{"id":26600670,"url":"https://github.com/multipliedtwice/typegraphql-prisma-graphql-query-purifier","last_synced_at":"2026-05-09T10:43:53.794Z","repository":{"id":207914365,"uuid":"720422534","full_name":"multipliedtwice/typegraphql-prisma-graphql-query-purifier","owner":"multipliedtwice","description":"Tiny library to filter excessive fields from incoming graphql queries. Matches request payloads against .gql files.","archived":false,"fork":false,"pushed_at":"2024-09-18T06:54:19.000Z","size":2864,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-15T22:35:12.964Z","etag":null,"topics":["graphql","query","security-tools","typegraphql","typegraphql-prisma"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/multipliedtwice.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-11-18T12:47:30.000Z","updated_at":"2025-01-11T09:38:54.000Z","dependencies_parsed_at":"2024-02-28T10:26:36.281Z","dependency_job_id":"8386d194-d78b-4413-ae15-72d01650d434","html_url":"https://github.com/multipliedtwice/typegraphql-prisma-graphql-query-purifier","commit_stats":null,"previous_names":["multipliedtwice/graphql-query-purifier","multipliedtwice/typegraphql-prisma-graphql-query-purifier"],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/multipliedtwice%2Ftypegraphql-prisma-graphql-query-purifier","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/multipliedtwice%2Ftypegraphql-prisma-graphql-query-purifier/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/multipliedtwice%2Ftypegraphql-prisma-graphql-query-purifier/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/multipliedtwice%2Ftypegraphql-prisma-graphql-query-purifier/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/multipliedtwice","download_url":"https://codeload.github.com/multipliedtwice/typegraphql-prisma-graphql-query-purifier/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245149640,"owners_count":20568941,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["graphql","query","security-tools","typegraphql","typegraphql-prisma"],"created_at":"2025-03-23T18:33:08.731Z","updated_at":"2026-05-09T10:43:48.762Z","avatar_url":"https://github.com/multipliedtwice.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# GraphQL Query Purifier\n[![Coverage](https://img.shields.io/codecov/c/github/multipliedtwice/graphql-query-purifier/main.svg)](https://codecov.io/gh/multipliedtwice/graphql-query-purifier)\n\n![typegraphql-prisma-purifier](./static/typegraphql-prisma-purifier.png)\n\n### [Demo](https://github.com/multipliedtwice/graphql-query-purifier-example)\n\nThis package provides a middleware for Express.js applications to manage and filter GraphQL queries based on `.gql` files. It is designed to enhance security and efficiency by allowing only specified queries to be processed by your GraphQL server.\n\n## Usage with [typegraphql-prisma](https://www.npmjs.com/package/typegraphql-prisma)\n\nTypeGraphQL-Prisma is a powerful integration that significantly simplifies backend development by automatically generating a fully-featured Node.js GraphQL API based on your Prisma schema. It turns your database schema into a fully-typed GraphQL API, making it an excellent tool for developers looking to bootstrap and quickly maintain robust Node.js GraphQL servers.\n\n## Problem\n\nWith all benefits of typegraphql-prisma and its resolvers, the main concern is security. Auto-generated resolvers allow to query any relation of any level deep and no way to prevent overquerying. This little library is an attempt to set boundaries for what can be requested by clients.\n\n## Features\n\n- **Query Filtering**: Filters incoming GraphQL queries based on a list of allowed queries defined in `.gql` files.\n- **Easy Integration**: Seamlessly integrates with existing Express.js and Apollo Server setups.\n- **Customizable**: Easily adaptable to different GraphQL schema setups.\n\n### Example\n\n#### Input Query\n\nAn incoming query sent to your server might look like this:\n\n```graphql\nquery findOneUser {\n  findOneUser {\n    id\n    name\n    email\n    password\n    posts {\n      title\n      content\n    }\n  }\n}\n```\n\n#### Allowed Query\n\n```graphql\nquery findOneUser {\n  findOneUser {\n    id\n    posts {\n      title\n    }\n  }\n}\n```\n\n#### Output Query\n\nThe GraphQLQueryPurifier processes the input query and filters out the non-allowed fields. The output query, which will be processed by your GraphQL server, becomes:\n\n```graphql\nquery findOneUser {\n  findOneUser {\n    id\n    posts {\n      title\n    }\n  }\n}\n```\n\nThe `email` and `posts.content` fields are removed from the query since they are not included in the allowed query.\n\n## Installation\n\nInstall the package using npm:\n\n```bash\nnpm install graphql-query-purifier\n\n## Or using yarn:\nyarn add graphql-query-purifier\n```\n\n## Usage\n\n```javascript\nimport express from 'express';\nimport path from 'path';\nimport { json } from 'body-parser';\nimport { GraphQLQueryPurifier } from 'graphql-query-purifier';\n\nconst app = express();\nconst gqlPath = path.resolve(__dirname, '../prisma/gql');\nconst queryPurifier = new GraphQLQueryPurifier({\n  gqlPath,\n\n  // optional:\n  allowStudio: true,\n  allow: false,\n  debug: false,\n});\n\n// make sure body parser is placed before\napp.use(json());\napp.use(queryPurifier.filter);\n\n// your graphql middleware\n```\n\n## API Reference\n\n- GraphQLQueryPurifier(gqlPath: string)\n\ngqlPath: Path to the directory containing your .gql files or folders with it.\n\n- filter(req, res, next)\n\nAn Express middleware function to filter incoming GraphQL queries.\n\n## P.S.\n\nIt doesn't copy `.gql` files, only watches for it. If your frontend is in another repo - you may need to handle copying of files before commit.\n\n### Contributing\n\nContributions are welcome!\n\n#### License\n\nThis project is licensed under the MIT License.\n\n#### Credits:\n- Super Kick Gym - [Brazilian Jiu Jitsu in Bangkok](https://en.bjj-bangkok.com)\n\n- Rememo - [Free Task Management and Corporate Chat](https://rememo.io)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmultipliedtwice%2Ftypegraphql-prisma-graphql-query-purifier","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmultipliedtwice%2Ftypegraphql-prisma-graphql-query-purifier","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmultipliedtwice%2Ftypegraphql-prisma-graphql-query-purifier/lists"}