graphql-disable-introspection

    1.2.0 • Public • Published

    graphql-disable-introspection

    Disable introspection queries in GraphQL with a simple validation rule. Queries that contain __schema or __type will fail validation with this rule. For example, the following queries will be rejected:

    query {
      __schema {
        queryType {
          name
        }
      }
    }
    
    query {
      __type(name: "Query") {
        description
        fields {
          name
        }
      }
    }

    Usage

    The package can be installed from npm

    npm install -save graphql-disable-introspection

    It exports a single validation rule which you can pass to your node GraphQL server with the validationRules argument.

    Here's an example for graphql-server-express:

    import express from 'express';
    import bodyParser from 'body-parser';
    import { graphqlExpress } from 'graphql-server-express';
    + import NoIntrospection from 'graphql-disable-introspection';
    
    const myGraphQLSchema = // ... define or import your schema here!
    const PORT = 3000;
    
    var app = express();
    
    // bodyParser is needed just for POST.
    app.use('/graphql', bodyParser.json(), graphqlExpress({
       schema: myGraphQLSchema,
    +  validationRules: [NoIntrospection]
    }));
    
    app.listen(PORT);
    

    If you're using express-graphql, it works exactly the same way:

    app.use('/graphql', graphqlHTTP({
      schema: MyGraphQLSchema,
    + validationRules: [NoIntrospection]
    }));

    Install

    npm i graphql-disable-introspection

    DownloadsWeekly Downloads

    6,542

    Version

    1.2.0

    License

    MIT

    Unpacked Size

    6.75 kB

    Total Files

    5

    Last publish

    Collaborators

    • helfer