Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
type-graphql
Advanced tools
Changelog
v2.0.0-rc.1
Reflect
polyfills than reflect-metadata
by checking only used Reflect
API (#1102)@ArgsType
classes in deeply nested inheritance chain (#1644)@Directive
decorator (#1423)Readme
Create GraphQL schema and resolvers with TypeScript, using classes and decorators!
TypeGraphQL makes developing GraphQL APIs an enjoyable process, i.e. by defining the schema using only classes and a bit of decorator magic.
So, to create types like object type or input type, we use a kind of DTO class.
For example, to declare Recipe
type we simply create a class and annotate it with decorators:
@ObjectType()
class Recipe {
@Field(type => ID)
id: string;
@Field()
title: string;
@Field(type => [Rate])
ratings: Rate[];
@Field({ nullable: true })
averageRating?: number;
}
And we get the corresponding part of the schema in SDL:
type Recipe {
id: ID!
title: String!
ratings: [Rate!]!
averageRating: Float
}
Then we can create queries, mutations and field resolvers. For this purpose, we use controller-like classes that are called "resolvers" by convention. We can also use awesome features like dependency injection and auth guards:
@Resolver(Recipe)
class RecipeResolver {
// dependency injection
constructor(private recipeService: RecipeService) {}
@Query(returns => [Recipe])
recipes() {
return this.recipeService.findAll();
}
@Mutation()
@Authorized(Roles.Admin) // auth guard
removeRecipe(@Arg("id") id: string): boolean {
return this.recipeService.removeById(id);
}
@FieldResolver()
averageRating(@Root() recipe: Recipe) {
return recipe.ratings.reduce((a, b) => a + b, 0) / recipe.ratings.length;
}
}
And in this simple way, we get this part of the schema in SDL:
type Query {
recipes: [Recipe!]!
}
type Mutation {
removeRecipe(id: String!): Boolean!
}
We all know that GraphQL is great and solves many problems we have with REST APIs, like Over-Fetching and Under-Fetching. But developing a GraphQL API in Node.js with TypeScript is sometimes a bit of a pain. Why? Let's take a look at the steps we usually have to take.
First, we create all the GraphQL types in schema.graphql
using SDL. Then we create our data models using ORM classes, which represent our DB entities. Then we start to write resolvers for our queries, mutations and fields, but this forces us to first create TS interfaces for all arguments, inputs, and even object types.
Only then can we implement the resolvers using weird generic signatures and manually performing common tasks, like validation, authorization and loading dependencies:
export const getRecipesResolver: GraphQLFieldResolver<void, Context, GetRecipesArgs> = async (
_,
args,
ctx,
) => {
// common tasks repeatable for almost every resolver
const repository = TypeORM.getRepository(Recipe);
const auth = Container.get(AuthService);
await joi.validate(getRecipesSchema, args);
if (!auth.check(ctx.user)) {
throw new NotAuthorizedError();
}
// our business logic, e.g.:
return repository.find({ skip: args.offset, take: args.limit });
};
The biggest problem is redundancy in our codebase, which makes it difficult to keep things in sync. To add a new field to our entity, we have to jump through all the files - modify an entity class, the schema, as well as the interface. The same goes for inputs or arguments. It's easy to forget to update one piece or make a mistake with a single type. Also, what if we've made a typo in the field name? The rename feature (F2) won't work correctly.
Tools like GraphQL Code Generator or graphqlgen only solve the first part - they generate the corresponding interfaces (and resolvers skeletons) for our GraphQL schema but they don't fix the schema <--> models redundancy and developer experience (F2 rename won't work, you have to remember about the codegen watch task in the background, etc.), as well as common tasks like validation, authorization, etc.
TypeGraphQL comes to address these issues, based on experience from a few years of developing GraphQL APIs in TypeScript. The main idea is to have only one source of truth by defining the schema using classes and some help from decorators. Additional features like dependency injection, validation and auth guards help with common tasks that normally we would have to handle ourselves.
The documentation, installation guide, and detailed description of the API and all of its features are available on the website.
A full getting started guide with a simple walkthrough (tutorial) can be found at getting started docs.
If you prefer video tutorials, you can watch Ben Awad's TypeGraphQL video series on YouTube.
You can also check the examples folder in this repository for more examples of usage: simple fields resolvers, DI Container support, TypeORM integration, automatic validation, etc.
The Tests folder might also give you some tips on how to get various things done.
To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.
The currently released version is a stable 1.0.0 release. It is well-tested (97% coverage, ~500 test cases) and has most of the planned features already implemented. Plenty of companies and independent developers are using it in production with success.
However, there are also plans for a lot more features like better TypeORM, Prisma and DataLoader integration, custom decorators and metadata annotations support - the full list of ideas is available on the GitHub repo. You can also keep track of development's progress on the project board.
If you have any interesting feature requests, feel free to open an issue on GitHub so we can discuss that!
TypeGraphQL is an MIT-licensed open-source project. This framework is a result of the tremendous amount of work - sleepless nights, busy evenings and weekends.
It doesn't have a large company that sits behind it - its ongoing development is possible only thanks to the support of the community.
Please ask your company to support this open source project by becoming a gold sponsor and getting a premium technical support from our core contributors.
Please ask your company to support this open source project by becoming a silver sponsor.
Live Graphic Systems | LifeX Aps | instinctools | VPS Server |
NonGamstopBets | CasinoDeps | Non Stop Casino |
Want to file a bug, contribute some code, or improve the documentation? Great! Please read our guidelines for CONTRIBUTING and then check out one of our help-wanted issues.
FAQs
Create GraphQL schema and resolvers with TypeScript, using classes and decorators!
We found that type-graphql demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.