
Research
/Security News
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
graphql-to-mongodb
Advanced tools
Generic run-time generation of input filter types for existing graphql types, and parsing of said input types into MongoDB queries
If you want to grant your Nodejs GraphQL service a whole lot of the power of the MongoDb database standing behind it with very little hassle, you've come to the right place!
getMongoDbQueryResolver
and getGraphQLQueryArgs
:Given a simple GraphQL type:
new GraphQLObjectType({
name: 'PersonType',
fields: () => ({
age: { type: GraphQLInt },
name: { type: new GraphQLObjectType({
name: 'NameType',
fields: () => ({
first: { type: GraphQLString },
last: { type: GraphQLString }
})
}),
fullName: {
type: GraphQLString,
resolve: (obj, args, { db }) => `${obj.name.first} ${obj.name.last}`
}
})
})
Queries the first 50 people, oldest first, over the age of 18, and whose first name is John.
{
people (
filter: {
age: { GT: 18 },
name: {
first: { EQ: "John" }
}
},
sort: { age: DESC },
pagination: { limit: 50 }
) {
fullName
age
}
}
To implement, we'll define the people query field in our GraphQL scheme like so:
people: {
type: new GraphQLList(PersonType),
args: getGraphQLQueryArgs(PersonType),
resolve: getMongoDbQueryResolver(PersonType,
async (filter, projection, options, obj, args, context) => {
return await context.db.collection('people').find(filter, projection, options).toArray();
})
}
You'll notice that integrating the package takes little more than adding some fancy middleware over the resolve function. The filter, projection, options
added as the first paraneters of the callback, can be sent directly to the MongoDB find function as shown. The rest of the parameter are the standard recieved from the GraphQL api.
fullName: {
type: GraphQLString,
resolve: (obj, args, { db }) => `${obj.name.first} ${obj.name.last}`,
dependencies: ['name'] // or ['name.first', 'name.Last'], whatever tickles your fancy
}
This is needed to ensure that the projection does not omit any neccessary fields. Alternatively, if throughput is of no concern, the projection can be replaced with an empty object.mongodb
package version 3.0, you should implement the resolve callback as:
return await context.db.collection('people').find(filter, options).toArray();
The following field is added to the schema (copied from graphiQl):
people(
filter: PersonFilterType
sort: PersonSortType
pagination: GraphQLPaginationType
): [PersonType]
PersonFilterType:
age: IntFilter
name: NameObjectFilterType
OR: [PersonFilterType]
AND: [PersonFilterType]
NOR: [PersonFilterType]
* Filtering is possible over every none resolve field!
NameObjectFilterType:
first: StringFilter
last: StringFilter
opr: OprExists
OprExists
enum tyoe can be EXISTS
or NOT_EXISTS
, and can be found in nested objects and arrays
StringFilter:
EQ: String
GT: String
GTE: String
IN: [String]
LT: String
LTE: String
NEQ: String
NIN: [String]
NOT: [StringFNotilter]
PersonSortType:
age: SortType
SortType
enum can be either ASC
or DESC
GraphQLPaginationType:
limit: Int
skip: Int
1.6.5
FAQs
Generic run-time generation of input filter types for existing graphql types, and parsing of said input types into MongoDB queries
The npm package graphql-to-mongodb receives a total of 309 weekly downloads. As such, graphql-to-mongodb popularity was classified as not popular.
We found that graphql-to-mongodb demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
Security News
Meet Socket at Black Hat & DEF CON 2025 for 1:1s, insider security talks at Allegiant Stadium, and a private dinner with top minds in software supply chain security.
Security News
CAI is a new open source AI framework that automates penetration testing tasks like scanning and exploitation up to 3,600× faster than humans.