graphql-safe-guards 1.0.1 → 1.0.2

package/README.md

@@ -2,29 +2,83 @@
 
 Protect your GraphQL API with a single import.
 
+A tiny utility that **combines depth limiting and query complexity validation**
+using native GraphQL validation rules.
+
+---
+
 ## Installation
 
+```bash
 npm install graphql-safe-guards
+```
 
-## Usage
+---
+
+## Usage (Apollo Server)
 
 ```ts
-import { graphqlSafeGuards } from "graphql-safe-guards";
+import { ApolloServer } from "@apollo/server";
+import { createSafeGuards } from "graphql-safe-guards";
 
 const server = new ApolloServer({
   schema,
-  validationRules: graphqlSafeGuards({
+  validationRules: createSafeGuards({
     depth: 3,
     complexity: 10,
   }),
 });
 ```
 
-What it includes
+---
+
+## Configuration
+
+```ts
+createSafeGuards({
+  depth?: number;       // default: 5
+  complexity?: number;  // default: 100
+});
+```
+
+---
+
+## What It Does
 
-- Query depth limiting
-- Query complexity limiting
-- Sensible defaults
+- Limits query depth
+- Limits query complexity
+- Uses native GraphQL validation
+- No schema directives
+- No runtime execution cost
 - Framework agnostic
 
+Internally, this package composes:
+
+- `graphql-safe-depth`
+- `graphql-complexity-validation`
+
+---
+
+## Supported Frameworks
+
+- Apollo Server
+- GraphQL Yoga
+- Envelop
+- NestJS GraphQL
+- Plain `graphql-js`
+
 ---
+
+## Why this exists
+
+Depth limiting and complexity analysis solve **different problems**.
+Most GraphQL servers need **both**, but wiring them together is repetitive.
+
+`graphql-safe-guards` provides a **single, predictable entry point**
+for GraphQL query safety.
+
+---
+
+## License
+
+MIT © Mateo Diaz

package/dist/index.d.ts

@@ -1,3 +1,3 @@
 import type { ValidationRule } from "graphql";
 import { GraphQLSafeGuardsOptions } from "./types";
-export declare function graphqlSafeGuards(options?: GraphQLSafeGuardsOptions): ValidationRule[];
+export declare function createSafeGuards(options?: GraphQLSafeGuardsOptions): ValidationRule[];

package/dist/index.js

@@ -1,10 +1,16 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.graphqlSafeGuards = graphqlSafeGuards;
+exports.createSafeGuards = createSafeGuards;
 const graphql_safe_depth_1 = require("graphql-safe-depth");
 const graphql_complexity_validation_1 = require("graphql-complexity-validation");
-function graphqlSafeGuards(options = {}) {
-    const { depth = 5, complexity = 100 } = options;
+const presets_1 = require("./presets");
+function createSafeGuards(options = {}) {
+    var _a, _b, _c, _d;
+    const presetConfig = options.preset
+        ? presets_1.SAFE_GUARD_PRESETS[options.preset]
+        : undefined;
+    const depth = (_b = (_a = options.depth) !== null && _a !== void 0 ? _a : presetConfig === null || presetConfig === void 0 ? void 0 : presetConfig.depth) !== null && _b !== void 0 ? _b : 5;
+    const complexity = (_d = (_c = options.complexity) !== null && _c !== void 0 ? _c : presetConfig === null || presetConfig === void 0 ? void 0 : presetConfig.complexity) !== null && _d !== void 0 ? _d : 100;
     return [
         (0, graphql_safe_depth_1.createDepthLimitRule)({ maxDepth: depth }),
         (0, graphql_complexity_validation_1.createComplexityLimitRule)({ maxComplexity: complexity }),

package/dist/presets.d.ts

@@ -0,0 +1,14 @@
+export declare const SAFE_GUARD_PRESETS: {
+    readonly strict: {
+        readonly depth: 3;
+        readonly complexity: 50;
+    };
+    readonly balanced: {
+        readonly depth: 5;
+        readonly complexity: 100;
+    };
+    readonly relaxed: {
+        readonly depth: 8;
+        readonly complexity: 200;
+    };
+};

package/dist/presets.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SAFE_GUARD_PRESETS = void 0;
+exports.SAFE_GUARD_PRESETS = {
+    strict: {
+        depth: 3,
+        complexity: 50,
+    },
+    balanced: {
+        depth: 5,
+        complexity: 100,
+    },
+    relaxed: {
+        depth: 8,
+        complexity: 200,
+    },
+};

package/dist/types.d.ts

@@ -1,4 +1,7 @@
+import { SAFE_GUARD_PRESETS } from "./presets";
+export type SafeGuardPreset = keyof typeof SAFE_GUARD_PRESETS;
 export interface GraphQLSafeGuardsOptions {
+    preset?: SafeGuardPreset;
     depth?: number;
     complexity?: number;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "graphql-safe-guards",
-  "version": "1.0.1",
+  "version": "1.0.2",
   "description": "Opinionated GraphQL security guards (depth + complexity) in one import",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/test/graphqlSafeGuards.test.ts

@@ -1,15 +1,28 @@
 import { describe, it, expect } from "vitest";
-import { graphqlSafeGuards } from "../src";
+import { createSafeGuards } from "../src";
 
-describe("graphqlSafeGuards", () => {
-  it("returns validation rules", () => {
-    const rules = graphqlSafeGuards({
-      depth: 3,
-      complexity: 10,
+describe("createSafeGuards", () => {
+  it("uses strict preset", () => {
+    const rules = createSafeGuards({ preset: "strict" });
+
+    expect(rules).toHaveLength(2);
+  });
+
+  it("allows overriding preset values", () => {
+    const rules = createSafeGuards({
+      preset: "strict",
+      depth: 10,
+    });
+
+    expect(rules).toHaveLength(2);
+  });
+
+  it("works without preset (backward compatible)", () => {
+    const rules = createSafeGuards({
+      depth: 4,
+      complexity: 20,
     });
 
     expect(rules).toHaveLength(2);
-    expect(typeof rules[0]).toBe("function");
-    expect(typeof rules[1]).toBe("function");
   });
 });