Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@apollo/utils.usagereporting
Advanced tools
This package exports the useful bits of usage reporting related to signature computation and referenced field calculation.
usageReportingSignature
In Apollo Studio, we want to group requests making the same query together, and treat different queries distinctly. But what does it mean for two queries to be "the same"? And what if you don't want to send the full text of the query to Apollo's servers, either because it contains sensitive data orw because it contains extraneous operations or fragments?
To solve these problems, Apollo Studio and related components have the concept of "signatures". We don't (by default) send the full query string of queries to Apollo's servers. Instead, each trace has its query string's "signature".
The usageReportingSignature
function is a combination of the following transforms:
dropUnusedDefinitions
: removes operations and fragments that aren't going to be used in executionstripSensitiveLiterals
: replaces all numeric and string literals as well as list and object input values with "empty" valuesremoveAliases
: removes field aliasing from the operationsortAST
: sorts the children of most multi-child nodes consistentlyprintWithReducedWhitespace
, a variant on graphql-js's print
which gets rid of unneeded whitespacecalculateReferencedFieldsByType
Given a DocumentNode
(operation) and a GraphQLSchema
, calculateReferencedFieldsByType
constructs a record of typeName -> { fieldNames: string[], isInterface: boolean }
. This record is the field usage data sent to Apollo Studio keyed by operation signature (usageReportingSignature
).
FAQs
Generate a signature for Apollo usage reporting
The npm package @apollo/utils.usagereporting receives a total of 1,428,562 weekly downloads. As such, @apollo/utils.usagereporting popularity was classified as popular.
We found that @apollo/utils.usagereporting demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.