New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
graphql-query-complexity
Advanced tools
graphql-query-complexity - npm Package Compare versions
Comparing version 0.8.1 to 0.9.0
| { | ||
| "name": "graphql-query-complexity", | ||
| "version": "0.8.1", | ||
| "version": "0.9.0", | ||
| "description": "Validation rule for GraphQL query complexity analysis", | ||
| "main": "dist/index.js", | ||
| "types": "dist/index.d.ts", | ||
| "main": "dist/cjs/index.js", | ||
| "types": "dist/cjs/index.d.ts", | ||
| "module": "dist/esm/index.js", | ||
| "scripts": { | ||
@@ -11,3 +12,5 @@ "lint": "eslint --ext .ts . && prettier --config .prettierrc 'src/**/*.ts' --check", | ||
| "clean": "rimraf dist/*", | ||
| "build": "tsc", | ||
| "build": "npm run build:esm && npm run build:cjs", | ||
| "build:esm": "tsc -p ./tsconfig.esm.json", | ||
| "build:cjs": "tsc -p ./tsconfig.json", | ||
| "test": "npm run lint && npm run testonly", | ||
@@ -14,0 +17,0 @@ "testonly": "mocha --check-leaks --exit --full-trace --require ts-node/register/transpile-only 'src/**/__tests__/**/*-test.{ts,tsx}'", |
122
README.md
| # GraphQL Query Complexity Analysis for graphql-js | ||
| [](https://www.npmjs.com/package/graphql-query-complexity) | ||
| [](https://badge.fury.io/js/graphql-query-complexity) | ||
| [](https://badge.fury.io/js/graphql-query-complexity) | ||
| [](https://circleci.com/gh/slicknode/graphql-query-complexity) | ||
@@ -11,8 +11,7 @@ [](https://twitter.com/slicknode) | ||
| Works with [graphql-js](https://github.com/graphql/graphql-js) reference implementation. | ||
| Works with [graphql-js](https://github.com/graphql/graphql-js) reference implementation. | ||
| ## Installation | ||
| Install the package via npm | ||
| Install the package via npm | ||
@@ -28,10 +27,11 @@ ```bash | ||
| ```javascript | ||
| import queryComplexity, { | ||
| import { | ||
| createComplexityRule, | ||
| simpleEstimator | ||
| } from 'graphql-query-complexity'; | ||
| const rule = queryComplexity({ | ||
| const rule = createComplexityRule({ | ||
| // The maximum allowed query complexity, queries above this threshold will be rejected | ||
| maximumComplexity: 1000, | ||
| // The query variables. This is needed because the variables are not available | ||
@@ -43,3 +43,3 @@ // in the visitor of the graphql-js library | ||
| operationName?: string, | ||
| // Optional callback function to retrieve the determined query complexity | ||
@@ -49,3 +49,3 @@ // Will be invoked whether the query is rejected or not | ||
| onComplete: (complexity: number) => {console.log('Determined query complexity: ', complexity)}, | ||
| // Optional function to create a custom error | ||
@@ -55,11 +55,11 @@ createError: (max: number, actual: number) => { | ||
| }, | ||
| // Add any number of estimators. The estimators are invoked in order, the first | ||
| // numeric value that is being returned by an estimator is used as the field complexity. | ||
| // If no estimator returns a value, an exception is raised. | ||
| // If no estimator returns a value, an exception is raised. | ||
| estimators: [ | ||
| // Add more estimators here... | ||
| // This will assign each field a complexity of 1 if no other estimator | ||
| // returned a value. | ||
| // returned a value. | ||
| simpleEstimator({ | ||
@@ -76,8 +76,8 @@ defaultComplexity: 1 | ||
| A complexity estimator is a simple function that calculates the complexity for a field. You can add | ||
| any number of complexity estimators to the rule, which are then executed one after another. | ||
| The first estimator that returns a numeric complexity value determines the complexity for that field. | ||
| any number of complexity estimators to the rule, which are then executed one after another. | ||
| The first estimator that returns a numeric complexity value determines the complexity for that field. | ||
| At least one estimator has to return a complexity value, otherwise an exception is raised. You can | ||
| for example use the [simpleEstimator](./src/estimators/simple/README.md) as the last estimator | ||
| in your chain to define a default value. | ||
| in your chain to define a default value. | ||
@@ -87,15 +87,15 @@ You can use any of the available estimators to calculate the complexity of a field | ||
| * **[`simpleEstimator`](src/estimators/simple/README.md):** The simple estimator returns a fixed complexity for each field. Can be used as | ||
| last estimator in the chain for a default value. | ||
| * **[`directiveEstimator`](src/estimators/directive/README.md):** Set the complexity via a directive in your | ||
| schema definition (for example via GraphQL SDL) | ||
| * **[`fieldExtensionsEstimator`](src/estimators/fieldExtensions/README.md):** The field extensions estimator lets you set a numeric value or a custom estimator | ||
| function in the field config extensions of your schema. | ||
| * PRs welcome... | ||
| - **[`simpleEstimator`](src/estimators/simple/README.md):** The simple estimator returns a fixed complexity for each field. Can be used as | ||
| last estimator in the chain for a default value. | ||
| - **[`directiveEstimator`](src/estimators/directive/README.md):** Set the complexity via a directive in your | ||
| schema definition (for example via GraphQL SDL) | ||
| - **[`fieldExtensionsEstimator`](src/estimators/fieldExtensions/README.md):** The field extensions estimator lets you set a numeric value or a custom estimator | ||
| function in the field config extensions of your schema. | ||
| - PRs welcome... | ||
| Consult the documentation of each estimator for information about how to use them. | ||
| Consult the documentation of each estimator for information about how to use them. | ||
| ## Creating Custom Estimators | ||
| An estimator has the following function signature: | ||
| An estimator has the following function signature: | ||
@@ -105,16 +105,16 @@ ```typescript | ||
| // The composite type (interface, object, union) that the evaluated field belongs to | ||
| type: GraphQLCompositeType, | ||
| type: GraphQLCompositeType; | ||
| // The GraphQLField that is being evaluated | ||
| field: GraphQLField<any, any>, | ||
| field: GraphQLField<any, any>; | ||
| // The GraphQL node that is being evaluated | ||
| node: FieldNode, | ||
| node: FieldNode; | ||
| // The input arguments of the field | ||
| args: {[key: string]: any}, | ||
| args: { [key: string]: any }; | ||
| // The complexity of all child selections for that field | ||
| childComplexity: number | ||
| } | ||
| childComplexity: number; | ||
| }; | ||
@@ -124,10 +124,12 @@ type ComplexityEstimator = (options: ComplexityEstimatorArgs) => number | void; | ||
| ## Usage with express-graphql | ||
| To use the query complexity analysis validation rule with express-graphql, use something like the | ||
| following: | ||
| following: | ||
| ```javascript | ||
| import queryComplexity, { simpleEstimator } from 'graphql-query-complexity'; | ||
| import { | ||
| simpleEstimator, | ||
| createComplexityRule, | ||
| } from 'graphql-query-complexity'; | ||
| import express from 'express'; | ||
@@ -138,16 +140,21 @@ import graphqlHTTP from 'express-graphql'; | ||
| const app = express(); | ||
| app.use('/api', graphqlHTTP(async (request, response, {variables}) => ({ | ||
| schema, | ||
| validationRules: [ | ||
| queryComplexity({ | ||
| estimators: [ | ||
| // Configure your estimators | ||
| simpleEstimator({defaultComplexity: 1}) | ||
| ], | ||
| maximumComplexity: 1000, | ||
| variables, | ||
| onComplete: (complexity: number) => {console.log('Query Complexity:', complexity);}, | ||
| }) | ||
| ] | ||
| }))); | ||
| app.use( | ||
| '/api', | ||
| graphqlHTTP(async (request, response, { variables }) => ({ | ||
| schema, | ||
| validationRules: [ | ||
| createComplexityRule({ | ||
| estimators: [ | ||
| // Configure your estimators | ||
| simpleEstimator({ defaultComplexity: 1 }), | ||
| ], | ||
| maximumComplexity: 1000, | ||
| variables, | ||
| onComplete: (complexity: number) => { | ||
| console.log('Query Complexity:', complexity); | ||
| }, | ||
| }), | ||
| ], | ||
| })) | ||
| ); | ||
| ``` | ||
@@ -178,5 +185,3 @@ | ||
| const complexity = getComplexity({ | ||
| estimators: [ | ||
| simpleEstimator({defaultComplexity: 1}) | ||
| ], | ||
| estimators: [simpleEstimator({ defaultComplexity: 1 })], | ||
| schema, | ||
@@ -192,8 +197,7 @@ query, | ||
| ## Prior Art | ||
| This project is inspired by the following prior projects: | ||
| This project is inspired by the following prior projects: | ||
| - Query complexity analysis in the [Sangria GraphQL](http://sangria-graphql.org/) implementation. | ||
| - [graphql-cost-analysis](https://github.com/pa-bru/graphql-cost-analysis) - Multipliers and directiveEstimator | ||
| - Query complexity analysis in the [Sangria GraphQL](http://sangria-graphql.org/) implementation. | ||
| - [graphql-cost-analysis](https://github.com/pa-bru/graphql-cost-analysis) - Multipliers and directiveEstimator |
New alerts
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by88.28%
291322
- Number of package files
- increased by93.75%
93
- Lines of code
- increased by95.85%
4624
- Number of lines in readme file
- increased by2.13%
192
Worsened metrics
- Number of medium supply chain risk alerts
- increased byInfinity%
1
No dependency changes