NOTE: This is a fork of graphql-playground-html which is meant to be used by Apollo Server and only by Apollo Server. It is not intended to be used directly. Those looking to use GraphQL Playground directly can refer to the upstream repository for usage instructions.

SECURITY WARNING: Via the upstream fork, this package had a severe XSS Reflection attack vulnerability until version 1.6.25 of this package. While we have published a fix, users were only affected if they were using @apollographql/graphql-playground-html directly as their own custom middleware. The direct usage of this package was never recommended as it provided no advantage over the upstream package in that regard. Users of Apollo Server who leverage this package automatically by the dependency declared within Apollo Sever were not affected since Apollo Server never provided dynamic facilities to customize playground options per request. Users of Apollo Server would have had to statically embedded very explicit vulnerabilities (e.g., using malicious, unescaped code, <script> tags, etc.).

FAQs

What is @apollographql/graphql-playground-html?

Is @apollographql/graphql-playground-html popular?

Is @apollographql/graphql-playground-html well maintained?

Last updated on 25 May 2021

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

@apollographql/graphql-playground-html

@apollographql/graphql-playground-html

Related posts

npm Package for ReExt React Components Library Exfiltrates Git Credentials

OpenJS: “XZ Utils Cyberattack Likely Not an Isolated Incident”