Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
microfiber
Advanced tools
A library to query and manipulate GraphQL Introspection Query results in some useful ways.
A library to query and manipulate GraphQL Introspection Query results in some useful ways. What ways you ask?
How about:
Yay!
It's called microfiber
because it is heavily used to do the cleaning and manipulation in SpectaQL...it cleans the spectacles, get it?!
But, we also wanted to have a more intuitive, literal name so that people could find it. Hence it's also known as @anvilco/graphql-introspection-tools
.
Repository sponsored by Anvil
Anvil provides easy APIs for all things paperwork.
Learn more on our Anvil developer page.
microfiber
npm install microfiber
# OR
yarn add microfiber
import { Microfiber } from 'microfiber'
const introspectionQueryResults = {...}
const microfiber = new Microfiber(introspectionQueryResults)
// ...do some things to your schema with `microfiber`
const cleanedIntrospectonQueryResults = microfiber.getResponse()
// ...do something with your cleaned Introspection Query Results.
Most of the useful stuff in this library is done through creating a new Microfiber class instance with your Introspection Query Results, and querying or manipulating it via that instance. Here are most of the interesting bits to know about class behavior.
const introspectionQueryResponse = {...}
// Here are the publicly supported options and their sane defaults:
const options = {
// Some GraphQL implementations have non-standard Query, Mutation and/or Subscription
// type names. This option will fix them if they're messed up in the Introspection Query
// Results
fixQueryAndMutationAndSubscriptionTypes: true,
// Remove Types that are not referenced anywhere by anything
removeUnusedTypes: true,
// Remove things whose Types are not found due to being removed
removeFieldsWithMissingTypes: true,
removeArgsWithMissingTypes: true,
removeInputFieldsWithMissingTypes: true,
removePossibleTypesOfMissingTypes: true,
// Remove all the types and things that are unreferenced immediately?
cleanupSchemaImmediately: true,
}
const microfiber = new Microfiber(introspectionQueryResponse, options)
Clean up the schema by removing:
This method is usually called after altering the schema in any way so as to not leave any dangling/orphaned things around the schema.
microfiber.cleanSchema()
Get out the Introspection Query Result that you have manipulated with Microfiber as an Object.
const cleanedResponse = microfiber.getResponse()
Get all the Types from your schema as an Array of Objects. Supported options and their sane defaults are shown.
const allTypes = microfiber.getAllTypes({
// Include reserved GraphQL types?
includeReserved: false,
// Include the Query type?
includeQuery: false,
// Include the Mutation type?
includeMutation: false,
// Include the Subscription type?
includeSubscription: false,
} = {})
Get a specific Type from your schema. Supported params and their sane defaults are shown.
const type = microfiber.getType({ kind: 'OBJECT', name })
Get all the Directives from your schema.
const directives = microfiber.getDirectives()
Get a specific Directive from your schema. Supported params and their sane defaults are shown.
const directive = microfiber.getDirective({ name })
Get the Query Type from your schema.
const queryType = microfiber.getQueryType()
Get a specific Query from your schema.
const query = microfiber.getQuery({ name })
Get the Mutation Type from your schema.
const mutationType = microfiber.getMutationType()
Get a specific Mutation from your schema.
const mutation = microfiber.getMutation({ name })
Get the Subscription Type from your schema.
const subscriptionType = microfiber.getSubscription()
Get a specific Subscription from your schema.
const subscription = microfiber.getSubscription({ name })
Get a specific Field from your schema. Supported params and their sane defaults are shown.
const field = microfiber.getField({ typeKind: 'OBJECT', typeName, fieldName })
Get a specific Field from an Interface in your schema. A convenience wrapper around getField({ typeKind: 'INTERFACE', ...})
const interfaceField = microfiber.getInterfaceField({ typeName, fieldName })
Get a specific EnumValue from your schema. A convenience wrapper around getField({ typeKind: 'ENUM', ...})
const inputField = microfiber.getEnumValue({ typeName, fieldName })
Get a specific InputField from your schema. A convenience wrapper around getField({ typeKind: 'INPUT_OBJECT', ...})
const inputField = microfiber.getInputField({ typeName, fieldName })
Get a specific Arg from your schema. Supported params and their sane defaults are shown.
const arg = microfiber.getArg({ typeKind: 'OBJECT', typeName, fieldName, argName })
Get a specific Arg from a specifig Directive in your schema. Supported params and their sane defaults are shown.
const directiveArg = microfiber.getDirectiveArg({ directiveName, argName })
Get a specific Directive from your schema. Supported params and their sane defaults are shown.
const directiveArg = microfiber.removeDirective({
name,
// Clean up the schema afterwards?
cleanup = true,
})
Remove a Type from your schema, and optionally the references to that Type elsewhere in your schema. Supported params and their sane defaults are shown.
microfiber.removeType({
kind: 'OBJECT',
name,
// Clean up the schema afterwards?
cleanup: true,
// Remove occurances of this Type from other places?
removeFieldsOfType: constructorOptions.removeFieldsWithMissingTypes,
removeInputFieldsOfType: constructorOptions.removeInputFieldsWithMissingTypes,
removePossibleTypesOfType: constructorOptions.removePossibleTypesOfMissingTypes,
removeArgsOfType: constructorOptions.removeArgsWithMissingTypes,
})
Remove a specific Field from a specific Type in your schema. Supported params and their sane defaults are shown.
microfiber.removeField({
typeKind: 'OBJECT',
typeName,
fieldName,
// Clean up the schema afterwards?
cleanup: true,
})
Remove a specific Input Field from a specific Input Object in your schema. Supported params and their sane defaults are shown.
microfiber.removeInputField({
typeName,
fieldName,
// Clean up the schema afterwards?
cleanup: true,
})
Remove a specific Arg from a specific Field or Input Field in your schema. Supported params and their sane defaults are shown.
microfiber.removeArg({
typeKind,
typeName,
fieldName,
argName,
// Clean up the schema afterwards?
cleanup: true,
})
Remove a specifc Enum value from an Enum Type in your schema. Supported params are shown.
microfiber.removeEnumValue({
// The name of the Enum Type
name,
// The Enum value you want to remove
value,
})
Remove a Possible Type from a specific Union Type in your schema. Supported params and sane defaults are shown.
microfiber.removePossibleType({
// The name of the Union Type
typeName,
// The Kind of the possible Type you want to remove
possibleTypeKind,
// The name of the possible Type you want to remove
possibleTypeName,
// Clean up the schema afterwards?
cleanup: true,
})
Remove a specific Query from your schema. Supported params and their sane defaults are shown.
microfiber.removeQuery({
name,
// Clean up the schema afterwards?
cleanup: true,
})
Remove a specific Mutation from your schema. Supported params and their sane defaults are shown.
microfiber.removeMutation({
name,
// Clean up the schema afterwards?
cleanup: true,
})
Remove a specific Subscription from your schema. Supported params and their sane defaults are shown.
microfiber.removeSubscription({
name,
// Clean up the schema afterwards?
cleanup: true,
})
There are some other exports from this library, not just the Microfiber
class.
An Object containing all the GraphQL Kind values you may encounter.
import { KINDS } from 'microfiber'
console.log(KINDS)
// {
// SCALAR: 'SCALAR',
// OBJECT: 'OBJECT',
// INTERFACE: 'INTERFACE',
// UNION: 'UNION',
// ENUM: 'ENUM',
// INPUT_OBJECT: 'INPUT_OBJECT',
// LIST: 'LIST',
// NON_NULL: 'NON_NULL'
// }
A function that compares 2 types and determines if they have the same Kind and Name.
import { typesAreSame } from 'microfiber'
const typeA = { kind: 'OBJECT', name: 'Foo' }
const typeB = { kind: 'OBJECT', name: 'Bar' }
typesAreSame(typeA, typeB) // false
typesAreSame(typeA, typeA) // true
A function that digs through any Non-Null and List nesting and returns the underlying Type.
import { digUnderlyingType } from 'microfiber'
const nonNullableString = {
name: null,
kind: 'NON_NULL',
ofType: {
name: null,
kind: 'LIST',
ofType: {
name: 'String',
kind: 'SCALAR',
}
}
}
digUnderlyingType(nonNullableString) // { name: 'String', kind: 'SCALAR' }
A function that returns a Boolean indicating whether a Type is special GraphQL reserved Type.
import { isReservedType } from 'microfiber'
const myType = { name: 'Foo', ... }
const reservedType = { name: '__Foo', ... }
isReservedType(myType) // false
isReservedType(reservedType) // true
FAQs
A library to query and manipulate GraphQL Introspection Query results in some useful ways.
The npm package microfiber receives a total of 37,746 weekly downloads. As such, microfiber popularity was classified as popular.
We found that microfiber demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.