Research
Security News
The Growing Risk of Malicious Browser Extensions
Socket researchers uncover how browser extensions in trusted stores are used to hijack sessions, redirect traffic, and manipulate user behavior.
By Kush Pandya - Jun 13, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
97
Supply Chain Security
100
Vulnerability
98
Quality
100
Maintenance
100
License
Unpopular package
QualityThis package is not very popular.
Found 1 instance in 1 package
- Maintainers
- 1
graphql-utilities
graphql-utilities tries to secure your GraphQL API from malicious queries and provides utilities to make using graphql-core easier.
-
It comes with a custom configurable
ExtendedExecutionContextclass that is capable of performing:- query cost analysis: define the cost of your queries using the
@cost()directive provided,graphql-utilitiesprovides helper functions and custom execution context to protect you from overly complex queries. - depth limiting: limit the maximum depth of queries, it's especially useful with object types with recursive relationship
- query cost analysis: define the cost of your queries using the
-
It also ships decorators for:
- resource-level/one-shot middleware: middleware in
graphql-coreis run at field-level, it is handly when you need your middleware to run only once, especially auth-related middleware.
- resource-level/one-shot middleware: middleware in
Installation
pip install graphql-utilities
Alternatively, if you use pipenv:
pipenv install graphql-utilities
Examples
Operation-level middleware (One-shot middleware)
from graphql_utilities.decorators import run_only_once
class AuthMiddleware:
@run_only_once
def resolve(self, next_, root, info, *args, **kwargs):
# middleware logic
return next_(root, info, *args, **kwargs)
Limiting Query Depth
# import your schema
from graphql import execute, parse # Requires `graphql-core>=3.0`
from graphql_utilities.execution import ExtendedExecutionContext
query = '{ field_1_str field_2_int field_3_obj { field_3_obj_sub_1 { xxx } } }'
graphql_sync(schema=schema, source=query,
context_value={"depth_analysis": {
"max_depth": 2 # Maximum depth allowed
}},
execution_context_class=ExtendedExecutionContext # Use the `ExtendedExecutionContext` provided in `graphql-utilities`
)
Query Cost Analysis
See the documentation at https://graphql-utilities.readthedocs.io/en/latest/
Motivation
In recent projects, I ran into some problems with graphene and graphql-core including missing operation-level middleware (See issue here), etc.
graphql-utilities is a compilation of utilities and custom execution context for depth analysis, etc targeting graphql-core>=3.0.
Contributing
Any form of contribution, feature requests, bug reports, pull requests are largely welcome.
Licenses
MIT Licensed. GraphQL logo is licensed under Facebook BSD.
FAQs
Collection of utilities, middleware, decorators for graphql-core>=3.0
We found that graphql-utilities demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
2025 Blockchain and Cryptocurrency Threat Report: Malware in the Open Source Supply Chain
An in-depth analysis of credential stealers, crypto drainers, cryptojackers, and clipboard hijackers abusing open source package registries to compromise Web3 development environments.
By Kirill Boychenko - Jun 12, 2025
Security News
pnpm 10.12 Introduces Global Virtual Store and Expanded Version Catalogs
pnpm 10.12.1 introduces a global virtual store for faster installs and new options for managing dependencies with version catalogs.
By Sarah Gooding - Jun 11, 2025