Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
graphql-component
Advanced tools
This project is designed to make npm module or component based Node.js development of graphql schemas easy.
Read more about the idea here.
graphql-component
lets you built a schema progressively through a tree of graphql schema dependencies.
lib
- the graphql-component code.test/examples/example-listing/property-component
- a component implementation for Property
.test/examples/example-listing/reviews-component
- a component implementation for Reviews
.test/examples/example-listing/listing-component
- a component implementation composing Property
and Reviews
into a new Listing
.test/examples/example-listing/server
- the "application".Can be run with npm start
which will start with debug flags.
Generally enable debug logging with DEBUG=graphql-component:*
To intercept resolvers with mocks execute this app with GRAPHQL_MOCK=1
enabled or simply run npm start-mock
.
GraphQLComponent(options)
- the component class, which may also be extended. Its options include:
types
- a string or array of strings representing typeDefs and rootTypes.resolvers
- an object containing resolver functions.imports
- an optional array of imported components for the schema to be merged with.context
- an optional object { namespace, factory } for contributing to context.directives
- an optional object containing custom schema directives.useMocks
- enable mocks.preserveResolvers
- when mocks are enabled, preserve resolvers which are not overridden by a mock implementationmocks
- an optional object containing mock types.dataSources
- an array of data sources instances to make available on context.dataSources
.dataSourceOverrides
- overrides for data sources in the component tree.federation
- enable building a federated schema (default: false
).A new GraphQLComponent instance has the following API:
schema
- getter that returns an executable schema representing the entire component tree.context
- context function that build context for all components in the tree.schemaDirectives
- schema directives for the entire component tree.execute
- accepts a graphql query to execute agains schema
.types
- this component's types.resolvers
- this component's resolvers.imports
- this component's imported components or a import configuration.mocks
- custom mocks for this component.directives
- this component's directives.dataSources
- this component's data source(s), if any.Creating a component using the GraphQLComponent class:
const GraphQLComponent = require('graphql-component');
const { schema, context } = new GraphQLComponent({ types, resolvers });
Typically the best way to make a re-useable component with instance data will be to extend GraphQLComponent
.
const GraphQLComponent = require('graphql-component');
const resolvers = require('./resolvers');
const types = require('./types');
const mocks = require('./mocks');
class PropertyComponent extends GraphQLComponent {
constructor({ useMocks, preserveResolvers }) {
super({ types, resolvers, mocks, useMocks, preserveResolvers });
}
}
module.exports = PropertyComponent;
This will allow for configuration (in this example, useMocks
and preserveResolvers
) as well as instance data per component (such as data base clients, etc).
Example to merge multiple components:
const { schema, context } = new GraphQLComponent({
imports: [
new Property(),
new Reviews()
]
});
const server = new ApolloServer({
schema,
context
});
Imports can be a configuration object supplying the following properties:
component
- the component instance to import.exclude
- fields, if any, to exclude.proxyImportedResolvers
- enable/disable wrapping imported resolvers in a proxy (defaults to true
).You can exclude root fields from imported components:
const { schema, context } = new GraphQLComponent({
imports: [
{
component: new Property(),
exclude: ['Mutation.*']
},
{
component: new Reviews(),
exclude: ['Mutation.*']
}
]
});
This will keep from leaking unintended surface area. But you can still delegate calls to the component's schema to enable it from the API you do expose.
When importing a component's resolvers, the default behavior is to replace the resolver with a function that executes a graphql query against the imported component for that field.
This allows components to compose together without accidentally potentially re-running type resolvers.
To disable this functionality (if you are never calling a sub-component's execute
function), set to false
.
Data sources in graphql-component
do not extend apollo-datasource
's DataSource
class.
Instead, data sources in components will be injected into the context, but wrapped in a proxy such that the global context will be injected as the first argument of any function implemented in a data source class.
This allows there to exist one instance of a data source for caching or other statefullness (like circuit breakers), while still ensuring that a data source will have the current context.
For example, a data source should be implemented like:
class PropertyDataSource {
async getPropertyById(context, id) {
//do some work...
}
}
This data source would be executed without passing the context
manually:
const resolvers = {
Query: {
property(_, { id }, { dataSources }) {
return dataSources.PropertyDataSource.getPropertyById(id);
}
}
}
Setting up a component to use a data source might look like:
new GraphQLComponent({
//...
dataSources: [new PropertyDataSource()]
})
Since data sources are added to the context based on the constructor name, it is possible to simply override data sources by passing the same class name or overriding the constructor name:
const { schema, context } = new GraphQLComponent({
imports: [
{
component: new Property(),
exclude: ['Mutation.*']
},
{
component: new Reviews(),
exclude: ['Mutation.*']
}
],
dataSourceOverrides: [
new class PropertyMock {
static get name() {
return 'PropertyDataSource';
}
//...etc
}
]
});
Components can be directly executed via the execute
function. The execute
function is basically a passthrough to graphql.execute
and is mostly useful for components calling imported components and the like.
The execute
function will return an object representing the result of the call, and may contain errors as field values. These errors will be propagated to the errors list in the graphql response when the result is returned.
For example, this allows one component to invoke another component and still get the benefits of that component's schema type resolvers and validation.
execute(input, options)
accepts an input
string and an optional options
object with the following fields:
root
- root object.context
- context object value.variables
- key:value mapping of variables for the input.mergeErrors
- merge errors and data together.Returns an object containing data
and errors
.
If mergeErrors: true
, returns an object containing the result and may contain errors on field values.
The execute
function also adds some helper fragments. For any type you query in a component, a helper fragment will exist to query all fields.
Example extending Property
to include a reviews
field that delegates to another component:
class PropertyComponentReviews extends GraphQLComponent {
constructor({ useMocks, preserveResolvers }) {
const propertyComponent = new PropertyComponent();
const reviewsComponent = new ReviewsComponent();
super ({
types: [
`type Property { reviews: [Review] }`
],
resolvers: {
Property: {
async reviews(_, args, context) {
const { reviewsByPropertyId } = await reviewsComponent.execute(`query { reviewsByPropertyId(id: ${_.id}) { ...AllReview }}`, { context, mergeErrors: true });
return reviewsByPropertyId;
}
}
},
imports: [
propertyComponent,
{
component: reviewsComponent,
exclude: ['*'] //Exclude the imported component's API
}
]
});
}
}
For the Review
type in the reviewsComponent
, a helper fragment will exist as AllReview
that provides all fields.
Example context argument:
const context = {
namespace: 'myNamespace',
factory: function ({ req }) {
return 'my value';
}
};
After this, resolver context
will contain { ..., myNamespace: 'my value' }
.
It may be necessary to transform the context before invoking component context.
const { schema, context } = new GraphQLComponent({types, resolvers, context});
context.use('transformRawRequest', ({ request }) => {
return { req: request.raw.req };
});
Using context
now in apollo-server-hapi
for example, will transform the context to one similar to default apollo-server
.
graphql-component accepts mocks in much the same way that Apollo does but with one difference.
Instead of accepting a mocks object, it accepts (importedMocks) => mocksObject
argument. This allows components to utilize the mocks from other imported components easily.
FAQs
Build, customize and compose GraphQL schemas in a componentized fashion
The npm package graphql-component receives a total of 66 weekly downloads. As such, graphql-component popularity was classified as not popular.
We found that graphql-component demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.