Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
@valueflows/vf-graphql
Advanced tools
GraphQL reference implementation of the ValueFlows grammar.
This project synchronizes projects implementing VF for a GraphQL interface between client and server. It includes:
Agent
, Person
, Organization
, SpatialThing
, note
, image
).The top-level module export contains three methods: buildSchema
, printSchema
and validate
.
buildSchema
, when run without arguments, will return a GraphQLSchema object for the entire ValueFlows API, including all optional and auxiliary modules. When passed an array, it builds a subset of the full spec which includes only the specified modules. For a complete list of modules, see schemaModules
in schema-manifest.js
.
printSchema
from the graphql
module is also exported to make it easy to turn built schema objects into SDL strings, as some modules require this input format.
validate
takes another GraphQL schema as input and validates it against a schema generated from any set of module IDs. The output format is that of GraphQL's findBreakingChanges
.
If you need access to a string version of any schema, you can get an SDL version with
printSchema(buildSchema(/* [...] */))
If all you need is the entire schema as a string, consider importing @valueflows/vf-graphql/ALL_VF_SDL
or @valueflows/vf-graphql/json-schema.json
instead.
To implement a system gateway compatible with the ValueFlows spec, you will need to define the following:
makeExecutableSchema
along with the schema
definition exported by this moduleDateTime
& DateInterval
typesFor a more detailed example, see the project in ./mock-server/
.
npm i -g yarn
using the version of node you plan on developing this project against (for recommended, see .nvmrc
). You can setup your modules manually using npm link
if you prefer, but Yarn's workspaces feature will save you a lot of time.yarn
from the top level folder of this repository to install and wire up all dependencies.See scripts
in package.json
for the available commands. For quickly spinning up the full system, you should usually be able to simply run npm start
. This will load up:
http://localhost:3000/graphql
which you can use to test queries against a mock GraphQL API derived from the schema.http://localhost:3000/viewer
which shows an interactive visual representation useful for exploring the schema.The recommended way to contribute to this repo is via the npm run dev:schema
command (also run as part of npm start
). This will watch the code for changes and build & run tests every time you save a file. It's best to do it this way as the errors from the GraphQL parser can be hard to track down- more frequent feedback means you will catch any errors sooner.
The lib/
directory contains all source of the reference schema & validation helpers:
index.js
is the main entrypoint to the module, used by other packages wishing to validate schemas against the spec.tests/
contains tests for ensuring the schemas compile successfully.schemas/
contains the actual GraphQL schema definition files. These are the files you should edit.
schemas/bridging/
contains files which are automatically loaded in buildSchema
. The filenames are dot-separated, and if all of the filename components are present in the module IDs passed then the schema is injected. For a list of available module IDs, see schema-manifest.js
.build/
, json-schema.json
and the other *.js
files are excluded from version control. They are generated from the schema definition files, using helper code in lib/scripts/
.The "bridging" schema files in schemas/bridging/
create non-obvious behaviour within the top-level schema modules in schemas/
. On first glance, some fields (eg. EconomicEvent.realizationOf
) may appear to be missing from the record type definitions. However, this field's presence in the observation.agreement
"bridging" schema means that it will automatically be added to the output schema if both observation
and agreement
are included. So— always check these files for a property before consider it missing as it may be part of a cross-module relationship or index.
The buildSchema
helper defined in the module root manages all the logic for managing "bridging" schemas internally.
lib/package.json
& commit to the repositoryCHANGELOG.md
with the new version ID and list of changes, and commitnpm run publish
from this directoryorigin
Released under an Apache 2.0 license.
FAQs
Reference GraphQL implementation of the ValueFlows spec
The npm package @valueflows/vf-graphql receives a total of 4 weekly downloads. As such, @valueflows/vf-graphql popularity was classified as not popular.
We found that @valueflows/vf-graphql demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.