Research
Security News
The Growing Risk of Malicious Browser Extensions
Socket researchers uncover how browser extensions in trusted stores are used to hijack sessions, redirect traffic, and manipulate user behavior.
By Kush Pandya - Jun 13, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
graphql-import
Advanced tools
graphql-import
[](https://discord.gg/xud7bH9)
99
Supply Chain Security
100
Vulnerability
95
Quality
83
Maintenance
100
License
Deprecated
MaintenanceThe maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.
Found 1 instance in 1 package
Dependencies have 14 high and critical alerts.
Critical CVE, Socket optimized override available, and High CVE
What is graphql-import?
The graphql-import npm package allows you to import and merge GraphQL schema files. This is particularly useful for modularizing your GraphQL schema by splitting it into multiple files and then combining them into a single schema.
What are graphql-import's main functionalities?
Importing GraphQL Schema Files
This feature allows you to import a GraphQL schema from a .graphql file. The `importSchema` function reads the file and returns the schema as a string, which can then be used with GraphQL tools like Apollo Server.
import { importSchema } from 'graphql-import';
const typeDefs = importSchema('path/to/schema.graphql');Merging Multiple Schema Files
You can use the `importSchema` function to merge multiple GraphQL schema files into a single schema. This is useful for organizing your schema into smaller, more manageable pieces.
import { importSchema } from 'graphql-import';
const typeDefs = importSchema('path/to/rootSchema.graphql');Using #import Syntax
The `graphql-import` package supports a special `#import` syntax that allows you to import types from other GraphQL files directly within your schema definition. This makes it easy to modularize your schema.
# import User from 'user.graphql'
# import Post from 'post.graphql'
type Query {
users: [User]
posts: [Post]
}Other packages similar to graphql-import
merge-graphql-schemas
The `merge-graphql-schemas` package provides similar functionality by allowing you to merge multiple GraphQL schema files into one. It also supports schema stitching and type merging, making it a robust alternative to `graphql-import`.
graphql-tools
The `graphql-tools` package from Apollo provides a set of utilities for building and manipulating GraphQL schemas. It includes functions for schema stitching, merging, and transforming schemas, offering a more comprehensive toolkit compared to `graphql-import`.
graphql-modules
The `graphql-modules` package allows you to create modular and reusable GraphQL schemas. It provides a higher-level abstraction for organizing your schema and resolvers, making it a more feature-rich alternative to `graphql-import`.
graphql-import
Install
yarn add graphql-import
Usage
import { importSchema } from 'graphql-import'
import { makeExecutableSchema } from 'graphql-tools'
const typeDefs = importSchema('schema.graphql'); // or .gql or glob pattern like **/*.graphql
const resolvers = {};
const schema = makeExecutableSchema({ typeDefs, resolvers });
Assume the following directory structure:
.
├── schema.graphql
├── posts.graphql
└── comments.graphql
schema.graphql
# import Post from "posts.graphql"
type Query {
posts: [Post]
}
posts.graphql
# import Comment from 'comments.graphql'
type Post {
comments: [Comment]
id: ID!
text: String!
tags: [String]
}
comments.graphql
type Comment {
id: ID!
text: String!
}
Running importSchema('schema.graphql') produces the following output:
type Query {
posts: [Post]
}
type Post {
comments: [Comment]
id: ID!
text: String!
tags: [String]
}
type Comment {
id: ID!
text: String!
}
FAQs
[](https://discord.gg/xud7bH9)
The npm package graphql-import receives a total of 159,959 weekly downloads. As such, graphql-import popularity was classified as popular.
We found that graphql-import demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 7 open source maintainers collaborating on the project.
Package last updated on 08 Apr 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
2025 Blockchain and Cryptocurrency Threat Report: Malware in the Open Source Supply Chain
An in-depth analysis of credential stealers, crypto drainers, cryptojackers, and clipboard hijackers abusing open source package registries to compromise Web3 development environments.
By Kirill Boychenko - Jun 12, 2025
Security News
pnpm 10.12 Introduces Global Virtual Store and Expanded Version Catalogs
pnpm 10.12.1 introduces a global virtual store for faster installs and new options for managing dependencies with version catalogs.
By Sarah Gooding - Jun 11, 2025