@escape.tech/graphql-armor
Advanced tools
Dead-simple, yet highly customizable security middleware for Apollo GraphQL servers shield
This project is young so there might be bugs but we are very reactive so feel free to open issues.
GraphQL Armor is a Dead-simple, yet highly customizable security middleware for Apollo GraphQL servers.
# npm
npm install @escape.tech/graphql-armor
# yarn
yarn add @escape.tech/graphql-armor
import { ApolloArmor } from '@escape.tech/graphql-armor';
const armor = new ApolloArmor({
// Config opts
});
const server = new ApolloServer({
typeDefs,
resolvers,
plugins: [...armor.getPlugins(), ...yourPlugins],
validationRules: [...armor.getValidationRules(), ...yourValidationRules],
});
GraphQL-Armor is fully configurable, scoped per plugin.
View the Per plugin remediation section for more information.
import { ApolloArmor } from '@escape.tech/graphql-armor';
const armor = new ApolloArmor({
CostAnalysis: {
enabled: true,
options: {
maxCost: 1000,
},
}
});
const server = new ApolloServer({
typeDefs,
resolvers,
plugins: [...armor.getPlugins(), ...yourPlugins],
validationRules: [...armor.getValidationRules(), ...yourValidationRules],
});
This section describes how to configure each plugin individually.
Character Limit plugin will enforce a character limit on your GraphQL queries.
(Note: The limit is not applied to whole HTTP body -, multipart form data / file upload will still works)
import { ApolloArmor } from '@escape.tech/graphql-armor';
const armor = new ApolloArmor({
CharacterLimit: {
enabled: true,
options: {
maxLength: 15000, // Default: 15000
},
}
});
Cost Analysis plugin analyze incoming GraphQL queries and apply cost analysis algorithm to prevent resource overload.
import { ApolloArmor } from '@escape.tech/graphql-armor';
const armor = new ApolloArmor({
CostAnalysis: {
enabled: true,
options: {
maxCost: 5000, // Default: 5000
defaultComplexity: 1, // Default: 1 | Complexity of GQL token
maxDepth: 6, // Default: 6
maxAlias: 15, // Default: 15
maxDirectives: 50, // Default: 50
},
}
});
Field Suggestion plugin will prevent suggesting fields of unprecise GraphQL queries.
import { ApolloArmor } from '@escape.tech/graphql-armor';
const armor = new ApolloArmor({
FieldSuggestion: {
enabled: true,
}
});
FAQs
Dead-simple, yet highly customizable security middleware for Apollo GraphQL servers shield
The npm package @escape.tech/graphql-armor receives a total of 118,806 weekly downloads. As such, @escape.tech/graphql-armor popularity was classified as popular.
We found that @escape.tech/graphql-armor demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket now integrates with Bun 1.3’s Security Scanner API to block risky packages at install time and enforce your organization’s policies in local dev and CI.
Security News
Python 3.14 adds template strings, deferred annotations, and subinterpreters, plus free-threaded mode, an experimental JIT, and Sigstore verification.
Security News
Former RubyGems maintainers have launched The Gem Cooperative, a new community-run project aimed at rebuilding open governance in the Ruby ecosystem.