Gathering detailed insights and metrics for openapi-to-graphql
Gathering detailed insights and metrics for openapi-to-graphql
Installations
npm install openapi-to-graphqlReleases
37
OpenAPI-to-GraphQL v2.6.3
v2.6.3
Published on 04 Feb 2022
OpenAPI-to-GraphQL v2.6.2
v2.6.2
Published on 03 Feb 2022
OpenAPI-to-GraphQL v2.6.1
v2.6.1
Published on 18 Jan 2022
OpenAPI-to-GraphQL v2.6.0
v2.6.0
Published on 15 Dec 2021
OpenAPI-to-GraphQL v2.5.2
v2.5.2
Published on 28 Nov 2021
OpenAPI-to-GraphQL v2.5.1
v2.5.1
Published on 31 Jul 2021
Developer
Developer Guide
BETA
Module System
CommonJS, ESM
Min. Node Version
>=14
Typescript Support
No
Node Version
20.8.1
NPM Version
10.1.0
Statistics
1,612 Stars
685 Commits
211 Forks
39 Watching
2 Branches
45 Contributors
Updated on 25 Nov 2024
Languages
TypeScript (89.29%)
JavaScript (10.71%)
Total Downloads
Cumulative downloads
Total Downloads
5,982,069
Last day
-0.2%
6,603
Compared to previous day
Last week
11.7%
32,249
Compared to previous week
Last month
-4.5%
125,617
Compared to previous month
Last year
2.3%
1,465,550
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
17
Peer Dependencies
1
Dev Dependencies
33
@types/deep-equal@types/graphql-upload@types/jest@types/node@types/url-joinaedesaedes-persistencebody-parsercookie-parserexpressexpress-graphqlglobgraphqlgraphql-mqtt-subscriptionsgraphql-multiplex-subscriptionshuskyisomorphic-gitjestjs-yamlmemfsmqemittermqttnodemonprettierpretty-quickrimrafsimple-statisticsstandardsubscriptions-transport-wsts-jesttslinttslint-config-standardtypescript
Versions
Development on OpenAPI-to-GraphQL has paused. GraphQL Mesh is maintaining an OpenAPI/Swagger handler, which is fork of OpenAPI-to-GraphQL. Please find them here.
OpenAPI-to-GraphQL
Translate APIs described by OpenAPI Specifications (OAS) or Swagger into GraphQL.
Getting started
OpenAPI-to-GraphQL can be used in two ways:
CLI
The Command Line Interface (CLI) provides a convenient way to start a GraphQL server wrapping an API for a given OpenAPI Specification:
- Install the OpenAPI-to-GraphQL CLI using:
1npm i -g openapi-to-graphql-cli - Then, run the OpenAPI-to-GraphQL command and point it to an OpenAPI Specification:
1openapi-to-graphql <OAS JSON file path or remote url> [options]
For further details, refer to the openapi-to-graphql-cli documentation.
Library
Use OpenAPI-to-GraphQL as a library in your application to generate GraphQL schemas.
- Install OpenAPI-to-GraphQL as a dependency:
1npm i -s openapi-to-graphql - Require OpenAPI-to-GraphQL and use the
createGraphQLSchemafunction:1const { createGraphQLSchema } = require("openapi-to-graphql"); 2// load or construct OAS (const oas = ...) 3const { schema, report } = await createGraphQLSchema(oas);
For further details, refer to the openapi-to-graphql documentation.
Tutorials
Here are some guides to further help you get started:
- CLI + Loopback tutorial: Learn how to quickly spin up GraphQL wrappers using the OpenAPI-to-GraphQL CLI.
- Library tutorial: Learn how to use OpenAPI-to-GraphQL as a library, and how to improve the resulting GraphQL wrappers using OAS
linkdefinitions. - LoopBack tutorial: Learn how to use OpenAPI-to-GraphQL to create GraphQL wrappers for APIs created with LoopBack 4.
- Subscriptions tutorial: Learn how to create a GraphQL API that supports subscription operations - including how to set up the API server that creates a PubSub instance wrapping a MQTT client.
Characteristics
-
Data-centric The GraphQL interface is created around the data definitions in the given OAS, not around the endpoints, leading to a natural use of GraphQL.
-
Nested data Links defined in the OAS are used to create nested data structures, allowing for (deeply) nested queries.
-
Automatic query resolution Automatically generated resolvers translate (nested) GraphQL queries to API requests. Request results are translated back to GraphQL responses.
-
Mutations Non-safe, non-idempotent API operations (e.g.,
POST,PUT,DELETE) are translated to GraphQL mutations. Input payload is type-checked.
-
Subscriptions GraphQL subscriptions allow clients to receive a stream of events, such as updates whenever data changes on the GraphQL server. OpenAPI-to-GraphQL can create subscriptions based on
callbackobjects defined in the OAS.
-
Authentication OpenAPI-to-GraphQL currently supports authentication via API Key and basic auth. OpenAPI-to-GraphQL wraps secured endpoints into a
viewer, which takes the API key / credentials as input.
-
API Sanitation Parts of an API that not compatible with GraphQL are automatically sanitized. For example, API parameters and data definition names with unsupported characters (e.g.,
-,.,,,:,;...) are removed. GraphQL queries are desanitized to correctly invoke the REST API and the responses are resanitized to create GraphQL-compliant results.
-
Custom request options Provide headers and query parameters to send with every API request. This allows, for example, to handle authentication or tag requests from GraphQL.
-
Swagger and OpenAPI 3 support OpenAPI-to-GraphQL can handle both Swagger (OpenAPI specification 2.0) as well as OpenAPI specification 3.
Development
OpenAPI-to-GraphQL is written in TypeScript. Within each of OpenAPI-to-GraphQL's packages, all source code is contained in the src folder. Use yarn build or yarn test to transpile the source files into the final library in the dist folder. Entry-point for the library is index.js in dist.
Research
Our research paper, "Generating GraphQL-Wrappers for REST(-like) APIs", can be found here. The paper describes the challenges of building OpenAPI-to-GraphQL and an experiment in which we evaluated OpenAPI-to-GraphQL against 959 publicly available OAS, provided by APIs.guru, and successfully created GraphQL interfaces for 89.5% of them.
To run the experiment, in the openapi-to-graphql package, load APIs.guru specifications, found here, into the /tmp folder:
1npm run guru-load
Then, run tests:
1npm run guru-test <number of APIs to test at most>
Similar projects
-
swagger-to-graphql turns a given Swagger (OpenAPI Specification 2.0) into a GraphQL interface, which resolves against the original API. GraphQL schema is based on endpoints, not on data definitions. No links are considered.
-
json-to-graphql turns given JSON objects / arrays into a GraphQL schema.
resolvefunctions need to be provided by the user. -
StackOverflow discussion points to the above projects.
License
No vulnerabilities found.
Reason
no vulnerabilities detected
Reason
license file detected
Details
- Info: : LICENSE.md:1
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
dependency not pinned by hash detected -- score normalized to 7
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/billionbd/TorrentShare/main.yml/0.9?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/billionbd/TorrentShare/main.yml/0.9?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/billionbd/TorrentShare/main.yml/0.9?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/billionbd/TorrentShare/test.yml/0.9?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/billionbd/TorrentShare/test.yml/0.9?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/billionbd/TorrentShare/test.yml/0.9?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/billionbd/TorrentShare/test.yml/0.9?enable=pin
- Info: Dockerfile dependencies are pinned
- Info: no insecure (not pinned by hash) dependency downloads found in Dockerfiles
- Info: no insecure (not pinned by hash) dependency downloads found in shell scripts
Reason
GitHub code reviews found for 11 commits out of the last 30 -- score normalized to 3
Details
- Warn: no reviews found for commit: 926ce20b346abeba2518371aefe2dff16fec5891
- Warn: no reviews found for commit: e8d86c21682d5cbc0391e39b3fe3deeee645330c
- Warn: no reviews found for commit: acfc9ae10c0812f68b56c4707e8465128d19f224
- Warn: no reviews found for commit: f4b5be81e61a57ae70cfb65e7310811a6ad5e248
- Warn: no reviews found for commit: 9e707808ea81c738ec14edf4e077e89e567116e2
- Warn: no reviews found for commit: 82dc653a2086e2a0a39b269c54c350c5285ea1cc
- Warn: no reviews found for commit: da71c33ff56b80dd3b5273a024bfafad70500031
- Warn: no reviews found for commit: 4b1e01df0d84c1da42bdcb45db9c5c5b66e17f87
- Warn: no reviews found for commit: b9732c4271857b2eaa373cca65dcb35f58a8d822
- Warn: no reviews found for commit: c4bd76f0cb8c88d358362e41e561fc012e84cafa
- Warn: no reviews found for commit: e207168d8cc18529952b10677f747abc2dc4437d
- Warn: no reviews found for commit: 951e8ef7d149f1cac13a7f791e2b50694b6ee9fc
- Warn: no reviews found for commit: ce39a4dc22f3157bde5ed3d41d1c9c0586fb2ee8
- Warn: no reviews found for commit: 2157a15a278391b315736b02b4c26fdeec3ba5fc
- Warn: no reviews found for commit: 08bf4b4b7c694a1e99fa979abb26af74611fbab3
- Warn: no reviews found for commit: 0a04db396f2980b26b24ef0e7612051555b62e27
- Warn: no reviews found for commit: e54e45e317eab4b5c87e0f8d37123ee9f22b3a5f
- Warn: no reviews found for commit: e01e6e89bb0f79197f91db782d5430885c820816
- Warn: no reviews found for commit: 9a96022e263465019d53333b1349c92e55933dda
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'force pushes' disabled on branch 'master'
- Info: 'allow deletion' disabled on branch 'master'
- Info: status check found to merge onto on branch 'master'
- Warn: number of required reviewers is only 0 on branch 'master'
Reason
0 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 0
Reason
no badge detected
Reason
non read-only tokens detected in GitHub workflows
Details
- Warn: no topLevel permission defined: .github/workflows/main.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/billionbd/TorrentShare/main.yml/0.9?enable=permissions
- Warn: no topLevel permission defined: .github/workflows/test.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/billionbd/TorrentShare/test.yml/0.9?enable=permissions
Reason
security policy file not detected
Reason
project is not fuzzed
Reason
no update tool detected
Details
- Warn: dependabot config file not detected in source location. We recommend setting this configuration in code so it can be easily verified by others.
- Warn: renovatebot config file not detected in source location. We recommend setting this configuration in code so it can be easily verified by others.
Score
4.3
/10
Last Scanned on 2022-08-15
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More