Security News
New CVE Forecasting Tool Predicts 47,000 Disclosures in 2025
CVEForecast.org uses machine learning to project a record-breaking surge in vulnerability disclosures in 2025.
By Sarah Gooding - Jul 07, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
- Maintainers
- 1
graphql-utilities
graphql-utilities tries to secure your GraphQL API from malicious queries and provides utilities to make using graphql-core easier.
-
It comes with a custom configurable
ExtendedExecutionContextclass that is capable of performing:- query cost analysis: define the cost of your queries using the
@cost()directive provided,graphql-utilitiesprovides helper functions and custom execution context to protect you from overly complex queries. - depth limiting: limit the maximum depth of queries, it's especially useful with object types with recursive relationship
- query cost analysis: define the cost of your queries using the
-
It also ships decorators for:
- resource-level/one-shot middleware: middleware in
graphql-coreis run at field-level, it is handly when you need your middleware to run only once, especially auth-related middleware.
- resource-level/one-shot middleware: middleware in
Installation
pip install graphql-utilities
Alternatively, if you use pipenv:
pipenv install graphql-utilities
Examples
Operation-level middleware (One-shot middleware)
from graphql_utilities.decorators import run_only_once
class AuthMiddleware:
@run_only_once
def resolve(self, next_, root, info, *args, **kwargs):
# middleware logic
return next_(root, info, *args, **kwargs)
Limiting Query Depth
# import your schema
from graphql import execute, parse # Requires `graphql-core>=3.0`
from graphql_utilities.execution import ExtendedExecutionContext
query = '{ field_1_str field_2_int field_3_obj { field_3_obj_sub_1 { xxx } } }'
graphql_sync(schema=schema, source=query,
context_value={"depth_analysis": {
"max_depth": 2 # Maximum depth allowed
}},
execution_context_class=ExtendedExecutionContext # Use the `ExtendedExecutionContext` provided in `graphql-utilities`
)
Query Cost Analysis
See the documentation at https://graphql-utilities.readthedocs.io/en/latest/
Motivation
In recent projects, I ran into some problems with graphene and graphql-core including missing operation-level middleware (See issue here), etc.
graphql-utilities is a compilation of utilities and custom execution context for depth analysis, etc targeting graphql-core>=3.0.
Contributing
Any form of contribution, feature requests, bug reports, pull requests are largely welcome.
Licenses
MIT Licensed. GraphQL logo is licensed under Facebook BSD.
FAQs
Collection of utilities, middleware, decorators for graphql-core>=3.0
We found that graphql-utilities demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Browserslist-rs Gets Major Refactor, Cutting Binary Size by Over 1MB
Browserslist-rs now uses static data to reduce binary size by over 1MB, improving memory use and performance for Rust-based frontend tools.
By Sarah Gooding - Jul 04, 2025
Research
Security News
8 More Malicious Firefox Extensions: Exploiting Popular Game Recognition, Hijacking User Sessions, and Stealing OAuth Credentials
Eight new malicious Firefox extensions impersonate games, steal OAuth tokens, hijack sessions, and exploit browser permissions to spy on users.
By Kush Pandya - Jul 04, 2025