Product
Introducing Repository Labels and Security Policies
Socket is introducing a new way to organize repositories and apply repository-specific security policies.
By Nolan Lawson - Apr 22, 2025
🚀 Socket Launch Week 🚀 Day 2: Introducing Repository Labels and Security Policies.Learn More →
graphql-playground-middleware-lambda
Advanced tools
graphql-playground-middleware-lambda
GraphQL IDE for better development workflows (GraphQL Subscriptions, interactive docs & collaboration).
graphql-playground-middleware-lambda
Koa middleware to expose an endpoint for the GraphQL Playground IDE SECURITY NOTE: All versions of
graphql-playground-middleware-lambdauntil1.7.17or later have a security vulnerability when unsanitized user input is used while invokinglambdaPlayground(). Read more below
Installation
Using yarn:
yarn add graphql-playground-middleware-lambda
Or npm:
npm install graphql-playground-middleware-lambda --save
Usage
See full example in examples/basic.
minimal example:
const lambdaPlayground = require('graphql-playground-middleware-lambda').default
exports.handler = lambdaPlayground({
endpoint: '/dev',
})
Security Notes
All versions before 1.7.17 were vulnerable to user-defined input to lambdaPlayground(). Read more in the security notes
Security Upgrade Steps
To fix the issue, you can upgrade to 1.7.17. If you aren't able to upgrade, see the security notes for a workaround.
yarn:
yarn add graphql-playground-middleware-lambda@^1.7.17
npm:
npm install --save graphql-playground-middleware-lambda@^1.7.17
FAQs
GraphQL IDE for better development workflows (GraphQL Subscriptions, interactive docs & collaboration).
The npm package graphql-playground-middleware-lambda receives a total of 10,218 weekly downloads. As such, graphql-playground-middleware-lambda popularity was classified as popular.
We found that graphql-playground-middleware-lambda demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Package last updated on 04 Nov 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
The Bad Seeds: Malicious npm and PyPI Packages Pose as Developer Tools to Steal Wallet Credentials
Socket researchers uncovered malicious npm and PyPI packages that steal crypto wallet credentials using Google Analytics and Telegram for exfiltration.
By Kirill Boychenko - Apr 22, 2025
Product
Introducing .NET Support in Socket
Socket now supports .NET, bringing supply chain security and SBOM accuracy to NuGet and MSBuild-powered C# projects.
By Eli Insua, Rakesh Chatrath - Apr 21, 2025