graphql-operation-statistics

v1.2.2

A simple, un-opinionated, zero-dependency way to implement rate limiting in GraphQL. The package inspects your queries and reports the total depth. You then decide what to do with that information. For more information about how to use this package see README

Latest version published 2 years ago

License: MIT

NPM

GitHub

Package Health Score

42 / 100

security
No known security issues
popularity
Limited
maintenance
Inactive
community
Limited

Security

No known security issues

All security vulnerabilities belong to production dependencies of direct and indirect packages.

Security and license risk for significant versions

All Versions

Version				Vulnerabilities	License Risk
1.2.2	\|	09/2022	Popular	0 C 0 H 0 M 0 L	0 H 0 M 0 L
1.1.1	\|	04/2022		0 C 0 H 0 M 0 L	0 H 0 M 0 L
0.1.0	\|	12/2020		0 C 0 H 0 M 0 L	0 H 0 M 0 L

License

MIT

Security Policy

Is your project affected by vulnerabilities?

Scan your projects for vulnerabilities. Fix quickly with automated fixes. Get started with Snyk for free.

Get started free

Popularity

Limited

Weekly Downloads (22)

GitHub Stars: 3
Forks: 0
Contributors: 3

Direct Usage Popularity

The npm package graphql-operation-statistics receives a total of 22 downloads a week. As such, we scored graphql-operation-statistics popularity level to be Limited.

Based on project statistics from the GitHub repository for the npm package graphql-operation-statistics, we found that it has been starred 3 times.

Downloads are calculated as moving averages for a period of the last 12 months, excluding weekends and known missing data points.

Community

Limited

Readme.md: Yes
Contributing.md: No
Code of Conduct: No
Contributors: 3
Funding: No

This project has seen only 10 or less contributors.

We found a way for you to contribute to the project! Looks like graphql-operation-statistics is missing a Code of Conduct.

Embed Package Health Score Badge

Maintenance

Inactive

Commit Frequency

No Recent Commits

Open Issues: 1
Open PR: 10
Last Release: 2 years ago
Last Commit: 1 year ago

Further analysis of the maintenance status of graphql-operation-statistics based on released npm versions cadence, the repository activity, and other data points determined that its maintenance is Inactive.

An important project maintenance signal to consider for graphql-operation-statistics is that it hasn't seen any new versions released to npm in the past 12 months, and could be considered as a discontinued project, or that which receives low attention from its maintainers.

In the past month we didn't find any pull request activity or change in issues status has been detected for the GitHub repository.

Keep your project healthy

Check your package.json

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Node.js Compatibility: >=14

Age: 3 years
Dependencies: 0 Direct
Versions: 8
Install Size: 18.1 kB
Dist-tags: 1
# of Files: 17
Maintainers: 1
TS Typings: Yes

graphql-operation-statistics has more than a single and default latest tag published for the npm package. This means, there may be other tags available for this package, such as next to indicate future releases, or stable to indicate stable releases.

Readme

GraphQL Operation Statistics

A simple, un-opinionated, zero-dependency way to implement rate limiting in GraphQL. The package inspects your queries and reports the total depth. You then decide what to do with that information.

GraphQL presents some interesting issues with rate limiting.

In a typical REST setup, you can simply rate limit by the number of requests sent to your server.

But, a GraphQL query can look like this:

query {
  user1: user(name: "matt") {
    email
  }
  user2: user(name: "andy") {
    pets {
      name
      owner {
        name
      }
    }
  }
  user3: user(name: "andy") {
    pets {
      name
      user {
        name
        pets {
          name
          user {
            name
            pets {
              name
              ...etc
            }
          }
        }
      }
    }
  }
}

This query not only sends 3 separate user lookups. It allow exposes the ability to recursively call nested resources.

GraphQL Operation Statistics gives you information about the query you are about to execute.

You simply pass it the query string and it returns the depthOfDeepestQuery and sumOfMaxDepthOnAllQueries for each operation.

Install

yarn add graphql-operation-statistics

npm i graphql-operation-statistics

Usage

// Example 1
import { getGraphQLQueryStats } from 'graphql-operation-statistics';
const stats = getGraphQLQueryStats(
  `query Users {
    user {
      pets {
        owner {
          pets {
            owner {
              pets {
                name
              }
            }
          }
        }
      }
    }
  }`
);
expect(stats['Users'].depthOfDeepestQuery).toBe(7);
expect(stats['Users'].sumOfMaxDepthOnAllQueries).toBe(7);

// Example 2
import { getGraphQLQueryStats } from 'graphql-operation-statistics';
const { query } = JSON.parse(body);
try {
  const stats = getGraphQLQueryStats(query);

  for (const operationName of Object.keys(stats)) {
    console.log(
      `${operationName} - total depth: ${stats[operationName].sumOfMaxDepthOnAllQueries} deepest query: ${stats[operationName].depthOfDeepestQuery}`
    );
  }
} catch (error) {
  console.error('The query passed in is not a valid', query);
}

// Example 3
import { getGraphQLQueryStats } from 'graphql-operation-statistics';
const response = getGraphQLQueryStats(
  `mutation($id: String!) { patch(id: $id) { metadata { id } } }`
);

expect(response['unnamedOperation1'].depthOfDeepestQuery).toBe(3);
expect(response['unnamedOperation1'].sumOfMaxDepthOnAllQueries).toBe(3);

Notes

If your operations do not have names, the function will return unnamedOperation1 where 1 increments for each unnamed operation.

This package does not care if you use Apollo Server, Serverless GraphQL, or anything else. You could even use it on the frontend if you wanted to inspect queries before sending them off.

graphql-operation-statistics development dependencies

graphql prettier tslib tsup typescript vitest

FAQs

What is graphql-operation-statistics?

A simple, un-opinionated, zero-dependency way to implement rate limiting in GraphQL. The package inspects your queries ... Visit Snyk Advisor to see a full health score report for graphql-operation-statistics, including popularity, security, maintenance & community analysis.

Is graphql-operation-statistics popular?

The npm package graphql-operation-statistics receives a total of 22 weekly downloads. As such, graphql-operation-statistics popularity was classified as limited. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is graphql-operation-statistics well maintained?

We found indications that graphql-operation-statistics is an Inactive project. See the full package health analysis to learn more about the package maintenance status.

Is graphql-operation-statistics safe to use?

The npm package graphql-operation-statistics was scanned for known vulnerabilities and missing license, and no issues were found. Thus the package was deemed as safe to use. See the full health analysis review.

Last updated on 28 March-2024, at 16:02 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP