Introducing Socket Firewall: Free, Proactive Protection for Your Software Supply Chain.Learn More
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@escape.tech/graphql-armor

Package Overview
Dependencies
Maintainers
4
Versions
60
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install
Package version was removed
This package version has been unpublished, mostly likely due to security reasons

@escape.tech/graphql-armor

Dead-simple, yet highly customizable security middleware for Apollo GraphQL servers shield

unpublished
Source
npmnpm
Version
0.0.8
Version published
Weekly downloads
117K
-27.58%
Maintainers
4
Weekly downloads
 
Created
Source

🛡️ GraphQL-Armor 🛡️

CI CD npm

🛡️ GraphQL-Armor 🛡️ is a Dead-simple, yet highly customizable security middleware for Apollo GraphQL servers.

Contents

Supported remediations

Installation

# npm
npm install @escape.tech/graphql-armor

# yarn
yarn add @escape.tech/graphql-armor

Getting Started

import { ApolloArmor } from '@escape.tech/graphql-armor';
const armor = new ApolloArmor({
    // Config opts
});

const server = new ApolloServer({
  typeDefs,
  resolvers,
  plugins: [...armor.getPlugins(), ...yourPlugins],
  validationRules: [...armor.getValidationRules(), ...yourValidationRules],
});

Getting Started with Configuration

GraphQL-Armor is fully configurable, scoped per plugin.

View the Per plugin remediation section for more information.

import { ApolloArmor } from '@escape.tech/graphql-armor';

const armor = new ApolloArmor({
    CostAnalysis: {
        enabled: true,
        options: {
            maxCost: 1000,
        },
    }
});

const server = new ApolloServer({
  typeDefs,
  resolvers,
  plugins: [...armor.getPlugins(), ...yourPlugins],
  validationRules: [...armor.getValidationRules(), ...yourValidationRules],
});

Per plugin remediation

This section describes how to configure each plugin individually.

Character Limit

Character Limit plugin will enforce a character limit on your GraphQL queries.

(Note: The limit is not applied to whole HTTP body -, multipart form data / file upload will still works)

import { ApolloArmor } from '@escape.tech/graphql-armor';

const armor = new ApolloArmor({
    CharacterLimit: {
        enabled: true,
        options: {
            maxLength: 15000, // Default: 15000
        },
    }
});

Cost Analysis

Cost Analysis plugin analyze incoming GraphQL queries and apply cost analysis algorithm to prevent resource overload.

import { ApolloArmor } from '@escape.tech/graphql-armor';

const armor = new ApolloArmor({
    CostAnalysis: {
        enabled: true,
        options: {
            maxCost: 5000,          // Default: 5000
            defaultComplexity: 1,   // Default: 1    | Complexity of GQL token
            maxDepth: 6,            // Default: 6
            maxAlias: 15,           // Default: 15
            maxDirectives: 50,      // Default: 50
        },
    }
});

Field Suggestion

Field Suggestion plugin will prevent suggesting fields of unprecise GraphQL queries.

import { ApolloArmor } from '@escape.tech/graphql-armor';

const armor = new ApolloArmor({
    FieldSuggestion: {
        enabled: true,
    }
});

FAQs

Package last updated on 02 Aug 2022

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

ENISA’s 2025 Threat Landscape: AI Reshapes Cyber Attacks, from Phishing to Supply Chain Abuse

Security News

ENISA’s 2025 Threat Landscape: AI Reshapes Cyber Attacks, from Phishing to Supply Chain Abuse

ENISA’s 2025 Threat Landscape report highlights how AI is reshaping cyber attacks, driving phishing, model poisoning, and software supply chain risks.

By Sarah Gooding  -  Oct 16, 2025