Security News
Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.
By Philipp Burckhardt - Nov 14, 2025
eslint-plugin-nestjs-graphql
Advanced tools
eslint-plugin-nestjs-graphql
Ensure correct typing for NestJS GraphQL decorated methods
eslint-plugin-nestjs-graphql
This plugin intends to prevent issues with returning the wrong type from NestJS GraphQL resolvers. Relevant to Code first approach.
Rules
The plugin supports rules:
matching-return-type
matching-resolve-field-parent-type
Motivation
matching-return-type
When Code first approach is used, NestJS generates schema based on the decorators such as ResolveField, Query, or Mutation which define the type of the returned value. However, the type of the returned value is not checked by TypeScript compiler.
A query defined as:
@Query(returns => Author)
async author(@Args('id', { type: () => Int }) id: number) {
return this.authorsService.findOneById(id);
}
can be implemented to return any type of value, e.g. Promise<string>. This will not be caught by TypeScript compiler, but will result in runtime error when the GraphQL schema is generated.
This rule aims to solve this issue by checking the type of the returned value.
Valid
@Query(returns => Author)
async author(@Args('id', { type: () => Int }) id: number): Author {
return this.authorsService.findOneById(id);
}
@Query(returns => Author)
async author(@Args('id', { type: () => Int }) id: number): Promise<Author> {
return this.authorsService.findOneById(id);
}
@Query(returns => [Author])
async author(@Args('id', { type: () => Int }) id: number): Promise<Author[]> {
return this.authorsService.findOneById(id);
}
@Query(returns => [Author], { nullable: true })
async author(@Args('id', { type: () => Int }) id: number): Promise<Author[] | null> {
return this.authorsService.findOneById(id);
}
Invalid
@Query(returns => Author)
async author(@Args('id', { type: () => Int }) id: number): string {
return this.authorsService.findOneById(id);
}
@Query(returns => Author)
async author(@Args('id', { type: () => Int }) id: number): Promise<Author | null> {
return this.authorsService.findOneById(id);
}
@Query(returns => Author)
async author(@Args('id', { type: () => Int }) id: number): Promise<Author[]> {
return this.authorsService.findOneById(id);
}
matching-resolve-field-parent-type
When resolving a field, the @Parent() decorator's type can mismatch the type returned from the @Resolver() decorator of the class. This may result in runtime error or unexpected behavior.
This rule aims to solve this issue by checking the type of the @Parent against @Resolver().
Valid
@Resolver(() => Author)
class AuthorResolver {
@ResolveField(() => [Book])
async books(@Parent() author: Author): Promise<Book[]> {
return this.booksService.findAllByAuthorId(author.id);
}
}
@Resolver(Author)
class AuthorResolver {
@ResolveField(returns => [Book])
async books(@Parent() author: Author): Promise<Book[]> {
return this.booksService.findAllByAuthorId(author.id);
}
}
Invalid
@Resolver()
class AuthorResolver {
@ResolveField(returns => [Book])
async books(@Parent() author: Author): Promise<Book[]> {
return this.booksService.findAllByAuthorId(author.id);
}
}
@Resolver(Author)
class AuthorResolver {
@ResolveField(returns => [Book])
async books(@Parent() author: Book): Promise<Book[]> {
return this.booksService.findAllByAuthorId(author.id);
}
}
Installation
# inside your project's working tree
npm i eslint-plugin-nestjs-graphql --save-dev
The rules are off by default. To turn them on, add the following to your .eslintrc file:
{
"plugins": ["nestjs-graphql"],
"rules": {
"nestjs-graphql/matching-return-type": "error", // `error` level is recommended
"nestjs-graphql/matching-resolve-field-parent-type": "error", // `error` level is recommended
}
}
FAQs
Ensure correct typing for NestJS GraphQL decorated methods
The npm package eslint-plugin-nestjs-graphql receives a total of 123 weekly downloads. As such, eslint-plugin-nestjs-graphql popularity was classified as not popular.
We found that eslint-plugin-nestjs-graphql demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 12 Oct 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent
PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads
By Sarah Gooding - Nov 14, 2025
Research
/Security News
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
By Kirill Boychenko - Nov 12, 2025