Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
@envelop/core
Advanced tools
This is the core package for Envelop. You can find a complete documentation here: https://github.com/n1ru4l/envelop
@envelop/core is a powerful library for building GraphQL servers with a focus on extensibility and modularity. It provides a plugin system that allows developers to easily add, remove, or customize functionalities in their GraphQL server setup.
Plugin System
The plugin system allows you to add various plugins to your GraphQL server. In this example, we use the `useSchema` plugin to set up a basic schema.
const { envelop, useSchema } = require('@envelop/core');
const { makeExecutableSchema } = require('@graphql-tools/schema');
const schema = makeExecutableSchema({
typeDefs: `
type Query {
hello: String
}
`,
resolvers: {
Query: {
hello: () => 'Hello world!',
},
},
});
const getEnveloped = envelop({
plugins: [useSchema(schema)],
});
const { parse, validate, contextFactory, execute, schema: finalSchema } = getEnveloped();
Custom Plugins
You can create custom plugins to extend the functionality of your GraphQL server. This example shows a custom plugin that logs the operation name whenever an operation is executed.
const { envelop, useLogger } = require('@envelop/core');
const customPlugin = {
onExecute({ args }) {
console.log('Executing operation:', args.operationName);
},
};
const getEnveloped = envelop({
plugins: [useLogger(), customPlugin],
});
const { execute } = getEnveloped();
Error Handling
The error handling feature allows you to manage and log errors that occur during GraphQL operations. This example demonstrates how to use the `useErrorHandler` plugin to log errors.
const { envelop, useErrorHandler } = require('@envelop/core');
const errorHandlerPlugin = useErrorHandler((errors) => {
console.error('GraphQL Errors:', errors);
});
const getEnveloped = envelop({
plugins: [errorHandlerPlugin],
});
const { execute } = getEnveloped();
Apollo Server is a popular GraphQL server library that provides an easy-to-use setup and a rich ecosystem of tools and integrations. Compared to @envelop/core, Apollo Server is more opinionated and comes with built-in features like caching, tracing, and schema stitching.
GraphQL Yoga is a fully-featured GraphQL server with a focus on simplicity and ease of use. It is built on top of GraphQL.js and provides a lot of out-of-the-box features. While @envelop/core focuses on modularity and extensibility through plugins, GraphQL Yoga aims to provide a more straightforward setup.
Express-GraphQL is a minimalistic GraphQL server middleware for Express.js. It is simple to set up and use, making it a good choice for small to medium-sized applications. Unlike @envelop/core, express-graphql does not have a plugin system and is less extensible.
@envelop/core
This is the core package for Envelop. You can find a complete documentation here: https://github.com/n1ru4l/envelop
FAQs
This is the core package for Envelop. You can find a complete documentation here: https://github.com/n1ru4l/envelop
The npm package @envelop/core receives a total of 471,521 weekly downloads. As such, @envelop/core popularity was classified as popular.
We found that @envelop/core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.