Security News
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem with SBOMs
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
@apollo/server
Advanced tools
@apollo/server is a powerful and flexible GraphQL server library that allows you to build and run a GraphQL API in Node.js. It provides tools for schema definition, query execution, and integration with various data sources and middleware.
Schema Definition
Defines a simple GraphQL schema with a single query and sets up an Apollo Server instance to serve it.
const { ApolloServer, gql } = require('@apollo/server');
const typeDefs = gql`
type Query {
hello: String
}
`;
const resolvers = {
Query: {
hello: () => 'Hello world!',
},
};
const server = new ApolloServer({ typeDefs, resolvers });
server.listen().then(({ url }) => {
console.log(`🚀 Server ready at ${url}`);
});
Middleware Integration
Integrates Apollo Server with an Express.js application, allowing you to use GraphQL as middleware.
const { ApolloServer } = require('@apollo/server');
const express = require('express');
const { expressMiddleware } = require('@apollo/server/express');
const typeDefs = gql`
type Query {
hello: String
}
`;
const resolvers = {
Query: {
hello: () => 'Hello world!',
},
};
const server = new ApolloServer({ typeDefs, resolvers });
const app = express();
server.start().then(() => {
app.use('/graphql', expressMiddleware(server));
app.listen({ port: 4000 }, () => {
console.log('Server is running on http://localhost:4000/graphql');
});
});
Data Source Integration
Shows how to integrate a REST API as a data source in Apollo Server, allowing you to fetch data from external APIs.
const { ApolloServer, gql } = require('@apollo/server');
const { RESTDataSource } = require('apollo-datasource-rest');
class MyAPI extends RESTDataSource {
constructor() {
super();
this.baseURL = 'https://api.example.com/';
}
async getExampleData() {
return this.get('example-endpoint');
}
}
const typeDefs = gql`
type Query {
exampleData: String
}
`;
const resolvers = {
Query: {
exampleData: async (_source, _args, { dataSources }) => {
return dataSources.myAPI.getExampleData();
},
},
};
const server = new ApolloServer({
typeDefs,
resolvers,
dataSources: () => ({
myAPI: new MyAPI(),
}),
});
server.listen().then(({ url }) => {
console.log(`🚀 Server ready at ${url}`);
});
express-graphql is a GraphQL HTTP server middleware for Express. It is simpler and more lightweight compared to @apollo/server, making it a good choice for smaller applications or those that do not require the full feature set of Apollo Server.
graphql-yoga is a fully-featured GraphQL server that is easy to set up and use. It is built on top of Express and Apollo Server, providing a more opinionated and streamlined experience. It is suitable for developers who want a quick and easy way to get started with GraphQL.
mercurius is a GraphQL adapter for Fastify, a fast and low-overhead web framework for Node.js. It offers high performance and integrates seamlessly with Fastify, making it a great choice for applications that prioritize speed and efficiency.
@apollo/server
This
@apollo/server
package is new with Apollo Server 4. Previous major versions of Apollo Server used a set of package names starting withapollo-server
, such asapollo-server
,apollo-server-express
,apollo-server-core
, etc.
Apollo Server is an open-source, spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. It's the best way to build a production-ready, self-documenting GraphQL API that can use data from any source.
You can use Apollo Server as:
Apollo Server provides a simple API for integrating with any Node.js web framework or serverless environment. The @apollo/server
package itself ships with a minimally-configurable, standalone web server which handles CORS and body parsing out of the box. Integrations with other environments are community-maintained.
Apollo Server provides:
Full documentation for Apollo Server is available on our documentation site. This README shows the basics of getting a server running (both standalone and with Express), but most features are only documented on our docs site.
You can also check out the getting started guide in the Apollo Server docs for more details, including examples in both TypeScript and JavaScript.
Apollo Server's standalone server lets you get a GraphQL server up and running quickly without needing to set up an HTTP server yourself. It allows all the same configuration of GraphQL logic as the Express integration, but does not provide the ability to make fine-grained tweaks to the HTTP-specific behavior of your server.
First, install Apollo Server and the JavaScript implementation of the core GraphQL algorithms:
npm install @apollo/server graphql
Then, write the following to server.mjs
. (By using the .mjs
extension, Node lets you use the await
keyword at the top level.)
import { ApolloServer } from '@apollo/server';
import { startStandaloneServer } from '@apollo/server/standalone';
// The GraphQL schema
const typeDefs = `#graphql
type Query {
hello: String
}
`;
// A map of functions which return data for the schema.
const resolvers = {
Query: {
hello: () => 'world',
},
};
const server = new ApolloServer({
typeDefs,
resolvers,
});
const { url } = await startStandaloneServer(server);
console.log(`🚀 Server ready at ${url}`);
Now run your server with:
node server.mjs
Open the URL it prints in a web browser. It will show Apollo Sandbox, a web-based tool for running GraphQL operations. Try running the operation query { hello }
!
Apollo Server's built-in Express middleware lets you run your GraphQL server as part of an app built with Express, the most popular web framework for Node.
First, install Apollo Server, the JavaScript implementation of the core GraphQL algorithms, Express, and two common Express middleware packages:
npm install @apollo/server graphql express cors body-parser
If using Typescript you may also need to install additional type declaration packages as development dependencies to avoid common errors when importing the above packages (i.e. Could not find a declaration file for module 'cors
'):
npm install --save-dev @types/cors @types/express @types/body-parser
Then, write the following to server.mjs
. (By using the .mjs
extension, Node lets you use the await
keyword at the top level.)
import { ApolloServer } from '@apollo/server';
import { expressMiddleware } from '@apollo/server/express4';
import { ApolloServerPluginDrainHttpServer } from '@apollo/server/plugin/drainHttpServer'
import express from 'express';
import http from 'http';
import cors from 'cors';
import bodyParser from 'body-parser';
// The GraphQL schema
const typeDefs = `#graphql
type Query {
hello: String
}
`;
// A map of functions which return data for the schema.
const resolvers = {
Query: {
hello: () => 'world',
},
};
const app = express();
const httpServer = http.createServer(app);
// Set up Apollo Server
const server = new ApolloServer({
typeDefs,
resolvers,
plugins: [ApolloServerPluginDrainHttpServer({ httpServer })],
});
await server.start();
app.use(
cors(),
bodyParser.json(),
expressMiddleware(server),
);
await new Promise((resolve) => httpServer.listen({ port: 4000 }, resolve));
console.log(`🚀 Server ready at http://localhost:4000`);
Now run your server with:
node server.mjs
Open the URL it prints in a web browser. It will show Apollo Sandbox, a web-based tool for running GraphQL operations. Try running the operation query { hello }
!
FAQs
Core engine for Apollo GraphQL server
The npm package @apollo/server receives a total of 474,761 weekly downloads. As such, @apollo/server popularity was classified as popular.
We found that @apollo/server demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
Security News
Socket CEO Feross Aboukhadijeh discusses open source security challenges, including zero-day attacks and supply chain risks, on the Cyber Security Council podcast.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.