Research
Security News
Malicious npm Packages Use Telegram to Exfiltrate BullX Credentials
Socket uncovers an npm Trojan stealing crypto wallets and BullX credentials via obfuscated code and Telegram exfiltration.
By Kush Pandya - May 08, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
json-to-graphql-query
Advanced tools
json-to-graphql-query
This is a simple module that takes a JavaScript object and turns it into a GraphQL query to be sent to a GraphQL server.
json-to-graphql-query
This is a simple module that takes a JavaScript object and turns it into a GraphQL query to be sent to a GraphQL server.
Mainly useful for applications that need to generate graphql queries dynamically.
New Maintainer!
Huge thanks to @vkolgi for agreeing to take over maintenance of this library! I look forward to following its continued development. - @dupski
Installation
npm install json-to-graphql-query
Usage
const query = jsonToGraphQLQuery(queryObject: object, options?: object);
Supported Options:
pretty- boolean - optional - set totrueto enable pretty-printed outputignoreFields- string[] - optional - you can pass an array of object key names that you want removed from the queryincludeFalsyKeys- boolean - optional - disable the default behaviour if excluding keys with a falsy value
Features
- Converts a JavaScript object to a GraphQL Query string
- Full support for nested query / mutation nodes and arguments
- Optionally strip specific object keys using the
ignoreFieldsoption - Support for input arguments via
__args - Support for query aliases via
__aliasFor - Support for Enum values via
EnumType - Support for variables via
__variables - Support for simple directives (such as
@client) via__directives - Support for one or more inline fragments via
__on.__typeName - Support for full fragments via
__all_on - Support for named queries/mutations via
__name
Recent Changes
See the CHANGELOG
Simple Query
import { jsonToGraphQLQuery } from 'json-to-graphql-query';
const query = {
query: {
Posts: {
id: true,
title: true,
post_date: true
}
}
};
const graphql_query = jsonToGraphQLQuery(query, { pretty: true });
Resulting graphql_query
query {
Posts {
id
title
post_date
}
}
Query with arguments
import { jsonToGraphQLQuery } from 'json-to-graphql-query';
const query = {
query: {
Posts: {
__args: {
where: { id: 2 }
orderBy: 'post_date'
},
id: true,
title: true,
post_date: true
}
}
};
const graphql_query = jsonToGraphQLQuery(query, { pretty: true });
Resulting graphql_query
query {
Posts (where: {id: 2}, orderBy: "post_date") {
id
title
post_date
}
}
Query with nested objects
import { jsonToGraphQLQuery } from 'json-to-graphql-query';
const query = {
query: {
Posts: {
id: true,
title: true,
comments: {
id: true,
comment: true,
user: true
}
}
}
};
const graphql_query = jsonToGraphQLQuery(query, { pretty: true });
Resulting graphql_query
query {
Posts {
id
title
comments {
id
comment
user
}
}
}
Query with disabled fields
import { jsonToGraphQLQuery } from 'json-to-graphql-query';
const query = {
query: {
Posts: {
id: true,
title: false,
comments: {
id: true,
comment: false,
user: true
}
},
User: false
}
};
const graphql_query = jsonToGraphQLQuery(query, { pretty: true });
Resulting graphql_query
query {
Posts {
id
comments {
id
user
}
}
}
NOTE: You can tell jsonToGraphQLQuery() not to exclude keys with a falsy value
by setting the includeFalsyKeys option.
Using aliases
import { jsonToGraphQLQuery } from 'json-to-graphql-query';
const query = {
query: {
allPosts: {
__aliasFor: 'Posts',
id: true,
comments: {
id: true,
comment: true
}
}
}
};
const graphql_query = jsonToGraphQLQuery(query, { pretty: true });
Resulting graphql_query
query {
allPosts: Posts {
id
comments {
id
comment
}
}
}
Query with Enum Values
import { jsonToGraphQLQuery, EnumType } from 'json-to-graphql-query';
const query = {
query: {
Posts: {
__args: {
orderBy: 'post_date',
status: new EnumType('PUBLISHED')
},
title: true,
body: true
}
}
};
const graphql_query = jsonToGraphQLQuery(query, { pretty: true });
Resulting graphql_query
query {
Posts (orderBy: "post_date", status: PUBLISHED) {
title
body
}
}
Query with variables
import { jsonToGraphQLQuery, VariableType } from 'json-to-graphql-query';
const query = {
query: {
__variables: {
variable1: 'String!',
variableWithDefault: 'String = "default_value"'
},
Posts: {
__args: {
arg1: 20,
arg2: new VariableType('variable1')
},
id: true,
title: true
}
}
};
const graphql_query = jsonToGraphQLQuery(query, { pretty: true });
Resulting graphql_query
query ($variable1: String!, $variableWithDefault: String = "default_value") {
Posts (arg1: 20, arg2: $variable1) {
id
title
}
}
Query with Directives
import { jsonToGraphQLQuery } from 'json-to-graphql-query';
const query = {
query: {
__directives: {
client: true
}
Posts: {
id: true,
title: true,
post_date: true
}
}
};
const graphql_query = jsonToGraphQLQuery(query, { pretty: true });
Resulting graphql_query
query {
Posts @client {
id
title
post_date
}
}
Ignoring fields in the query object
We sometimes want to ignore specific fields in the initial object, for instance __typename in Apollo queries.
You can specify these fields using the ignoreFields option:
import { jsonToGraphQLQuery, VariableType } from 'json-to-graphql-query';
const query = {
query: {
Posts: {
shouldBeIgnored: {
variable1: 'a value'
},
id: true,
title: true,
post_date: true
}
}
};
const graphql_query = jsonToGraphQLQuery(query, {
pretty: true,
ignoreFields: ['shouldBeIgnored']
});
Resulting graphql_query
query {
Posts {
id
title
post_date
}
}
Query with Inline Fragments
Full inline fragments
import { jsonToGraphQLQuery } from 'json-to-graphql-query';
const query = {
query: {
Posts: {
title: true,
__all_on: [
"ConfigurablePost",
"PageInfo"
]
}
}
};
const graphql_query = jsonToGraphQLQuery(query, { pretty: true });
Resulting graphql_query
query {
Posts {
title
...ConfigurablePost
...PageInfo
}
}
Partial inline fragments
import { jsonToGraphQLQuery } from 'json-to-graphql-query';
const query = {
query: {
Posts: {
title: true,
__on: {
__typeName: "ConfigurablePost",
id: true
}
}
}
};
const graphql_query = jsonToGraphQLQuery(query, { pretty: true });
Resulting graphql_query
query {
Posts {
title
... on ConfigurablePost {
id
}
}
}
Query with multiple Inline Fragments
import { jsonToGraphQLQuery } from 'json-to-graphql-query';
const query = {
query: {
Posts: {
__on: [
{
__typeName: "ConfigurablePost",
id: true
},
{
__typeName: "UnconfigurablePost",
name: true
}]
}
}
};
const graphql_query = jsonToGraphQLQuery(query, { pretty: true });
Resulting graphql_query
query {
Posts {
title
... on ConfigurablePost {
id
}
... on UnconfigurablePost {
name
}
}
}
Query with name
import { jsonToGraphQLQuery, VariableType } from 'json-to-graphql-query';
const query = {
query: {
__name: 'NewName',
__variables: {
variable1: 'String!',
variableWithDefault: 'String = "default_value"'
},
Posts: {
__args: {
arg1: 20,
arg2: new VariableType('variable1')
},
id: true,
title: true
}
}
};
const graphql_query = jsonToGraphQLQuery(query, { pretty: true });
Resulting graphql_query
query NewName ($variable1: String!, $variableWithDefault: String = "default_value") {
Posts (arg1: 20, arg2: $variable1) {
id
title
}
}
TO-DO List
- Probably some other things!...
Pull requests welcome!
License
MIT
2.2.4
- Handled empty variables and empty directives (thanks @MorganDbs)
FAQs
This is a simple module that takes a JavaScript object and turns it into a GraphQL query to be sent to a GraphQL server.
The npm package json-to-graphql-query receives a total of 32,538 weekly downloads. As such, json-to-graphql-query popularity was classified as popular.
We found that json-to-graphql-query demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Package last updated on 26 Apr 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Backdooring the IDE: Malicious npm Packages Hijack Cursor Editor on macOS
Malicious npm packages posing as developer tools target macOS Cursor IDE users, stealing credentials and modifying files to gain persistent backdoor access.
By Kirill Boychenko - May 07, 2025
Security News
AI Slop Is Polluting Bug Bounty Platforms with Fake Vulnerability Reports
AI-generated slop reports are making bug bounty triage harder, wasting maintainer time, and straining trust in vulnerability disclosure programs.
By Sarah Gooding - May 06, 2025