Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
rest-graphql
Advanced tools
rest-graphql
Middleware for Express to adapt REST requests to GraphQL queries
Motivation
- You've built a GraphQL server, and it's ready to use.
- Not all your clients speak GraphQL. At the very least, legacy mobile clients can't make GraphQL requests.
- You don't want to support both legacy and GraphQL client/server contracts simultaneously
rest-graphql provides middleware that lets you define mappers from REST requests to graphql queries that fetch the same data, letting you normalize all client queries into something your GraphQL server can handle.
Quick Start
Install the package
npm install --save rest-graphql
Let's say you're building out a new profile page and have defined a GraphQL schema for it. You can fetch the necessary data via:
query ProfileQuery {
user(id: 1) {
profile_photo {
url
}
first_name
last_name
}
}
Create a new config and add the middleware to your express server:
import { createAdapter } from 'rest-graphql';
import type { RestAdapterConfig } from 'rest-graphql'; // If you use flow
/**
* This is the config that defines the mapping. It contains:
*
* path: string - the REST endpoint your client will hit. This follow expressjs route handling conventions
* getQuery: (request) => string - A mapping from the REST request to a GraphQL query
* transformResponse: (response) => Object - Often the raw JSON from GraphQL doesn't make sense for the client, so perform any transform you want here
*/
const profileConfig: RestAdapterConfig = {
path: '/profile/:id',
getQuery: request => `
user(id: ${request.params.id}) {
profile_photo {
url
}
first_name
last_name
}
`,
transformResponse: response => response.data.me,
}
const app = express();
app.use(createAdapter([profileConfig])); // The rest-graphql middleware. It takes an array of RestAdapterConfigs
// Any other middleware or route handlers to process graphql requests.
Which would result in:
Request:
GET https://api.test.com/profile/9
Response:
{ profile_photo: { url: "someurl" }, first_name: "Gaurav", last_name: "Kulkarni"}
Error Handling
Error handling is currently built to work with request-promise and looks for any StatusCodeErrors that are thrown and parses those.
FAQs
Middleware for Express to adapt REST requests to GraphQL queries
The npm package rest-graphql receives a total of 3 weekly downloads. As such, rest-graphql popularity was classified as not popular.
We found that rest-graphql demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Package last updated on 19 Apr 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025