Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
apollo-link-batch-http
Advanced tools
apollo-link-batch-http
is a terminating link that combines multiple GraphQL
operations into a single HTTP request. This link batches together individual
operations into an array that is sent to a single GraphQL endpoint.
import { BatchHttpLink } from "apollo-link-batch-http";
const link = new BatchHttpLink({ uri: "/graphql" });
The batch http link accepts an object with some options to customize the behavior of the link. There are two different categories of options: http and batch. The http options follow the same structure as the apollo-link-http:
uri
: the URI key is a string endpoint -- will default to "/graphql" if not
specifiedincludeExtensions
: allow passing the extensions field to your graphql
server, defaults to falsefetch
: a fetch
compatible API for making a requestheaders
: an object representing values to be sent as headers on the requestcredentials
: a string representing the credentials policy you want for the
fetch callfetchOptions
: any overrides of the fetch options argument to pass to the
fetch call. Note that you cannot use batching with the GET HTTP method.The batching options indicate how operations are batched together, the size of batches, and the maximum time a batch will wait before automatically being sent over the network.
batchMax
: a max number of items to batch, defaults at 10batchInterval
: the interval at which to batch (in ms), defaults to 10batchKey
: a function that accepts an operation and returns a string key,
which uniquely names the batch the operation belongs to, defaults to
returning the same stringThe batch http link relies on having fetch
present in your runtime environment. If you are running on react-native, or modern browsers, this should be no problem. If you are targeting an environment without fetch
such as older browsers or the server, you will need to pass your own fetch
to the link through the options. We recommend unfetch
for older browsers and node-fetch
for running in Node.
The Batch Http Link currently uses the context in two different ways, per batch and per query. The context fields below are used per batch and taken from the first operation in the batch. They are applied to the fetch options in a similar manner as apollo-link-http.
headers
: an object representing values to be sent as headers on the requestcredentials
: a string representing the credentials policy you want for the
fetch calluri
: a string of the endpoint you want to fetch fromfetchOptions
: any overrides of the fetch options argument to pass to the
fetch callresponse
: this is the raw response from the fetch request after it is made.For each query, the http
field is used to modify each individual query in the
batch, such as persisted queries (see below)
The batch http link supports an advanced GraphQL feature called persisted queries. This allows you to not send the stringified query over the wire, but instead send some kind of identifier of the query. To support this you need to attach the id somewhere to the extensions field and pass the following options to the context:
operation.setContext({
http: {
includeExtensions: true,
includeQuery: false,
}
})
The http
object on context currently supports two keys:
includeExtensions
: Send the extensions object for this request.includeQuery
: Don't send the query
field for this request.One way to use persisted queries is with apollo-link-persisted-queries and Apollo Engine.
The batch http link handles errors on a per batch basis with the same semantics found in apollo-link-http:
You can use the fetch
option when creating an http-link to do a lot of custom networking. This is useful if you want to modify the request based on the calculated headers or calculate the uri based on the operation:
const customFetch = (uri, options) => {
const { header } = Hawk.client.header(
"http://example.com:8000/resource/1?b=1&a=2",
"POST",
{ credentials: credentials, ext: "some-app-data" }
);
options.headers.Authorization = header;
return fetch(uri, options);
};
const link = new BatchHttpLink({ fetch: customFetch });
const customFetch = (uri, options) => {
const operationNames = JSON.parse(options.body).map(operation => operation.operationName);
return fetch(`${uri}/graph/graphql?opname=${operationNames}`, options);
};
const link = new BatchHttpLink({ fetch: customFetch });
FAQs
Batch HTTP transport layer for GraphQL
We found that apollo-link-batch-http demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.