Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
@valueflows/vf-graphql
Advanced tools
GraphQL reference implementation of the ValueFlows grammar.
This project synchronizes projects implementing VF for a GraphQL interface between client and server. It includes:
Agent
, Person
, Organization
, SpatialThing
, note
, image
).The top-level module export contains three methods: buildSchema
, printSchema
and validate
.
The buildSchema
method allows you to dynamically create schemas for the entire ValueFlows specification, or modular subsets of it. The full schema is broken down into modules of functionality, so that implementations which only aim to cover part of the specification can do so.
buildSchema
will return a GraphQLSchema object for the entire ValueFlows API, including all optional and auxiliary modules.schemaModules
in schema-manifest.js
or refer to the filenames in lib/schemas
.printSchema
from the graphql
module is also exported to make it easy to turn the built schema objects created by buildSchema
into SDL strings, as some tooling requires this input format.
Therefore, if you need access to a string version of any schema you can get an SDL version with:
printSchema(buildSchema(/* [...] */))
If all you need is the entire schema as a string, consider importing @valueflows/vf-graphql/ALL_VF_SDL
or @valueflows/vf-graphql/json-schema.json
instead.
validate
has the same parameters as buildSchema
, but takes another GraphQL schema as its first argument and validates it against a schema generated from the given set of module IDs and extension schemas. The output format is that of GraphQL's findBreakingChanges
method.
To implement a system gateway compatible with the ValueFlows spec, you will need to define the following:
Resolver methods which bind to your application services must be implemented. In traditional client/server architecture, this is usually done serverside and the implementation executes remotely. In distributed/decentralised systems it is usually important that this be done in the client app to avoid adding any extra centralised services to your infrastructure.
If using Apollo GraphQL, this means defining an implementation object which contains methods for resolving all relationship fields. This object is passed to makeExecutableSchema
along with the schema
definition exported by this module.
Schemas will usually have to inject __typename
parameters to disambiguate union types, especially for EventOrCommitment
where there are no required fields which can determine the difference between the two records via duck-typing.
For a more detailed example, see the Holochain schema bindings.
Scalar type resolvers need to be provided for the ISO8601 DateTime
type, in order to handle date encoding & decoding to your chosen storage system.
DateTime
should be of variable precision, and allow specifying dates without time components as well as times without milliseconds. The timezone specifier may be omitted, but it is recommended to inject it manually prior to transmission to the server to ensure that specified times remain local to the user making the request.
There is also a separate URI
type which simply makes it explicit when a reference to some external asset is expected. Implementations may treat these as strings, or perform URI validation as needed.
We usually suggest that you do not enforce an http/https protocol scheme, to allow for cross-system data linkage where records from distributed systems with their own URI resolution behaviour can be interlinked with web-based URLs.
npm i -g yarn
using the version of node you plan on developing this project against (for recommended, see .nvmrc
). You can setup your modules manually using npm link
if you prefer, but Yarn's workspaces feature will save you a lot of time.yarn
from the top level folder of this repository to install and wire up all dependencies.npm run build
to compile the schema files.See scripts
in package.json
for the available commands. For quickly spinning up the full system, you should usually be able to simply run npm start
. This will load up:
http://localhost:3000/graphql
which you can use to test queries against a mock GraphQL API derived from the schema.http://localhost:3000/viewer
which shows an interactive visual representation useful for exploring the schema.The recommended way to contribute to this repo is via the npm run dev:schema
command (also run as part of npm start
). This will watch the code for changes and build & run tests every time you save a file. It's best to do it this way as the errors from the GraphQL parser can be hard to track down- more frequent feedback means you will catch any errors sooner.
The lib/
directory contains all source of the reference schema & validation helpers:
index.js
is the main entrypoint to the module, used by other packages wishing to validate schemas against the spec.tests/
contains tests for ensuring the schemas compile successfully.schemas/
contains the actual GraphQL schema definition files. These are the files you should edit.
schemas/bridging/
contains files which are automatically loaded in buildSchema
. The filenames are dot-separated, and if all of the filename components are present in the module IDs passed then the schema is injected. For a list of available module IDs, see schema-manifest.js
.build/
, json-schema.json
and the other *.js
files are excluded from version control. They are generated from the schema definition files, using helper code in lib/scripts/
.The "bridging" schema files in schemas/bridging/
create non-obvious behaviour within the top-level schema modules in schemas/
. On first glance, some fields (eg. EconomicEvent.realizationOf
) may appear to be missing from the record type definitions. However, this field's presence in the observation.agreement
"bridging" schema means that it will automatically be added to the output schema if both observation
and agreement
are included. So— always check these files for a property before consider it missing as it may be part of a cross-module relationship or index.
The buildSchema
helper defined in the module root manages all the logic for managing "bridging" schemas internally.
lib/package.json
& commit to the repositoryCHANGELOG.md
with the new version ID and list of changes, and commitnpm run publish
from this directoryorigin
Released under an Apache 2.0 license.
FAQs
Reference GraphQL implementation of the ValueFlows spec
The npm package @valueflows/vf-graphql receives a total of 4 weekly downloads. As such, @valueflows/vf-graphql popularity was classified as not popular.
We found that @valueflows/vf-graphql demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.