Security News
Follow-up and Clarification on Recent Malicious Ruby Gems Campaign
A clarification on our recent research investigating 60 malicious Ruby gems.
By Sarah Gooding - Aug 22, 2025
graphql-response_validator
Advanced tools
graphql-response_validator
GraphQL response validator
Testing GraphQL queries using fixture responses runs the risk of false-positive tests when a query changes without its static response getting updated. This gem provides a simple utility for validating response fixtures against the shape of a query to assure that they match.
gem "graphql-response_validator"
Then:
require "graphql/response_validator"
Usage
Build a test query and its response data into a GraphQL::ResponseValidator, then assert that the fixture is correct for the query as part of your test:
def test_my_stuff
request = %|{ widget { id title } }|
response = {
"data" => {
"widget" => {
"id" => "1",
"name" => "My widget", # << wrong, should be `title`
},
},
}
# check that the query is valid...
query = GraphQL::Query.new(MySchema, query: request)
assert query.static_errors.none?, query.static_errors.map(&:message).join("\n")
# check that the response is valid...
fixture = GraphQL::ResponseValidator.new(query, response)
assert fixture.valid?, fixture.errors.map(&:message).join("\n")
# Results in: "Expected data to provide field `widget.title`"
end
Abstract selections
Abstract selections must include a type identity so that the validator knows what selection path(s) to follow. This can be done by including a __typename in abstract selection scopes:
def test_my_stuff
request = %|{
node(id: 1) {
... on Product { title }
... on Order { totalCost }
__typename
}
}|
response = {
"data" => {
"node" => {
"title" => "Ethereal wishing well",
"__typename" => "Product",
},
},
}
query = GraphQL::Query.new(MySchema, query: request)
fixture = GraphQL::ResponseValidator.new(query, response)
assert fixture.valid?, fixture.errors.first&.message
end
Alternatively, you can use a system __typename__ hint that exists only in response data, and this can be pruned from the response data after validating it:
def test_my_stuff
request = %|{
node(id: 1) {
... on Product { title }
... on Order { totalCost }
}
}|
response = {
"data" => {
"node" => {
"totalCost" => 23,
"__typename__" => "Order",
},
},
}
query = GraphQL::Query.new(MySchema, query: request)
fixture = GraphQL::ResponseValidator.new(query, response)
assert fixture.valid?, fixture.errors.first&.message
expected_result = { "data" => { "node" => { "totalCost" => 23 } } }
assert_equal expected_result, fixture.prune!.to_h
end
FAQs
Unknown package
We found that graphql-response_validator demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 20 Mar 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
ESLint Adds Support for Parallel Linting, Closing 10-Year-Old Feature Request
ESLint now supports parallel linting with a new --concurrency flag, delivering major speed gains and closing a 10-year-old feature request.
By Sarah Gooding - Aug 22, 2025
Research
/Security News
Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials via Telegram
A malicious Go module posing as an SSH brute forcer exfiltrates stolen credentials to a Telegram bot controlled by a Russian-speaking threat actor.
By Kirill Boychenko - Aug 21, 2025