graphql-cost-analysis icon indicating copy to clipboard operation
graphql-cost-analysis copied to clipboard

Published 20 hours ago verified publisher icon pa-bru

Is this still mainated? What are good alternatives?

Open AdamZaczek opened this issue 4 years ago • 3 comments

Hey! I'm looking for graphql api protection tools and this looks neat but I'm worried about using unmaintained dep in my app.

AdamZaczek avatar Jan 04 '21 14:01 AdamZaczek

Check out https://github.com/slicknode/graphql-query-complexity

This does pretty much everything this library does and more. It is fully customizable and extensible so you can bring your own logic and combine it with the built-in estimators. I'm actively maintaining this, it has more than 500k downloads/month and it is used by the big GraphQL frameworks like TypeGraphQL, NestJS, Nexus.

ivome avatar Jun 22 '21 19:06 ivome

Hey @ivome , thank you for the link. Can it be used as a proxy? For example, I want to prevent expensive queries to reach hasura.

Bessonov avatar Jun 22 '21 19:06 Bessonov

@Bessonov If you put a NodeJS proxy in front of it, you can just calculate the complexity and then only forward the queries that meet the criteria: https://github.com/slicknode/graphql-query-complexity#calculate-query-complexity

Since Hasura has a generated GraphQL API, you could also create an estimator that adds all the configuration automatically. That's what we're doing at Slicknode

ivome avatar Jun 22 '21 19:06 ivome