{"id":13452475,"url":"https://github.com/ardatan/graphql-tools","last_synced_at":"2025-09-09T20:21:05.448Z","repository":{"id":37074258,"uuid":"54432168","full_name":"ardatan/graphql-tools","owner":"ardatan","description":":wrench: Utility library for GraphQL to build, stitch and mock GraphQL schemas in the SDL-first approach","archived":false,"fork":false,"pushed_at":"2025-09-06T21:40:42.000Z","size":55159,"stargazers_count":5411,"open_issues_count":168,"forks_count":830,"subscribers_count":76,"default_branch":"master","last_synced_at":"2025-09-07T19:03:42.382Z","etag":null,"topics":["graphql","graphql-api","graphql-js","graphql-schema","javascript","mock","schema-language","schema-stitching","typescript"],"latest_commit_sha":null,"homepage":"https://www.graphql-tools.com","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ardatan.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":["ardatan","yaacovCR"]}},"created_at":"2016-03-22T00:14:38.000Z","updated_at":"2025-09-06T21:39:12.000Z","dependencies_parsed_at":"2024-02-19T12:54:59.117Z","dependency_job_id":"c0962270-f811-47d5-841b-c918a7b05aea","html_url":"https://github.com/ardatan/graphql-tools","commit_stats":{"total_commits":6030,"total_committers":401,"mean_commits":"15.037406483790523","dds":0.5598673300165837,"last_synced_commit":"fffaf474525eeecc6d9ba25417c1b97eb546aac8"},"previous_names":["apollographql/graphql-tools","apollostack/graphql-tools","apollostack/apollo-proxy"],"tags_count":3338,"template":false,"template_full_name":null,"purl":"pkg:github/ardatan/graphql-tools","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ardatan%2Fgraphql-tools","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ardatan%2Fgraphql-tools/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ardatan%2Fgraphql-tools/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ardatan%2Fgraphql-tools/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ardatan","download_url":"https://codeload.github.com/ardatan/graphql-tools/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ardatan%2Fgraphql-tools/sbom","scorecard":{"id":203077,"data":{"date":"2025-08-11","repo":{"name":"github.com/ardatan/graphql-tools","commit":"7705d4e96d02414fdc72842513a014ec648faf15"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6.2,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":0,"reason":"Found 0/19 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'packages' permission set to 'read': .github/workflows/codeql-analysis.yml:40","Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:43","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:44","Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr.yml:20","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:14","Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Warn: no topLevel permission defined: .github/workflows/pr.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Warn: no topLevel permission defined: .github/workflows/tests.yml:1","Warn: no topLevel permission defined: .github/workflows/website.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Pinned-Dependencies","score":3,"reason":"dependency not pinned by hash detected -- score normalized to 3","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/ardatan/graphql-tools/pr.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/ardatan/graphql-tools/pr.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/ardatan/graphql-tools/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/ardatan/graphql-tools/tests.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/ardatan/graphql-tools/tests.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/ardatan/graphql-tools/tests.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/ardatan/graphql-tools/tests.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/website.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/ardatan/graphql-tools/website.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/website.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/ardatan/graphql-tools/website.yml/master?enable=pin","Info:   9 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   3 out of  12 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"SAST","score":9,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 29 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-16T23:09:13.872Z","repository_id":37074258,"created_at":"2025-08-16T23:09:13.873Z","updated_at":"2025-08-16T23:09:13.873Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274316563,"owners_count":25262709,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-09T02:00:10.223Z","response_time":80,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["graphql","graphql-api","graphql-js","graphql-schema","javascript","mock","schema-language","schema-stitching","typescript"],"created_at":"2024-07-31T07:01:25.144Z","updated_at":"2025-09-09T20:21:05.386Z","avatar_url":"https://github.com/ardatan.png","language":"TypeScript","readme":"[![GraphQLConf 2024 Banner: September 10-12, San Francisco. Hosted by the GraphQL Foundation](https://github.com/user-attachments/assets/bdb8cd5d-5186-4ece-b06b-b00a499b7868)](https://graphql.org/conf/2024/?utm_source=github\u0026utm_medium=graphql_tools\u0026utm_campaign=readme)\n\n[![toolkit](https://user-images.githubusercontent.com/20847995/80261023-feb6e380-8691-11ea-8680-5747fa02c5d8.gif)](https://graphql-tools.com)\n\n[![npm version](https://badge.fury.io/js/%40graphql-tools%2Futils.svg)](https://badge.fury.io/js/%40graphql-tools%2Futils)\n[![CI](https://github.com/ardatan/graphql-tools/workflows/CI/badge.svg)](https://github.com/ardatan/graphql-tools/actions)\n[![Discord Chat](https://img.shields.io/discord/625400653321076807)](https://discord.gg/xud7bH9)\n[![code style: prettier](https://img.shields.io/badge/code_style-prettier-ff69b4.svg?style=flat-square)](https://github.com/prettier/prettier)\n[![renovate-app badge][renovate-badge]][renovate-app]\n\n[renovate-badge]: https://img.shields.io/badge/renovate-app-blue.svg\n[renovate-app]: https://renovateapp.com/\n\nThis package provides a few useful ways to create a GraphQL schema:\n\n1. Use the GraphQL schema language to\n   [generate a schema](https://graphql-tools.com/docs/generate-schema) with full support for\n   resolvers, interfaces, unions, and custom scalars. The schema produced is completely compatible\n   with [GraphQL.js](https://github.com/graphql/graphql-js).\n2. [Mock your GraphQL API](https://graphql-tools.com/docs/mocking) with fine-grained per-type\n   mocking\n3. Automatically\n   [stitch multiple schemas together](https://www.graphql-tools.com/docs/stitch-combining-schemas)\n   into one larger API\n\n## Documentation\n\n[Read the docs.](https://graphql-tools.com/docs/introduction)\n\n## Binding to HTTP\n\nIf you want to bind your JavaScript GraphQL schema to an HTTP server, you can use\n[`GraphQL Yoga`](https://www.graphql-yoga.com) .\n\nYou can develop your JavaScript based GraphQL API with `graphql-tools` and `GraphQL Yoga` together:\nOne to write the schema and resolver code, and the other to connect it to a web server.\n\n## Example\n\nWhen using `graphql-tools`, you describe the schema as a GraphQL type language string:\n\n```js\nconst typeDefs = /* GraphQL */ `\n  type Author {\n    id: ID! # the ! means that every author object _must_ have an id\n    firstName: String\n    lastName: String\n    \"\"\"\n    the list of Posts by this author\n    \"\"\"\n    posts: [Post]\n  }\n\n  type Post {\n    id: ID!\n    title: String\n    author: Author\n    votes: Int\n  }\n\n  # the schema allows the following query:\n  type Query {\n    posts: [Post]\n  }\n\n  # this schema allows the following mutation:\n  type Mutation {\n    upvotePost(postId: ID!): Post\n  }\n\n  # we need to tell the server which types represent the root query\n  # and root mutation types. We call them RootQuery and RootMutation by convention.\n  schema {\n    query: Query\n    mutation: Mutation\n  }\n`\n\nexport default typeDefs\n```\n\nThen you define resolvers as a nested object that maps type and field names to resolver functions:\n\n```js\nconst resolvers = {\n  Query: {\n    posts() {\n      return posts\n    }\n  },\n  Mutation: {\n    upvotePost(_, { postId }) {\n      const post = find(posts, { id: postId })\n      if (!post) {\n        throw new Error(`Couldn't find post with id ${postId}`)\n      }\n      post.votes += 1\n      return post\n    }\n  },\n  Author: {\n    posts(author) {\n      return filter(posts, { authorId: author.id })\n    }\n  },\n  Post: {\n    author(post) {\n      return find(authors, { id: post.authorId })\n    }\n  }\n}\n\nexport default resolvers\n```\n\nAt the end, the schema and resolvers are combined using `makeExecutableSchema`:\n\n```js\nimport { makeExecutableSchema } from '@graphql-tools/schema'\n\nconst executableSchema = makeExecutableSchema({\n  typeDefs,\n  resolvers\n})\n```\n\nGraphQL-Tools schema can be consumed by frameworks like GraphQL Yoga, Apollo GraphQL or\nexpress-graphql For example in Node.js;\n\n```js\nconst { createYoga } = require('graphql-yoga')\nconst { createServer } = require('http')\n\nconst yoga = createYoga({\n  schema: executableSchema\n})\n\nconst server = createServer(yoga)\n\nserver.listen(4000, () =\u003e {\n  console.log('Yoga is listening at http://localhost:4000/graphql')\n})\n```\n\nYou can check [GraphQL Yoga](https://www.graphql-yoga.com) for other JavaScript platforms and\nframeworks besides vanilla Node.js HTTP.\n\nThis example has the entire type definition in one string and all resolvers in one file, but you can\ncombine types and resolvers from multiple files and objects, as documented in the\n[modularizing type definitions](https://graphql-tools.com/docs/schema-merging#merging-type-definitions)\nand [merging resolvers](https://graphql-tools.com/docs/schema-merging#merging-resolvers) section of\nthe docs.\n\n## Contributions\n\nContributions, issues and feature requests are very welcome. If you are using this package and fixed\na bug for yourself, please consider submitting a PR!\n\nAnd if this is your first time contributing to this project, please do read our\n[Contributor Workflow Guide](https://github.com/the-guild-org/Stack/blob/master/CONTRIBUTING.md)\nbefore you get started off.\n\n### Code of Conduct\n\nHelp us keep GraphQL Tools open and inclusive. Please read and follow our\n[Code of Conduct](https://github.com/the-guild-org/Stack/blob/master/CODE_OF_CONDUCT.md) as adopted\nfrom [Contributor Covenant](https://www.contributor-covenant.org/)\n\n## Maintainers\n\n- [@yaacovCR](https://github.com/yaacovCR)\n- [@kamilkisiela](https://github.com/kamilkisiela) ([The Guild](https://github.com/the-guild-org))\n- [@Urigo](https://github.com/Urigo) ([The Guild](https://github.com/the-guild-org))\n- [@ardatan](https://github.com/ardatan) ([The Guild](https://github.com/the-guild-org))\n- [@dotansimha](https://github.com/dotansimha) ([The Guild](https://github.com/the-guild-org))\n","funding_links":["https://github.com/sponsors/ardatan","https://github.com/sponsors/yaacovCR"],"categories":["TypeScript","GraphQL Tool, Libraries, and Frameworks","graphql"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fardatan%2Fgraphql-tools","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fardatan%2Fgraphql-tools","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fardatan%2Fgraphql-tools/lists"}