Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@0no-co/graphql.web
Advanced tools
@0no-co/graphql.web
is a utility library, aiming to provide the minimum of
functions that typical GraphQL clients need and would usually import from
graphql
, e.g. a GraphQL query parser, printer, and visitor.
While its goal isn’t to be an exact match to the GraphQL.js API it aims to remain API- and type-compatible where possible and necessary. However, its goal is to provide the smallest implementation for common GraphQL utilities that are still either spec-compliant or compatible with GraphQL.js’ implementation.
Note: If you’re instead looking for a drop-in replacement for the
graphql
package that you can just alias into your web apps, read more about thegraphql-web-lite
project, which uses this library to shim thegraphql
package.
@urql/core
depends on this package to
power its GraphQL query parsing and printing. If you’re using @urql/core@^4
you’re already using this library! ✨
@0no-co/graphql.web
aims to provide a minimal set of exports to implement
client-side GraphQL utilities, mostly including parsing, printing, and visiting
the GraphQL AST, and the GraphQLError
class.
Currently, graphql.web
compresses to under 4kB and doesn’t regress on
GraphQL.js’ performance when parsing, printing, or visiting the AST.
For all primary APIs we aim to hit 100% test coverage and match the output, types, and API compatibility of GraphQL.js, including — as far as possible — TypeScript type compatibility of the AST types with the currently stable version of GraphQL.js.
Currently, only a select few exports are provided — namely, the ones listed here
are used in @urql/core
, and we expect them to be common in all client-side
GraphQL applications.
Export | Description | Links |
---|---|---|
parse | A tiny (but compliant) GraphQL query language parser. | Source |
print | A (compliant) GraphQL query language printer. | Source |
visit | A recursive reimplementation of GraphQL.js’ visitor. | Source |
Kind | The GraphQL.js’ Kind enum, containing supported ASTNode kinds. | Source |
GraphQLError | GraphQLError stripped of source/location debugging. | Source |
valueFromASTUntyped | Coerces AST values into JS values. | Source |
The stated goals of any reimplementation are:
Therefore, while we can foresee implementing APIs that are entirely separate and
unrelated to the GraphQL.js library in the future, for now the stated goals are
designed to allow this library to be used by GraphQL clients, like
@urql/core
.
1.0.12
FAQs
A spec-compliant client-side GraphQL implementation
The npm package @0no-co/graphql.web receives a total of 592,490 weekly downloads. As such, @0no-co/graphql.web popularity was classified as popular.
We found that @0no-co/graphql.web demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.