Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@nestjs/apollo
Advanced tools
@nestjs/apollo is a package that integrates Apollo Server with the NestJS framework, allowing developers to build GraphQL APIs with ease. It provides decorators and utilities to create GraphQL schemas, resolvers, and more, leveraging the power of both Apollo Server and NestJS.
GraphQL Module Setup
This feature allows you to set up the GraphQL module with Apollo Server as the driver. The `autoSchemaFile` option automatically generates the GraphQL schema file.
const { Module } = require('@nestjs/common');
const { GraphQLModule } = require('@nestjs/graphql');
const { ApolloDriver, ApolloDriverConfig } = require('@nestjs/apollo');
@Module({
imports: [
GraphQLModule.forRoot<ApolloDriverConfig>({
driver: ApolloDriver,
autoSchemaFile: true,
}),
],
})
class AppModule {}
Creating Resolvers
This feature allows you to create GraphQL resolvers using decorators. The `@Resolver` decorator marks the class as a resolver, and the `@Query` decorator defines a query field.
const { Resolver, Query } = require('@nestjs/graphql');
@Resolver()
class SampleResolver {
@Query(() => String)
sayHello() {
return 'Hello World!';
}
}
Using GraphQL Scalars
This feature allows you to define custom GraphQL scalars. The `@Scalar` decorator is used to create a new scalar type, and methods like `parseValue`, `serialize`, and `parseLiteral` handle the conversion between client and server.
const { Scalar } = require('@nestjs/graphql');
const { Kind } = require('graphql');
@Scalar('Date')
class DateScalar {
parseValue(value) {
return new Date(value); // value from the client input variables
}
serialize(value) {
return value.getTime(); // value sent to the client
}
parseLiteral(ast) {
if (ast.kind === Kind.INT) {
return new Date(parseInt(ast.value, 10)); // ast value is always in string format
}
return null;
}
}
Apollo Server Express is a community-maintained integration of Apollo Server with Express.js. It provides similar functionalities for setting up a GraphQL server but does not integrate with NestJS-specific features like decorators and modules.
TypeGraphQL is a framework for building GraphQL APIs with TypeScript, using classes and decorators. It offers a similar decorator-based approach to defining schemas and resolvers but is not specifically designed for NestJS.
GraphQL Yoga is a fully-featured GraphQL server with focus on easy setup, performance, and great developer experience. It provides a more general-purpose GraphQL server setup and does not integrate with NestJS-specific features.
A progressive Node.js framework for building efficient and scalable server-side applications.
GraphQL is a powerful query language for APIs and a runtime for fulfilling those queries with your existing data. It's an elegant approach that solves many problems typically found with REST APIs. For background, we suggest reading this comparison between GraphQL and REST. GraphQL combined with TypeScript helps you develop better type safety with your GraphQL queries, giving you end-to-end typing.
@nestjs/apollo
is a package that provides adapters to use Apollo in combination with @nestjs/graphql
.
If you are using express
HTTP engine, install the following packages:
$ npm i --save @nestjs/graphql @nestjs/apollo apollo-server-express graphql
In case of fastify
, you should install apollo-server-fastify
instead.
$ npm i --save @nestjs/graphql @nestjs/apollo apollo-server-fastify graphql
Nest is an MIT-licensed open source project. It can grow thanks to the sponsors and support by the amazing backers. If you'd like to join them, please read more here.
Nest is MIT licensed.
FAQs
Nest - modern, fast, powerful node.js web framework (@apollo)
We found that @nestjs/apollo demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.