@escape.tech/graphql-armor
Advanced tools
Dead-simple, yet highly customizable security middleware for Apollo GraphQL servers shield
GraphQL Armor is a Dead-simple, yet highly customizable security middleware for Apollo GraphQL servers.
# npm
npm install @escape.tech/graphql-armor
# yarn
yarn add @escape.tech/graphql-armor
import { ApolloArmor } from '@escape.tech/graphql-armor';
const armor = new ApolloArmor({
// Config opts
});
const server = new ApolloServer({
typeDefs,
resolvers,
plugins: [...armor.getPlugins(), ...yourPlugins],
validationRules: [...armor.getValidationRules(), ...yourValidationRules],
});
GraphQL-Armor is fully configurable, scoped per plugin.
View the Per plugin remediation section for more information.
import { ApolloArmor } from '@escape.tech/graphql-armor';
const armor = new ApolloArmor({
CostAnalysis: {
enabled: true,
options: {
maxCost: 1000,
},
}
});
const server = new ApolloServer({
typeDefs,
resolvers,
plugins: [...armor.getPlugins(), ...yourPlugins],
validationRules: [...armor.getValidationRules(), ...yourValidationRules],
});
This section describes how to configure each plugin individually.
Character Limit plugin will enforce a character limit on your GraphQL queries.
(Note: The limit is not applied to whole HTTP body -, multipart form data / file upload will still works)
import { ApolloArmor } from '@escape.tech/graphql-armor';
const armor = new ApolloArmor({
CharacterLimit: {
enabled: true,
options: {
maxLength: 15000, // Default: 15000
},
}
});
Cost Analysis plugin analyze incoming GraphQL queries and apply cost analysis algorithm to prevent resource overload.
import { ApolloArmor } from '@escape.tech/graphql-armor';
const armor = new ApolloArmor({
CostAnalysis: {
enabled: true,
options: {
maxCost: 5000, // Default: 5000
defaultComplexity: 1, // Default: 1 | Complexity of GQL token
maxDepth: 6, // Default: 6
maxAlias: 15, // Default: 15
maxDirectives: 50, // Default: 50
},
}
});
Field Suggestion plugin will prevent suggesting fields of unprecise GraphQL queries.
import { ApolloArmor } from '@escape.tech/graphql-armor';
const armor = new ApolloArmor({
FieldSuggestion: {
enabled: true,
}
});
FAQs
Dead-simple, yet highly customizable security middleware for Apollo GraphQL servers shield
The npm package @escape.tech/graphql-armor receives a total of 126,798 weekly downloads. As such, @escape.tech/graphql-armor popularity was classified as popular.
We found that @escape.tech/graphql-armor demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Socket researchers uncover how threat actors weaponize Discord across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.
Security News
Socket now integrates with Bun 1.3’s Security Scanner API to block risky packages at install time and enforce your organization’s policies in local dev and CI.
Research
The Socket Threat Research Team is tracking weekly intrusions into the npm registry that follow a repeatable adversarial playbook used by North Korean state-sponsored actors.