Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
@0no-co/graphql.web
Advanced tools
@0no-co/graphql.web
is a utility library, aiming to provide the minimum of
functions that typical GraphQL clients need and would usually import from
graphql
, e.g. a GraphQL query parser, printer, and visitor.
While its goal isn’t to be an exact match to the GraphQL.js API it aims to remain API- and type-compatible where possible and necessary. However, its goal is to provide the smallest implementation for common GraphQL utilities that are still either spec-compliant or compatible with GraphQL.js’ implementation.
Note: If you’re instead looking for a drop-in replacement for the
graphql
package that you can just alias into your web apps, read more about thegraphql-web-lite
project, which uses this library to shim thegraphql
package.
@urql/core
depends on this package to
power its GraphQL query parsing and printing. If you’re using @urql/core@^4
you’re already using this library! ✨
@0no-co/graphql.web
aims to provide a minimal set of exports to implement
client-side GraphQL utilities, mostly including parsing, printing, and visiting
the GraphQL AST, and the GraphQLError
class.
Currently, graphql.web
compresses to under 4kB and doesn’t regress on
GraphQL.js’ performance when parsing, printing, or visiting the AST.
For all primary APIs we aim to hit 100% test coverage and match the output, types, and API compatibility of GraphQL.js, including — as far as possible — TypeScript type compatibility of the AST types with the currently stable version of GraphQL.js.
Currently, only a select few exports are provided — namely, the ones listed here
are used in @urql/core
, and we expect them to be common in all client-side
GraphQL applications.
Export | Description | Links |
---|---|---|
parse | A tiny (but compliant) GraphQL query language parser. | Source |
print | A (compliant) GraphQL query language printer. | Source |
visit | A recursive reimplementation of GraphQL.js’ visitor. | Source |
Kind | The GraphQL.js’ Kind enum, containing supported ASTNode kinds. | Source |
GraphQLError | GraphQLError stripped of source/location debugging. | Source |
valueFromASTUntyped | Coerces AST values into JS values. | Source |
The stated goals of any reimplementation are:
Therefore, while we can foresee implementing APIs that are entirely separate and
unrelated to the GraphQL.js library in the future, for now the stated goals are
designed to allow this library to be used by GraphQL clients, like
@urql/core
.
1.0.10
loc
getter to parsed DocumentNode
fragment outputs to ensure that using fragments created by gql.tada
's graphql()
function with graphql-tag
doesn't crash. graphql-tag
does not treat the DocumentNode.loc
property as optional on interpolations, which leads to intercompatibility issues
Submitted by @JoviDeCroock (See #38)FAQs
A spec-compliant client-side GraphQL implementation
The npm package @0no-co/graphql.web receives a total of 438,128 weekly downloads. As such, @0no-co/graphql.web popularity was classified as popular.
We found that @0no-co/graphql.web demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.