Security News
Crates.io Users Targeted by Phishing Emails
The Rust Security Response WG is warning of phishing emails from rustfoundation.dev targeting crates.io users.
By Sarah Gooding - Sep 12, 2025
@risingstack/graffiti
Advanced tools
Currently the consumption of HTTP REST APIs dominate the client-side world, GraphQL aims to change this. This transition can be time-consuming - this is where graffiti comes into the picture.
We don't want to rewrite our application - no one wants that. graffiti provides an Express middleware, a Hapi plugin and a Koa middleware to convert your existing models into a GraphQL schema and exposes it over HTTP.
What is GraphQL?
GraphQL is a query language created by Facebook in 2012 which provides a common interface between the client and the server for data fetching and manipulations.
The client asks for various data from the GraphQL server via queries. The response format is described in the query and defined by the client instead of the server: they are called client‐specified queries.
For more info check out RisingStack's GraphQL tutorial.
Example server and queries
For a running example server and executable queries, check out our example repository and play with your GraphQL queries: graffiti-example
Adapters
- mongoose
- more coming...
Supported servers
Install
npm install @risingstack/graffiti --save
Usage
- run MongoDB
- register the middleware
- provide a schema (returned by an adapters
getSchemamethod or your ownGraphQLSchemainstance) - the GraphQL endpoint is available on
/graphql
Express
import express from 'express';
import { json } from 'body-parser';
import graffiti from '@risingstack/graffiti';
import { getSchema } from '@risingstack/graffiti-mongoose';
import Cat from './models/Cat';
import User from './models/User';
const app = express();
// parse body as json
app.use(json());
app.use(graffiti.express({
schema: getSchema([User, Cat]),
context: {} // custom context
}));
app.listen(3000);
Hapi
import { Server } from 'hapi';
import graffiti from '@risingstack/graffiti';
import { getSchema } from '@risingstack/graffiti-mongoose';
const server = new Server();
server.connection({ port: 3000 });
server.register({
register: graffiti.hapi,
options: {
schema: getSchema([User, Cat]),
context: {}, // custom context
config: {} // config parameter for hapi graphql route
}
}, function (err) {
if (err) {
console.error('Failed to load plugin:', err);
}
server.start(function () {
console.log('Server running at:', server.info.uri);
});
});
Koa
import koa from 'koa';
import parser from 'koa-bodyparser';
import graffiti from '@risingstack/graffiti';
import { getSchema } from '@risingstack/graffiti-mongoose';
import Cat from './models/Cat';
import User from './models/User';
const app = koa();
app.use(parser());
app.use(graffiti.koa({
schema: getSchema([User, Cat]),
context: {} // custom context
}));
app.listen(3000);
Options
schema: aGraphQLSchemainstance. You can use an adaptersgetSchemamethod, or provide your own schema. (required)graphiql: may present GraphiQL when loaded directly from a browser. (default:true)context: custom GraphQL context object. (default:{})
Test
npm test
FAQs
Mongoose adapter for graffiti (Node.js GraphQL ORM)
The npm package @risingstack/graffiti receives a total of 15 weekly downloads. As such, @risingstack/graffiti popularity was classified as not popular.
We found that @risingstack/graffiti demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Package last updated on 09 Dec 2016
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Introducing Custom Pull Request Alert Comment Headers
Socket now lets you customize pull request alert headers, helping security teams share clear guidance right in PRs to speed reviews and reduce back-and-forth.
By André Staltz - Sep 12, 2025
Product
Rust Support Now in Beta
Socket's Rust support is moving to Beta: all users can scan Cargo projects and generate SBOMs, including Cargo.toml-only crates, with Rust-aware supply chain checks.
By Mikola Lysenko, Trevor Norris - Sep 11, 2025