graphql-upload
Advanced tools
Changelog
14.0.0
Updated Node.js support to ^14.17.0 || ^16.0.0 || >= 18.0.0.
Updated the graphql peer dependency to ^16.3.0.
Updated the http-errors dependency to v2.
Public modules are now individually listed in the package files and exports fields.
Removed the package main index module; deep imports must be used. To migrate imports:
- import { GraphQLUpload } from "graphql-upload";
+ import GraphQLUpload from "graphql-upload/GraphQLUpload.js";
- import { graphqlUploadExpress } from "graphql-upload";
+ import graphqlUploadExpress from "graphql-upload/graphqlUploadExpress.js";
- import { graphqlUploadKoa } from "graphql-upload";
+ import graphqlUploadKoa from "graphql-upload/graphqlUploadKoa.js";
- import { processRequest } from "graphql-upload";
+ import processRequest from "graphql-upload/processRequest.js";
- import { Upload } from "graphql-upload";
+ import Upload from "graphql-upload/Upload.js";
Shortened public module deep import paths, removing the /public/. To migrate imports:
- import GraphQLUpload from "graphql-upload/public/GraphQLUpload.js";
+ import GraphQLUpload from "graphql-upload/GraphQLUpload.js";
- import graphqlUploadExpress from "graphql-upload/public/graphqlUploadExpress.js";
+ import graphqlUploadExpress from "graphql-upload/graphqlUploadExpress.js";
- import graphqlUploadKoa from "graphql-upload/public/graphqlUploadKoa.js";
+ import graphqlUploadKoa from "graphql-upload/graphqlUploadKoa.js";
- import processRequest from "graphql-upload/public/processRequest.js";
+ import processRequest from "graphql-upload/processRequest.js";
- import Upload from "graphql-upload/public/Upload.js";
+ import Upload from "graphql-upload/Upload.js";
Implemented TypeScript types via JSDoc comments, closing #282.
The GraphQLUpload scalar no longer uses deprecated GraphQLError constructor parameters.
types script.jsdoc-md dev dependency and the related package scripts, replacing the readme “API” section with a manually written “Exports” section.hard-rejection dev dependency. Instead, tests are run with the Node.js CLI flag --unhandled-rejections=throw to make Node.js v14 behave like newer versions.formdata-node dev dependency. Instead, File and FormData are imported from node-fetch.actions/checkout to v3.actions/setup-node to v3..js file extension in require paths.Readable property readableEncoding instead of _readableState.encoding in tests.substring instead of the deprecated string method substr in tests.license.md MIT License file, closing #86.Readme
Middleware and an Upload scalar to add support for GraphQL multipart requests (file uploads via queries and mutations) to various Node.js GraphQL servers.
First, check if there are GraphQL multipart request spec server implementations (most for Node.js integrate graphql-upload) that are more suitable for your environment than a manual setup.
To install graphql-upload and the graphql peer dependency with npm, run:
npm install graphql-upload graphql
Use the graphqlUploadKoa or graphqlUploadExpress middleware just before GraphQL middleware. Alternatively, use processRequest to create custom middleware.
A schema built with separate SDL and resolvers (e.g. using makeExecutableSchema from @graphql-tools/schema) requires the Upload scalar to be setup.
Clients implementing the GraphQL multipart request spec upload files as Upload scalar query or mutation variables. Their resolver values are promises that resolve file upload details for processing and storage. Files are typically streamed into cloud storage but may also be stored in the filesystem.
See the example API and client.
os.tmpdir().Promise.all or a more flexible solution such as Promise.allSettled where an error in one does not reject them all.createReadStream before the resolver returns; late calls (e.g. in an unawaited async function or callback) throw an error. Existing streams can still be used after a response is sent, although there are few valid reasons for not awaiting their completion.stream.destroy() when an incomplete stream is no longer needed, or temporary files may not get cleaned up.The GraphQL multipart request spec allows a file to be used for multiple query or mutation variables (file deduplication), and for variables to be used in multiple places. GraphQL resolvers need to be able to manage independent file streams. As resolvers are executed asynchronously, it’s possible they will try to process files in a different order than received in the multipart request.
busboy parses multipart request streams. Once the operations and map fields have been parsed, Upload scalar values in the GraphQL operations are populated with promises, and the operations are passed down the middleware chain to GraphQL resolvers.
fs-capacitor is used to buffer file uploads to the filesystem and coordinate simultaneous reading and writing. As soon as a file upload’s contents begins streaming, its data begins buffering to the filesystem and its associated promise resolves. GraphQL resolvers can then create new streams from the buffer by calling the function createReadStream. The buffer is destroyed once all streams have ended or closed and the server has responded to the request. Any remaining buffer files will be cleaned when the process exits.
^14.17.0 || ^16.0.0 || >= 18.0.0These CommonJS modules are published to npm and exported via the package.json exports field:
FAQs
Middleware and an Upload scalar to add support for GraphQL multipart requests (file uploads via queries and mutations) to various Node.js GraphQL servers.
We found that graphql-upload demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
LDAPjs, an LDAP Client and Server API for Node.js, was decommissioned after its maintainer received an abusive email from a user, raising concerns about this form of abuse as a potential attack vector.
Security News
CISA launched a new project called Vulnrichment to enrich CVEs with details that help prioritize patching and mitigation efforts, as the NVD backlog of unenriched CVEs awaiting analysis surpasses 10,000.
Security News
Socket is joining forces with CISA and other industry leaders at the RSA Conference to sign the Secure by Design pledge, committing to uphold the highest security standards in our products.