Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
@envelop/core
Advanced tools
This is the core package for Envelop. You can find a complete documentation here: https://github.com/n1ru4l/envelop
@envelop/core is a powerful library for building GraphQL servers with a focus on extensibility and modularity. It provides a plugin system that allows developers to easily add, remove, or customize functionalities in their GraphQL server setup.
Plugin System
The plugin system allows you to add various plugins to your GraphQL server. In this example, we use the `useSchema` plugin to set up a basic schema.
const { envelop, useSchema } = require('@envelop/core');
const { makeExecutableSchema } = require('@graphql-tools/schema');
const schema = makeExecutableSchema({
typeDefs: `
type Query {
hello: String
}
`,
resolvers: {
Query: {
hello: () => 'Hello world!',
},
},
});
const getEnveloped = envelop({
plugins: [useSchema(schema)],
});
const { parse, validate, contextFactory, execute, schema: finalSchema } = getEnveloped();
Custom Plugins
You can create custom plugins to extend the functionality of your GraphQL server. This example shows a custom plugin that logs the operation name whenever an operation is executed.
const { envelop, useLogger } = require('@envelop/core');
const customPlugin = {
onExecute({ args }) {
console.log('Executing operation:', args.operationName);
},
};
const getEnveloped = envelop({
plugins: [useLogger(), customPlugin],
});
const { execute } = getEnveloped();
Error Handling
The error handling feature allows you to manage and log errors that occur during GraphQL operations. This example demonstrates how to use the `useErrorHandler` plugin to log errors.
const { envelop, useErrorHandler } = require('@envelop/core');
const errorHandlerPlugin = useErrorHandler((errors) => {
console.error('GraphQL Errors:', errors);
});
const getEnveloped = envelop({
plugins: [errorHandlerPlugin],
});
const { execute } = getEnveloped();
Apollo Server is a popular GraphQL server library that provides an easy-to-use setup and a rich ecosystem of tools and integrations. Compared to @envelop/core, Apollo Server is more opinionated and comes with built-in features like caching, tracing, and schema stitching.
GraphQL Yoga is a fully-featured GraphQL server with a focus on simplicity and ease of use. It is built on top of GraphQL.js and provides a lot of out-of-the-box features. While @envelop/core focuses on modularity and extensibility through plugins, GraphQL Yoga aims to provide a more straightforward setup.
Express-GraphQL is a minimalistic GraphQL server middleware for Express.js. It is simple to set up and use, making it a good choice for small to medium-sized applications. Unlike @envelop/core, express-graphql does not have a plugin system and is less extensible.
@envelop/core
This is the core package for Envelop. You can find a complete documentation here: https://github.com/n1ru4l/envelop
FAQs
This is the core package for Envelop. You can find a complete documentation here: https://github.com/n1ru4l/envelop
The npm package @envelop/core receives a total of 592,008 weekly downloads. As such, @envelop/core popularity was classified as popular.
We found that @envelop/core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.