Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
graphql-mini-transforms
Advanced tools
Transformers for importing .graphql files in various build tools.
graphql-mini-transforms
Transformers for importing .graphql files in various build tools.
npm install graphql-mini-transforms --save-dev
or, with Yarn:
yarn add graphql-mini-transforms --dev
This package provides a loader for .graphql
files in Webpack. This loader automatically minifies and adds a unique identifier to each GraphQL document. These features are used by @shopify/webpack-persisted-graphql-plugin
to generate a mapping of identifiers to GraphQL operations for persisted queries.
To use this loader in Webpack, add a rule referencing this loader to your Webpack configuration:
module.exports = {
module: {
rules: [
{
test: /\.(graphql|gql)$/,
use: 'graphql-mini-transforms/webpack',
exclude: /node_modules/,
},
],
},
};
Note that, unlike graphql-tag/loader
, this loader does not currently support exporting multiple operations from a single file. You can, however, import other GraphQL documents containing fragments with #import
comments at the top of the file:
#import './ProductVariantPriceFragment.graphql';
query Product {
product {
variants(first: 10) {
edges {
node {
...ProductVariantId
...ProductVariantPrice
}
}
}
}
}
fragment ProductVariantId on ProductVariant {
id
}
This package also provides a transformer for GraphQL files in Jest. To use the transformer, add a reference to it in your Jest configuration’s transform
option:
module.exports = {
transform: {
'\\.(gql|graphql)$': 'graphql-mini-transforms/jest',
},
};
This loader takes heavy inspiration from the following projects:
We wrote something custom in order to get the following benefits:
.graphql
files using graphql-mini-transforms
FAQs
Transformers for importing .graphql files in various build tools.
The npm package graphql-mini-transforms receives a total of 20,173 weekly downloads. As such, graphql-mini-transforms popularity was classified as popular.
We found that graphql-mini-transforms demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.