Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
graphql-mini-transforms
Advanced tools
Transformers for importing .graphql files in various build tools.
graphql-mini-transforms
Transformers for importing .graphql files in various build tools.
yarn add graphql-mini-transforms
This package provides a loader for .graphql
files in Webpack. This loader automatically minifies and adds a unique identifier to each GraphQL document. These features are used by @shopify/webpack-persisted-graphql-plugin
to generate a mapping of identifiers to GraphQL operations for persisted queries.
To use this loader in Webpack, add a rule referencing this loader to your Webpack configuration:
module.exports = {
module: {
rules: [
{
test: /\.(graphql|gql)$/,
use: 'graphql-mini-transforms/webpack-loader',
exclude: /node_modules/,
},
],
},
};
Note that, unlike graphql-tag/loader
, this loader does not currently support exporting multiple operations from a single file. You can, however, import other GraphQL documents containing fragments with #import
comments at the top of the file:
#import './ProductVariantPriceFragment.graphql';
query Product {
product {
variants(first: 10) {
edges {
node {
...ProductVariantId
...ProductVariantPrice
}
}
}
}
}
fragment ProductVariantId on ProductVariant {
id
}
This loader accepts a single option, simple
. This option changes the shape of the value exported from .graphql
files. By default, a graphql-typed
DocumentNode
is exported, but when simple
is set to true
, a SimpleDocument
is exported instead. This representation of GraphQL documents is smaller than a full DocumentNode
, but generally won’t work with normalized GraphQL caches.
module.exports = {
module: {
rules: [
{
test: /\.(graphql|gql)$/,
use: 'graphql-mini-transforms/webpack-loader',
exclude: /node_modules/,
options: {simple: true},
},
],
},
};
If this option is set to true
, you should also use the jest-simple
transformer for Jest, and the --export-format simple
flag for graphql-typescript-definitions
.
This package provides a plugin for loading .graphql
files in Rollup.
To use this plugin, add a rule referencing this loader to your Rollup configuration:
// rollup.config.mjs
import {graphql} from 'graphql-mini-transforms/rollup';
export default {
// ...
// Other Rollup config
// ...
plugins: [graphql()],
};
Like the Webpack loader, you can provide a simple: true
option to enable the SimpleDocument
export format:
// rollup.config.mjs
import {graphql} from 'graphql-mini-transforms/rollup';
export default {
// ...
// Other Rollup config
// ...
plugins: [graphql({simple: true})],
};
For convenience, a Vite-friendly version of this plugin is also provided:
// vite.config.mjs
import {graphql} from 'graphql-mini-transforms/vite';
export default {
// ...
// Other Vite config
// ...
plugins: [graphql()],
};
This package also provides a transformer for GraphQL files in Jest. To use the transformer, add a reference to it in your Jest configuration’s transform
option:
module.exports = {
transform: {
'\\.(gql|graphql)$': 'graphql-mini-transforms/jest',
},
};
If you want to get the same output as the simple
option of the webpack loader, you can instead use the jest-simple
loader transformer:
module.exports = {
transform: {
'\\.(gql|graphql)$': 'graphql-mini-transforms/jest-simple',
},
};
This loader takes heavy inspiration from the following projects:
We wrote something custom in order to get the following benefits:
.graphql
files using graphql-mini-transforms
FAQs
Transformers for importing .graphql files in various build tools.
The npm package graphql-mini-transforms receives a total of 20,173 weekly downloads. As such, graphql-mini-transforms popularity was classified as popular.
We found that graphql-mini-transforms demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.