Security News
Fluent Assertions Faces Backlash After Abandoning Open Source Licensing
Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.
eslint-plugin-graphql
Advanced tools
eslint-plugin-graphql is an ESLint plugin that provides GraphQL linting rules for your JavaScript and TypeScript projects. It helps ensure that your GraphQL queries, mutations, and subscriptions are syntactically correct and follow best practices.
Linting GraphQL Queries
This feature allows you to lint GraphQL queries within template strings. The configuration specifies the environment as 'literal' and uses a local schema file to validate the queries.
{
"rules": {
"graphql/template-strings": [
"error",
{
"env": "literal",
"schemaJson": require('./schema.json')
}
]
}
}
Linting GraphQL Files
This feature allows you to lint GraphQL operations in .graphql files. The configuration uses a local schema file to validate the operations and ensures that all operations are named.
{
"rules": {
"graphql/named-operations": [
"error",
{
"schemaJson": require('./schema.json')
}
]
}
}
Custom Validation Rules
This feature allows you to enforce custom validation rules on your GraphQL queries. The example configuration ensures that every query includes the 'id' and '__typename' fields.
{
"rules": {
"graphql/required-fields": [
"error",
{
"env": "apollo",
"schemaJson": require('./schema.json'),
"requiredFields": ["id", "__typename"]
}
]
}
}
graphql-eslint is another ESLint plugin that provides a comprehensive set of rules for linting GraphQL schema and operations. It offers more granular control over linting rules and supports both GraphQL schema and operations in various file types. Compared to eslint-plugin-graphql, graphql-eslint provides a more extensive set of rules and better integration with GraphQL tools like Apollo and Relay.
An ESLint plugin that checks tagged query strings inside JavaScript, or queries inside .graphql
files, against a GraphQL schema.
npm install eslint-plugin-graphql
eslint-plugin-graphql
has built-in settings for four GraphQL clients out of the box:
If you want to lint your GraphQL schema, rather than queries, check out cjoudrey/graphql-schema-linter.
You'll need to import your introspection query result or the schema as a string in the Schema Language format. This can be done if you define your ESLint config in a JS file.
graphql-cli provides a get-schema
command (in conjunction with a .graphqlconfig
file) that makes retrieving remote schemas very simple.
apollo-codegen also provides an introspect-schema command that can get your remote schemas as well
All of the rules provided by this plugin have a few options in common. There are examples of how to use these with Apollo, Relay, Lokka, FraQL and literal files further down.
env
: Import default settings for your GraphQL client. Supported values: 'apollo'
, 'relay'
, 'lokka'
, 'fraql'
'literal'
. Defaults to 'apollo'
. This is used for the slight parsing differences in the GraphQL syntax between Apollo, Relay, Lokka and FraQL as well as giving nice defaults to some other options.
tagName
: The name of the template literal tag that this plugin should look for when searching for GraphQL queries. It has different defaults depending on the env
option:
'relay'
: 'Relay.QL'
'internal'
: Special automatic value'gql'
, 'graphql'
You also have to specify a schema. You can either do it using one of these options:
schemaJson
: Your schema as JSON.schemaJsonFilepath
: The absolute path to your schema as a .json file. (Warning: this variant is incompatible with eslint --cache
.)schemaString
: Your schema in the Schema Language format as a string.Alternatively, you can use a .graphqlconfig file instead of the above three options. If you do there's one more option to know about:
projectName
: In case you specify multiple schemas in your .graphqlconfig
file, choose which one to use by providing the project name here as a string.There's an example on how to use a .graphqlconfig
file further down.
This plugin relies on GraphQL queries being prefixed with a special tag. In Relay and Apollo this is done often, but some other clients take query strings without a tag. In this case, fake-tag
can be used to define an identity tag that doesn't do anything except for tell the linter this is a GraphQL query:
import gql from "fake-tag";
const QUERY_VIEWER_NAME = gql`
query ViewerName {
viewer {
name
}
}
`;
Fake tags won’t be necessary once /* GraphQL */
comment tags are supported.
This plugin also lints GraphQL literal files ending on .gql
or .graphql
.
In order to do so set env
to 'literal'
in your .eslintrc.js
and tell eslint to check these files as well.
eslint . --ext .js --ext .gql --ext .graphql
// In a file called .eslintrc.js
module.exports = {
parser: "babel-eslint",
rules: {
"graphql/template-strings": ['error', {
// Import default settings for your GraphQL client. Supported values:
// 'apollo', 'relay', 'lokka', 'fraql', 'literal'
env: 'apollo',
// Import your schema JSON here
schemaJson: require('./schema.json'),
// OR provide absolute path to your schema JSON (but not if using `eslint --cache`!)
// schemaJsonFilepath: path.resolve(__dirname, './schema.json'),
// OR provide the schema in the Schema Language format
// schemaString: printSchema(schema),
// tagName is gql by default
}]
},
plugins: [
'graphql'
]
}
// In a file called .eslintrc.js
module.exports = {
parser: "babel-eslint",
rules: {
"graphql/template-strings": ['error', {
// Import default settings for your GraphQL client. Supported values:
// 'apollo', 'relay', 'lokka', 'fraql', 'literal'
env: 'relay',
// Import your schema JSON here
schemaJson: require('./schema.json'),
// OR provide absolute path to your schema JSON (but not if using `eslint --cache`!)
// schemaJsonFilepath: path.resolve(__dirname, './schema.json'),
// OR provide the schema in the Schema Language format
// schemaString: printSchema(schema),
// tagName is set for you to Relay.QL
}]
},
plugins: [
'graphql'
]
}
// In a file called .eslintrc.js
module.exports = {
parser: "babel-eslint",
rules: {
"graphql/template-strings": ['error', {
// Import default settings for your GraphQL client. Supported values:
// 'apollo', 'relay', 'lokka', 'fraql', 'literal'
env: 'lokka',
// Import your schema JSON here
schemaJson: require('./schema.json'),
// OR provide absolute path to your schema JSON (but not if using `eslint --cache`!)
// schemaJsonFilepath: path.resolve(__dirname, './schema.json'),
// OR provide the schema in the Schema Language format
// schemaString: printSchema(schema),
// Optional, the name of the template tag, defaults to 'gql'
tagName: 'gql'
}]
},
plugins: [
'graphql'
]
}
// In a file called .eslintrc.js
module.exports = {
parser: "babel-eslint",
rules: {
"graphql/template-strings": ['error', {
// Import default settings for your GraphQL client. Supported values:
// 'apollo', 'relay', 'lokka', 'fraql', 'literal'
env: 'fraql',
// Import your schema JSON here
schemaJson: require('./schema.json'),
// OR provide absolute path to your schema JSON
// schemaJsonFilepath: path.resolve(__dirname, './schema.json'),
// OR provide the schema in the Schema Language format
// schemaString: printSchema(schema),
// Optional, the name of the template tag, defaults to 'gql'
tagName: 'gql'
}]
},
plugins: [
'graphql'
]
}
// In a file called .eslintrc.js
module.exports = {
parser: "babel-eslint",
rules: {
"graphql/template-strings": ['error', {
// Import default settings for your GraphQL client. Supported values:
// 'apollo', 'relay', 'lokka', 'fraql', 'literal'
env: 'literal',
// Import your schema JSON here
schemaJson: require('./schema.json'),
// OR provide absolute path to your schema JSON (but not if using `eslint --cache`!)
// schemaJsonFilepath: path.resolve(__dirname, './schema.json'),
// OR provide the schema in the Schema Language format
// schemaString: printSchema(schema),
// tagName is set automatically
}]
},
plugins: [
'graphql'
]
}
This plugin can be used to validate against multiple schemas by identifying them with different tags. This is useful for applications interacting with multiple GraphQL systems. Additional schemas can simply be appended to the options list:
module.exports = {
parser: "babel-eslint",
rules: {
"graphql/template-strings": ['error', {
env: 'apollo',
tagName: 'FirstGQL',
schemaJson: require('./schema-first.json')
}, {
env: 'relay',
tagName: 'SecondGQL',
schemaJson: require('./schema-second.json')
}]
},
plugins: [
'graphql'
]
}
If you have .graphqlconfig
file in the root of your repo you can omit schema-related
properties (schemaJson
, schemaJsonFilepath
and schemaString
) from rule config.
// In a file called .eslintrc.js
module.exports = {
parser: "babel-eslint",
rules: {
"graphql/template-strings": ['error', {
// Import default settings for your GraphQL client. Supported values:
// 'apollo', 'relay', 'lokka', 'fraql', 'literal'
env: 'literal'
// no need to specify schema here, it will be automatically determined using .graphqlconfig
}]
},
plugins: [
'graphql'
]
}
In case you use additional schemas, specify projectName
from .graphqlconfig
for each tagName
:
module.exports = {
parser: "babel-eslint",
rules: {
"graphql/template-strings": ['error', {
env: 'apollo',
tagName: 'FirstGQL',
projectName: 'FirstGQLProject'
}, {
env: 'relay',
tagName: 'SecondGQL',
projectName: 'SecondGQLProject'
}]
},
plugins: [
'graphql'
]
}
GraphQL validation rules can be configured in the eslint rule configuration using the validators
option. The default selection depends on the env
setting. If no env
is specified, all rules are enabled by default.
The validators
setting can be set either to a list of specific validator names or to the special value "all"
.
module.exports = {
parser: "babel-eslint",
rules: {
"graphql/template-strings": ['error', {
env: 'apollo',
validators: 'all',
tagName: 'FirstGQL',
schemaJson: require('./schema-first.json')
}, {
validators: ['FieldsOnCorrectType'],
tagName: 'SecondGQL',
schemaJson: require('./schema-second.json')
}]
},
plugins: [
'graphql'
]
}
The full list of available validators is:
ExecutableDefinitions
FieldsOnCorrectType
FragmentsOnCompositeTypes
KnownArgumentNames
KnownDirectives
(disabled by default in relay
)KnownFragmentNames
(disabled by default in all envs)KnownTypeNames
LoneAnonymousOperation
NoFragmentCycles
NoUndefinedVariables
(disabled by default in relay
)NoUnusedFragments
(disabled by default in all envs)NoUnusedVariables
OverlappingFieldsCanBeMerged
PossibleFragmentSpreads
ProvidedRequiredArguments
(disabled by default in relay
)ScalarLeafs
(disabled by default in relay
)SingleFieldSubscriptions
UniqueArgumentNames
UniqueDirectivesPerLocation
UniqueFragmentNames
UniqueInputFieldNames
UniqueOperationNames
UniqueVariableNames
ValuesOfCorrectType
VariablesAreInputTypes
VariablesDefaultValueAllowed
VariablesInAllowedPosition
The Named Operation rule validates that all operations are named. Naming operations is valuable for including in server-side logs and debugging.
Pass
query FetchUsername {
viewer {
name
}
}
Fail
query {
viewer {
name
}
}
The rule is defined as graphql/named-operations
.
// In a file called .eslintrc.js
module.exports = {
parser: "babel-eslint",
rules: {
"graphql/template-strings": ['error', {
env: 'apollo',
schemaJson: require('./schema.json'),
}],
"graphql/named-operations": ['warn', {
schemaJson: require('./schema.json'),
}],
},
plugins: [
'graphql'
]
}
The Required Fields rule validates that any specified required field is part of the query, but only if that field is available in schema. This is useful to ensure that query results are cached properly in the client.
Pass
// 'uuid' required and present in the schema
schema {
query {
viewer {
name
uuid
}
}
}
query ViewerName {
viewer {
name
uuid
}
}
Pass
// 'uuid' usually required but not present in the schema here
schema {
query {
viewer {
name
}
}
}
query ViewerName {
viewer {
name
}
}
Fail
// 'uuid' required and present in the schema
schema {
query {
viewer {
uuid
name
}
}
}
query ViewerName {
viewer {
name
}
}
The rule is defined as graphql/required-fields
and requires the requiredFields
option.
// In a file called .eslintrc.js
module.exports = {
rules: {
'graphql/required-fields': [
'error',
{
env: 'apollo',
schemaJsonFilepath: path.resolve(__dirname, './schema.json'),
requiredFields: ['uuid'],
},
],
},
plugins: [
'graphql'
]
}
This rule enforces that first letter of types is capitalized
Pass
query {
someUnion {
... on SomeType {
someField
}
}
}
Fail
query {
someUnion {
... on someType {
someField
}
}
}
The rule is defined as graphql/capitalized-type-name
.
// In a file called .eslintrc.js
module.exports = {
parser: "babel-eslint",
rules: {
"graphql/template-strings": ['error', {
env: 'apollo',
schemaJson: require('./schema.json'),
}],
"graphql/capitalized-type-name": ['warn', {
schemaJson: require('./schema.json'),
}],
},
plugins: [
'graphql'
]
}
The No Deprecated Fields rule validates that no deprecated fields are part of the query. This is useful to discover fields that have been marked as deprecated and shouldn't be used.
Fail
// 'id' requested and marked as deprecated in the schema
schema {
query {
viewer {
id: Int @deprecated(reason: "Use the 'uuid' field instead")
uuid: String
}
}
}
query ViewerName {
viewer {
id
}
}
The rule is defined as graphql/no-deprecated-fields
.
// In a file called .eslintrc.js
module.exports = {
rules: {
'graphql/no-deprecated-fields': [
'error',
{
env: 'relay',
schemaJson: require('./schema.json')
},
],
},
plugins: [
'graphql'
]
}
v4.0.0
devDependencies
- upgrades the project to use Babel 7 and ESLint 6. PR #271 by Scott Taylor.FAQs
GraphQL ESLint plugin.
The npm package eslint-plugin-graphql receives a total of 172,462 weekly downloads. As such, eslint-plugin-graphql popularity was classified as popular.
We found that eslint-plugin-graphql demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.
Research
Security News
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
Security News
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.