node16"
or "nodenext"
.The npm package graphql-upload
features optimal JavaScript module design. It doesn’t have a main index module, so use deep imports from the ECMAScript modules that are exported via the package.json
field exports
:
No vulnerabilities found.
Reason
30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
Reason
Found 1/26 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
Reason
project is not fuzzed
Details
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
Score
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More