
Research
/Security News
Critical Vulnerability in NestJS Devtools: Localhost RCE via Sandbox Escape
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
@graphql-tools/import
Advanced tools
@graphql-tools/import is a utility package that allows you to import and merge GraphQL type definitions from multiple files. This is particularly useful for organizing your GraphQL schema into smaller, more manageable pieces.
Importing Type Definitions
This feature allows you to import and merge GraphQL type definitions from multiple files. The `loadFilesSync` function loads all the type definition files from the specified directory, and `mergeTypeDefs` merges them into a single schema.
const { loadFilesSync } = require('@graphql-tools/load-files');
const { mergeTypeDefs } = require('@graphql-tools/merge');
const typesArray = loadFilesSync(path.join(__dirname, './schemas'));
const typeDefs = mergeTypeDefs(typesArray);
console.log(typeDefs);
Using SDL Imports
This feature allows you to use SDL (Schema Definition Language) imports within your GraphQL schema files. The `importSchema` function reads a schema file and resolves any `#import` statements, merging the imported types into a single schema.
const { importSchema } = require('@graphql-tools/import');
const typeDefs = importSchema('./path/to/schema.graphql');
console.log(typeDefs);
graphql-import is a package that allows you to import and merge GraphQL type definitions using SDL imports. It is similar to @graphql-tools/import but is more focused on SDL imports specifically, whereas @graphql-tools/import offers a broader range of utilities for schema management.
merge-graphql-schemas is a package that provides utilities to merge multiple GraphQL schemas into one. It is similar to @graphql-tools/import in that it helps manage and organize GraphQL schemas, but it does not support SDL imports directly.
Check API Reference for more information about this package; https://www.graphql-tools.com/docs/api/modules/import_src
You can also learn more about GraphQL Import in this chapter; https://www.graphql-tools.com/docs/schema-loading#using-import-expression
FAQs
A set of utils for faster development of GraphQL tools
The npm package @graphql-tools/import receives a total of 3,603,500 weekly downloads. As such, @graphql-tools/import popularity was classified as popular.
We found that @graphql-tools/import demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
Product
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.