{"id":15292805,"url":"https://github.com/ganeshcse2991/validate-graphql","last_synced_at":"2025-10-11T16:20:43.795Z","repository":{"id":57153628,"uuid":"196167994","full_name":"ganeshcse2991/validate-graphql","owner":"ganeshcse2991","description":"validate-graphql is a simple and elegant module that provides you an easy way to validate your GraphQL queries and mutation with your own logic and YUP validation framework","archived":false,"fork":false,"pushed_at":"2020-01-17T10:03:42.000Z","size":24,"stargazers_count":9,"open_issues_count":1,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-09-27T02:27:27.277Z","etag":null,"topics":["graphql","graphql-api","graphql-apollo","graphql-validator"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ganeshcse2991.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-07-10T08:45:09.000Z","updated_at":"2023-08-30T02:15:07.000Z","dependencies_parsed_at":"2022-09-07T08:41:19.209Z","dependency_job_id":null,"html_url":"https://github.com/ganeshcse2991/validate-graphql","commit_stats":null,"previous_names":[],"tags_count":0,"template":true,"template_full_name":null,"purl":"pkg:github/ganeshcse2991/validate-graphql","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ganeshcse2991%2Fvalidate-graphql","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ganeshcse2991%2Fvalidate-graphql/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ganeshcse2991%2Fvalidate-graphql/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ganeshcse2991%2Fvalidate-graphql/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ganeshcse2991","download_url":"https://codeload.github.com/ganeshcse2991/validate-graphql/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ganeshcse2991%2Fvalidate-graphql/sbom","scorecard":{"id":418167,"data":{"date":"2025-08-11","repo":{"name":"github.com/ganeshcse2991/validate-graphql","commit":"2e64b56435932f6cbae198878a3ab2922153c37f"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":0,"reason":"Found 0/12 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}}]},"last_synced_at":"2025-08-19T00:27:24.473Z","repository_id":57153628,"created_at":"2025-08-19T00:27:24.473Z","updated_at":"2025-08-19T00:27:24.473Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279007790,"owners_count":26084364,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-11T02:00:06.511Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["graphql","graphql-api","graphql-apollo","graphql-validator"],"created_at":"2024-09-30T16:27:19.049Z","updated_at":"2025-10-11T16:20:43.740Z","avatar_url":"https://github.com/ganeshcse2991.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003c!-- \u003cp align=\"center\"\u003e\u003cimg src=\"https://validate-graphql.s3.amazonaws.com/ezgif.com-gif-maker+(1).gif\" width=\"250\" /\u003e\n\u003cimg src=\"https://validate-graphql.s3.amazonaws.com/ezgif.com-gif-maker+(2).gif\" width=\"250\" /\u003e\u003c/p\u003e --\u003e\n\n# validate-graphql\n[![NPM version](https://img.shields.io/npm/v/validate-graphql.svg?style=popout-square)](https://www.npmjs.com/package/validate-graphql)\n[![License: MIT](https://img.shields.io/github/license/ganeshcse2991/validate-graphql.svg)](https://opensource.org/licenses/MIT)\n\n`validate-graphql` is a simple and elegant module that provides you an easy way to validate your queries and mutation with your own logic and YUP validation module.\nThis allows an excellent way to configure your own validation logic by accepting your own validation functions that can be executed before your resolver gets executed.\n\n## Features\n- Can be used to validate type validation and value validation\n- Provides and easy way to write your own validation logic before your resolver is invoked\n- Enables you to effectively modularize your codebase by delegating your validation logic into separate module.\n- Written on Pure Javascript.\n\n## Install\n```sh\nnpm i --save validate-graphql\n```\n## Usage\nPlease add below line to import from validate-graphql\n\n```sh\nimport { ValidateGraphql, ValidatedQueries, ValidatedMutations } from 'validate-graphql';\n```\n\nLets say if you have your queries like below:\n```javascript\ngetAllUsers: {\n  type: new GraphQLList(userType),\n  args: {\n  \tid: userIdField,\n  },\n  resolve: resolveGetAllUsers,\n}\n\n\ncreateUser: {\n  type: userType,\n  args: {\n  \tname: userNameField,\n\tmanager: userManagerField,\n\temail: userEmailField\n  },\n  resolve: resolveCreateUser,\n}\n\n\nlet queries = [...getAllUsers, your_other_queries]\nlet mutations = [...createUser, your_other_mutations]\n```\nUse the below code on the file where you build your schema. This will build a custom schema on the application start.\n```javascript\n ValidateGraphql({ \"user_queries\": queries, \"product_queries\": product_queries }, { \"user_mutations\": mutations }); \n ```\n \n if you have only one queries array on the whole you can just use\n ```javascript\n ValidateGraphql({ \"my_queries\": queries }, { \"my_mutations\": mutations });\n ```\n \"my_queries\" and \"my_mutations\" are **user defined** names where you can provide any name of your choice.\n **queries, mutations** are your array of **graphql queries** and **graphql mutations** respectively.\n \n Then you should pass ```ValidatedQueries[\"my_queries\"]``` hash and ```ValidatedMutations[\"my_mutations\"]``` to your schema \n instead of **queries** and **mutations**\n \n\u003e Please refer example below\n```javascript\n let schema = new GraphQLSchema({\n\tquery: new GraphQLObjectType({\n\tname: 'RootQuery',\n\t\n\tfields: () =\u003e ValidatedQueries['my_queries'], \n\t\n\t}),\n\tmutation: new GraphQLObjectType({\n\tname: 'RootMutation',\n\t\n\tfields: () =\u003e ValidatedMutations['my_mutations'],\n\t\n\t}),\n   \n```\nSo instead of passing your queries and mutations directly you have to use ```ValidatedQueries[\"queries\"]``` and \n```ValidatedMutations[\"mutations\"]``` where \"queries\" and \"mutations\" arguments are the user defined names that you have given \nwhile invoking **ValidateGraphql** method.\n\nAnd Finally you have to add **validate** key to your query and mutation for which you want validation to be done:\n\n**validate** key will accept only a function. You will be getting args and context in the function that you will pass\nto the validate key.\n\nThe **function that you give in \"validate\"** should return a JSON with **status** field value as true/false.\nIf **status** is true your resolver gets executed, else you will an error JSON with two keys **{ status: \"Validation Failed\", message: \"Error message\"}**.\n\nIf you want to return **custom error message** from your own validate function you should pass **data** key in the \nreturn statement. Please see example below:\n\n```javascript\ngetAllUsers: {\n  type: new GraphQLList(userType),\n  args: {\n  id: userIdField,\n  role: userRoleField\n  },\n  resolve: resolveGetAllUsers,\n  \n  validate: function(args, context){ //Please note you will get only two arguments args and context\n    if(args.role == 'admin'){\n      return { status: true}\n    }else {\n      return { status: false, data: { code: \"103\", message: \"My Custome Error message\"}}\n      //In case your validation returns false response will be\n      //{ code: \"103\", message: \"My Custome Error message\"}\n    }\n  }\n},\n```\n\n## Using YUP\n\nYou can give your [YUP](https://github.com/jquense/yup) schema on the field **validationSchema** in your query and mutation.\nPlease see this link on how to create [YUP SCHEMA](https://github.com/jquense/yup).\n\n**NOTE: your \"validationSchema\"  will not get validated if you are not passing \"valildate\" field in your query and mutation.**\n**Also your validationSchema will get exectuted first before your \"validate\" function.**\n\nThe field **validationSchema** accepts a JSON with two keys **schema** and **error_field**. You should give your **YUP schema** in schema key and **\"errror_field\"** should contain a string, which is the field name for your errors in the response.\n\n```javascript\ngetAllUsers: {\n  type: new GraphQLList(userType),\n  args: {\n  id: userIdField,\n  role: userRoleField\n  email: userEmailField\n  },\n  resolve: resolveGetAllUsers,\n  \n  validate: function(args, context){ //Please note you will get only two arguments args and context\n    if(args.role == 'admin'){\n      return { status: true}\n    }else {\n      return { status: false, data: { code: \"103\", message: \"My Custome Error message\"}}\n      //In case your validation returns false response will be\n      //{ code: \"103\", message: \"My Custome Error message\"}\n    }\n  },\n  \n  \n  validationSchema: { schema: yupSchema, error_field: \"errors\" } //This will get executed before validate function\n  //This will give { errors: \"email is not valid\" } as response for bad emails\n  \n},\n```\n\n**NOTE- If you are not passing \"validate\" key and \"validationSchema\" key your normal resolvers will get invoked asusual.**\n\n\u003eIn case if you have doubt please post an issue and I will make sure this code base is updated frequently.\n\n## Methods\n\u003e **ValidateGraphql**(queriesJSON :JSON, mutationsJSON :JSON)\n\n**Please feel free to Contribute.**\n\n\u003ePlease give me a pull request after making changes to your forked repo.\n\n## License\n`validate-graphql` is released under the MIT license. See [LICENSE](./LICENSE) for details.  \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fganeshcse2991%2Fvalidate-graphql","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fganeshcse2991%2Fvalidate-graphql","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fganeshcse2991%2Fvalidate-graphql/lists"}