Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement
Sign In

@pothos/plugin-complexity

Package Overview
Dependencies
Maintainers
1
Versions
40
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@pothos/plugin-complexity

A Pothos plugin for defining and limiting complexity of queries

Source
npmnpm
Version
4.0.2
Version published
Weekly downloads
13K
4%
Maintainers
1
Weekly downloads
 
Created
Source

Complexity Plugin

This plugin allows you to define complexity of fields and limit the maximum complexity, depth, and breadth of queries.

Usage

Install

yarn add @pothos/plugin-complexity

Setup

import ComplexityPlugin from '@pothos/plugin-complexity';

const builder = new SchemaBuilder({
  plugins: [ComplexityPlugin],
});

Configure defaults and limits

To limit query complexity you can specify a maximum complexity either in the builder setup, or when building the schema:

const builder = new SchemaBuilder({
  plugins: [ComplexityPlugin],
  defaultComplexity: 1,
  defaultListMultiplier: 10,
  complexity: {
    limit: {
      complexity: 500,
      depth: 10,
      breadth: 50,
    },
    // or
    limit: (ctx) => ({
      complexity: 500,
      depth: 10,
      breadth: 50,
    }),
  },
});
// or
const schema = builder.toSchema({
  complexity: {
    limit: {
      complexity: 500,
      depth: 10,
      breadth: 50,
    },
  },
});

Options

  • fieldComplexity: (optional, (args, ctx, field) => { complexity: number, multiplier: number} | number): default complexity calculation for fields. defaultComplexity and defaultListMultiplier will not be used if this is set.
  • defaultComplexity: (optional number) defines the default complexity for every field in the schema
  • defaultListMultiplier: (optional number) defines a default complexity multiplier for a list fields sub selections
  • limit: Defines limits for queries, passed the context object if limit is a function
    • complexity: defines the maximum complexity allowed for queries
    • depth: defines the maximum depth of selections in a query
    • breadth: defines the maximum total selections in a query
  • complexityError: (optional function) defines the error to throw when the query complexity exceeds the limit. The function is passed the errorKind (depth, breadth, or complexity), the result (with the depth, breadth, complext, and max values), and a GraphQL info object. It should return (or throw) an error, or a an error message as a string

How complexity is calculated

Complexity is calculated before resolving root any root level fields (query, mutation, subscription), and is based purely on the shape of the query before execution begins.

The complexity of a query is the sum of the complexity of each selected field. If a field has sub-selections, the complexity of its sub-selections are multiplied by a fields multiplier, and then added to the fields own complexity. The default multiplier for fields is 1, and 10 for list fields. This multiplier is meant to the n+1 complexity of list fields.

Example

The following query has a complexity of 131 (assuming we are using the default options), a depth of 3, and a breadth of 5:

query {
  posts {
    # complexity = 131 (posts + 10 * (2 + 11))
    author {
      # complexity = 2 (author + 1 * name)
      name # complexity = 1, depth: 3
    }
    comments {
      # complexity = 11 (comments + 10 * comment)
      comment # complexity = 1, depth: 3
    }
  }
}

Defining complexity of a field:

You can set a custom complexity value on any field:

builder.queryFields((t) => ({
  posts: t.field({
    type: [Post],
    complexity: 20,
  }),
}));

The complexity option can also set the multiplier for a field:

builder.queryFields((t) => ({
  posts: t.field({
    type: [Post],
    complexity: { field: 5, multiplier: 20 },
  }),
}));

A fields complexity can also be based on the fields arguments, or the context value:

builder.queryFields((t) => ({
  posts: t.field({
    type: [Post],
    args: {
      limit: t.arg.int(),
    },
    // base multiplier on how many posts are being requested
    complexity: (args, ctx) => ({ field: 5, multiplier: args.limit ?? 5 }),
  }),
}));

Utilities

complexityFromQuery(query, options)

Returns the query complexity for a given GraphQL query.

const complexity = complexityFromQuery(query, {
  schema: schema,
  // Complexity can be calculated based on the context and arguments,
  // so you may need to provide valid values for the context and arguments.
  // Both are optional, and will default to empty objects.
  context: {},
  variables: {},
});

Keywords

pothos
graphql
schema
plugin
complexity
depth

FAQs

Package last updated on 12 Jul 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Laravel Lang Compromised with RCE Backdoor Across 700+ Versions

Research

/

Security News

Laravel Lang Compromised with RCE Backdoor Across 700+ Versions

Laravel Lang packages were compromised with an RCE backdoor across hundreds of versions, exposing cloud, CI/CD, and developer secrets.

By Socket Research Team  -  May 23, 2026
AI Has Taken Over Open Source

Security News

AI Has Taken Over Open Source

Vibe coding at scale is reshaping how packages are created, contributed, and selected across the software supply chain

By André Staltz  -  May 22, 2026