{"id":30214485,"url":"https://github.com/mirego/absinthe_security","last_synced_at":"2025-08-14T00:40:22.426Z","repository":{"id":211467188,"uuid":"725721965","full_name":"mirego/absinthe_security","owner":"mirego","description":"AbsintheSecurity provides utilities to improve the security posture of APIs built with Absinthe GraphQL.","archived":false,"fork":false,"pushed_at":"2023-12-11T16:35:17.000Z","size":45,"stargazers_count":16,"open_issues_count":0,"forks_count":0,"subscribers_count":24,"default_branch":"main","last_synced_at":"2025-08-09T19:51:48.445Z","etag":null,"topics":["absinthe","absinthe-graphql","elixir","elixir-lang","security"],"latest_commit_sha":null,"homepage":"https://open.mirego.com","language":"Elixir","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mirego.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2023-11-30T18:30:17.000Z","updated_at":"2025-01-25T20:32:39.000Z","dependencies_parsed_at":"2023-12-08T18:48:34.069Z","dependency_job_id":null,"html_url":"https://github.com/mirego/absinthe_security","commit_stats":null,"previous_names":["mirego/absinthe_security"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/mirego/absinthe_security","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mirego%2Fabsinthe_security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mirego%2Fabsinthe_security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mirego%2Fabsinthe_security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mirego%2Fabsinthe_security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mirego","download_url":"https://codeload.github.com/mirego/absinthe_security/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mirego%2Fabsinthe_security/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":270342210,"owners_count":24567642,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-13T02:00:09.904Z","response_time":66,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["absinthe","absinthe-graphql","elixir","elixir-lang","security"],"created_at":"2025-08-14T00:40:17.786Z","updated_at":"2025-08-14T00:40:22.241Z","avatar_url":"https://github.com/mirego.png","language":"Elixir","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n  \u003cimg src=\"https://github.com/mirego/absinthe_security/assets/11348/3814bf39-6a9d-4e72-9029-8e66b0b9f761\" width=\"700\" /\u003e\n  \u003cp\u003e\u003cbr /\u003e\u003ccode\u003eAbsintheSecurity\u003c/code\u003e provides utilities to improve the security posture of APIs built with \u003ca href=\"https://absinthe-graphql.org/\"\u003eAbsinthe GraphQL\u003c/a\u003e.\u003c/p\u003e\n  \u003ca href=\"https://github.com/mirego/absinthe_security/actions/workflows/ci.yaml?branch=main\"\u003e\u003cimg src=\"https://github.com/mirego/absinthe_security/actions/workflows/ci.yaml/badge.svg?branch=main\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://hex.pm/packages/absinthe_security\"\u003e\u003cimg src=\"https://img.shields.io/hexpm/v/absinthe_security.svg\" /\u003e\u003c/a\u003e\n\u003c/div\u003e\n\n## Installation\n\nAdd `absinthe_security` to the `deps` function in your project’s `mix.exs` file:\n\n```elixir\ndefp deps do\n  [\n    {:absinthe_security, \"~\u003e 0.1\"}\n  ]\nend\n```\n\nThen run `mix do deps.get, deps.compile` inside your project’s directory.\n\n## Usage\n\nFirst, initialize `Absinthe.Plug` with a custom configuration:\n\n```elixir\nforward(\"/graphql\",\n  to: Absinthe.Plug,\n  init_opts: MyAppGraphQL.configuration()\n)\n```\n\nYour custom configuration (with all of `AbsintheSecurity`’s checks) might look like this:\n\n```elixir\ndefmodule MyAppGraphQL do\n  def configuration do\n    [schema: MyAppGraphQL.Schema, pipeline: {__MODULE__, :absinthe_pipeline}]\n  end\n\n  def absinthe_pipeline(config, options) do\n    options = Absinthe.Pipeline.options(options)\n\n    config\n    |\u003e Absinthe.Plug.default_pipeline(options)\n    |\u003e Absinthe.Pipeline.insert_after(Absinthe.Phase.Document.Complexity.Result, {AbsintheSecurity.Phase.IntrospectionCheck, options})\n    |\u003e Absinthe.Pipeline.insert_after(Absinthe.Phase.Document.Result, {AbsintheSecurity.Phase.FieldSuggestionsCheck, options})\n    |\u003e Absinthe.Pipeline.insert_after(Absinthe.Phase.Document.Complexity.Result, {AbsintheSecurity.Phase.MaxAliasesCheck, options})\n    |\u003e Absinthe.Pipeline.insert_after(Absinthe.Phase.Document.Complexity.Result, {AbsintheSecurity.Phase.MaxDepthCheck, options})\n    |\u003e Absinthe.Pipeline.insert_after(Absinthe.Phase.Document.Complexity.Result, {AbsintheSecurity.Phase.MaxDirectivesCheck, options})\n  end\nend\n```\n\n### `AbsintheSecurity.Phase.IntrospectionCheck`\n\nDisable schema introspection queries at runtime.\n\n#### Configuration\n\n```elixir\nconfig :absinthe_security, AbsintheSecurity.Phase.IntrospectionCheck,\n  enable_introspection: System.get_env(\"GRAPHQL_ENABLE_INTROSPECTION\")\n```\n\n#### Pipeline\n\n```elixir\n|\u003e Absinthe.Pipeline.insert_after(Absinthe.Phase.Document.Complexity.Result, {AbsintheSecurity.Phase.IntrospectionCheck, options})\n```\n\n#### Reference\n\n\u003chttps://docs.escape.tech/vulnerabilities/information_disclosure/introspection_enabled\u003e\n\n### `AbsintheSecurity.Phase.DisableFieldSuggestions`\n\nDisable field suggestions in responses at runtime.\n\n#### Configuration\n\n```elixir\nconfig :absinthe_security, AbsintheSecurity.Phase.FieldSuggestionsCheck,\n  enable_field_suggestions: System.get_env(\"GRAPHQL_ENABLE_FIELD_SUGGESTIONS\")\n```\n\n#### Pipeline\n\n```elixir\n|\u003e Absinthe.Pipeline.insert_after(Absinthe.Phase.Document.Result, {AbsintheSecurity.Phase.FieldSuggestionsCheck, options})\n```\n\n#### Reference\n\n\u003chttps://docs.escape.tech/vulnerabilities/information_disclosure/graphql_field_suggestion\u003e\n\n### `AbsintheSecurity.Phase.MaxAliasesCheck`\n\nRestrict the number of aliases that can be used in queries.\n\n#### Configuration\n\n```elixir\nconfig :absinthe_security, AbsintheSecurity.Phase.MaxAliasesCheck,\n  max_alias_count: 100\n```\n\n#### Pipeline\n\n```elixir\n|\u003e Absinthe.Pipeline.insert_after(Absinthe.Phase.Document.Complexity.Result, {AbsintheSecurity.Phase.MaxAliasesCheck, options})\n```\n\n#### Reference\n\n\u003chttps://docs.escape.tech/vulnerabilities/resource_limitation/graphql_alias_limit\u003e\n\n### `AbsintheSecurity.Phase.MaxDepthCheck`\n\nRestrict the depth level that can be used in queries.\n\n#### Configuration\n\n```elixir\nconfig :absinthe_security, AbsintheSecurity.Phase.MaxDepthCheck,\n  max_depth_count: 100\n```\n\n#### Pipeline\n\n```elixir\n|\u003e Absinthe.Pipeline.insert_after(Absinthe.Phase.Document.Complexity.Result, {AbsintheSecurity.Phase.MaxDepthCheck, options})\n```\n\n#### Reference\n\n\u003chttps://docs.escape.tech/vulnerabilities/resource_limitation/graphql_depth_limit\u003e\n\n### `AbsintheSecurity.Phase.MaxDirectivesCheck`\n\nRestrict the number of directives that can be used in queries.\n\n#### Configuration\n\n```elixir\nconfig :absinthe_security, AbsintheSecurity.Phase.MaxDirectivesCheck,\n  max_directive_count: 100\n```\n\n#### Pipeline\n\n```elixir\n|\u003e Absinthe.Pipeline.insert_after(Absinthe.Phase.Document.Complexity.Result, {AbsintheSecurity.Phase.MaxDirectivesCheck, options})\n```\n\n#### Reference\n\n\u003chttps://docs.escape.tech/vulnerabilities/resource_limitation/graphql_directive_overload\u003e\n\n## License\n\n`AbsintheSecurity` is © 2023 [Mirego](https://www.mirego.com) and may be freely distributed under the [New BSD license](http://opensource.org/licenses/BSD-3-Clause). See the [`LICENSE.md`](https://github.com/mirego/absinthe_security/blob/main/LICENSE.md) file.\n\n## About Mirego\n\n[Mirego](https://www.mirego.com) is a team of passionate people who believe that work is a place where you can innovate and have fun. We’re a team of [talented people](https://life.mirego.com) who imagine and build beautiful Web and mobile applications. We come together to share ideas and [change the world](http://www.mirego.org).\n\nWe also [love open-source software](https://open.mirego.com) and we try to give back to the community as much as we can.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmirego%2Fabsinthe_security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmirego%2Fabsinthe_security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmirego%2Fabsinthe_security/lists"}