graphiql 正在参加 2021 年度 OSC 中国开源项目评选,请投票支持!
graphiql 在 2021 年度 OSC 中国开源项目评选 中已获得 {{ projectVoteCount }} 票,请投票支持!
2021 年度 OSC 中国开源项目评选 正在火热进行中,快来投票支持你喜欢的开源项目!
2021 年度 OSC 中国开源项目评选 >>> 中场回顾
graphiql 获得 2021 年度 OSC 中国开源项目评选「最佳人气项目」 !
授权协议 MIT License
开发语言 Java
操作系统 跨平台
软件类型 开源软件
所属分类 大数据数据查询
开源组织
地区 不详
投 递 者 首席测试
适用人群 未知
收录时间 2021-11-23

软件简介

Black Lives Matter 🖤

GraphQL IDE Monorepo

Note: The primary maintainer @acao is on hiatus until December 2020 Looking for the GraphiQL Docs?: This is the root of the monorepo! The full GraphiQL docs are located at packages/graphiql

Build Status Discord Code Coverage GitHub top language GitHub language count Snyk Vulnerabilities for GitHub Repo LGTM Grade LGTM Alerts CII Best Practices

Overview

GraphiQL is the reference implementation of this monorepo, GraphQL IDE, an official project under the GraphQL Foundation. The code uses the permissive MIT license.

Whether you want a simple GraphiQL IDE instance for your server, or a more advanced web or desktop GraphQL IDE experience for your framework or plugin, or you want to build an IDE extension or plugin, you've come to the right place!

The purpose of this monorepo is to give the GraphQL Community:

  • a to-specification official language service (see: API Docs)
  • a comprehensive LSP server and CLI service for use with IDEs
  • a codemirror mode
  • a monaco mode (in the works)
  • an example of how to use this ecosystem with GraphiQL.
  • examples of how to implement or extend GraphiQL.

Latest Stable Ecosystem

graphiql@1.0.x and ecosystem are organized as below. Any further changes to graphiql@1.0.x are made against 1.0.0 branch

Diagram of the current Monorepo and third party ecosystem

Proposed Ecosystem

As we re-write for graphiql@2.x ecosystem, this monorepo will contain an sdk and plugins.

Diagram of the proposed Monorepo and third party ecosystem

GraphiQL

Breaking Changes & Improvements: several interfaces are being dropped for new ones are arriving for GraphiQL 1.0.0! Read more in this issue

NPM jsDelivr hits (npm) npm downloads Snyk Vulnerabilities for npm package npm bundle size (version) npm bundle size (version)

Screenshot of GraphiQL with Doc Explorer Open

/ˈɡrafək(ə)l/ A graphical interactive in-browser GraphQL IDE. Try the live demo. We also have a demo using our latest netlify build for the main branch.

The GraphiQL IDE, implemented in React, currently using GraphQL mode for CodeMirror & GraphQL Language Service.

Learn more about GraphiQL in packages/graphiql/README.md

How To Setup/Implement GraphiQL

Edit graphiql-example

The GraphiQL Readme explains some of the ways to implement GraphiQL, and we also have the examples directory as well!

Monaco GraphQL

NPM jsDelivr hits (npm) npm downloads Snyk Vulnerabilities for npm package

Provides monaco editor with a powerful, schema-driven graphql language mode.

See the webpack example for a plain javascript demo using github API

CodeMirror GraphQL

NPM jsDelivr hits (npm) npm downloads Snyk Vulnerabilities for npm package

Animated Codemirror GraphQL Completion Example

Provides CodeMirror with a parser mode for GraphQL along with a live linter and typeahead hinter powered by your GraphQL Schema

GraphQL Language Service

NPM npm downloads Snyk Vulnerabilities for npm package

Provides a command-line interface for running GraphQL Language Service Server for various IDEs.

GraphQL Language Service Server

NPM npm downloads Snyk Vulnerabilities for npm package

An almost fully LSP compliant server process backing the GraphQL Language Service.

GraphQL Language Service Interface

NPM jsDelivr hits (npm) npm downloads Snyk Vulnerabilities for npm package

Runtime agnostic Language Service used by GraphQL mode for CodeMirror and GraphQL Language Service Server

GraphQL Language Service Parser

NPM npm downloads Snyk Vulnerabilities for npm package

An online immutable parser for GraphQL, designed to be used as part of syntax-highlighting and code intelligence tools such as for the GraphQL Language Service and codemirror-graphql.

GraphQL Language Service Types

NPM npm downloads

Flow and Typescript type definitions for the GraphQL Language Service.

GraphQL Language Service Utilities

NPM npm downloads Snyk Vulnerabilities for npm package

Utilities to support the GraphQL Language Service.

Browser & Runtime Support

Many of these packages need to work in multiple environments.

By default, all typescript packages target es6.

graphql-language-service-server and graphql-language-service-cli are made for the node runtime, so they target es2017

codemirror-graphql and the graphiql browser bundle use the .browserslistrc, which targets modern browsers to keep bundle size small and keep the language services performant where async/await is used, and especially to avoid the requirement of rengenerator-runtime or special babel configuration.

.browserslistrc:

last 2 versions
Firefox ESR
not dead
not IE 11
not ios 10
maintained node versions

To be clear, we do not support Internet Explorer or older versions of evergreen browsers.

Development

To get setup for local development of this monorepo, refer to DEVELOPMENT.md

Contributing to this repo

This is an open source project, and we welcome contributions. Please see CONTRIBUTING.md for details on how to contribute.

This repository is managed by EasyCLA. Project participants must sign the free GraphQL Specification Membership agreement before making a contribution. You only need to do this one time, and it can be signed by individual contributors or their employers.

To initiate the signature process please open a PR against this repo. The EasyCLA bot will block the merge if we still need a membership agreement from you.

Please note that EasyCLA is configured to accept commits from certain GitHub bots. These are approved on an exception basis once we are confident that any content they create is either generated by the bot itself or written by someone who has already signed the CLA (e.g., a project maintainer).

Please note that EasyCLA is configured to accept commits from certain GitHub bots. These are approved on an exception basis once we are confident that any content they create is either unlikely to consist of copyrightable content or else was written by someone who has already signed the CLA (e.g., a project maintainer). The bots that have currently been approved as exceptions are:

  • github-actions (exclusively for the changesets Action)

You can find detailed information here. If you have issues, please email operations@graphql.org.

Maintainers

Maintainers of this repository regulary review PRs and issues and help advance the GraphiQL roadmap

Alumni

Originally this was three seperate repositories

  • @leebyron - original author of all libraries
  • @asiandrummer - original creator of GraphiQL
  • @wincent - early co-author and maintainer
  • @lostplan - maintained the language service ecosystem until about 2017
  • @IvanGoncharov - maintainer and transitional mentor to @acao and others

Active

Fielding Proposals!

The door is open for proposals for the new GraphiQL Plugin API, and other ideas on how to make the rest of the IDE ecosystem more performant, scaleable, interoperable and extensible. Feel free to open a PR to create a document in the /proposals/ directory. Eventually we hope to move these to a repo that serves this purpose.

Community

  • Discord Discord - Most discussion outside of github happens on the GraphQL Discord Server
  • Twitter - @GraphiQL and #GraphiQL
  • GitHub - Create feature requests, discussions issues and bugs above
  • Working Group - Yes, you're invited! Monthly planning/decision making meetings, and working sessions every two weeks on zoom! Learn more.
展开阅读全文

代码

评论

点击引领话题📣 发布并加入讨论🔥
暂无内容
发表了博客
{{o.pubDate | formatDate}}

{{formatAllHtml(o.title)}}

{{parseInt(o.replyCount) | bigNumberTransform}}
{{parseInt(o.viewCount) | bigNumberTransform}}
没有更多内容
暂无内容
发表了问答
{{o.pubDate | formatDate}}

{{formatAllHtml(o.title)}}

{{parseInt(o.replyCount) | bigNumberTransform}}
{{parseInt(o.viewCount) | bigNumberTransform}}
没有更多内容
暂无内容
Indutny Elliptic 加密问题漏洞
密码算法不安全
Indutny Elliptic是Indutny个人开发者的一个基于Javascript为应用提供快速椭圆曲线加密的代码库。 Indutny Elliptic 存在安全漏洞,该漏洞源于没有检查来确认公钥。
CVE-2020-28498 MPS-2021-1176
2022-08-08 19:09
nodejs 安全漏洞
拒绝服务
nodejs是是一个基于ChromeV8引擎的JavaScript运行环境通过对Chromev8引擎进行了封装以及使用事件驱动和非阻塞IO的应用让Javascript开发高性能的后台应用成为了可能。 nodejs-tmpl存在安全漏洞,该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。
CVE-2021-3777 MPS-2021-31423
2022-08-08 19:09
Async 安全漏洞
原型污染
Async是英国Caolan McMahon个人开发者的一个实用模块。用于使用异步 JavaScript。 Async 3.2.1 及之前版本存在安全漏洞,该漏洞源于 mapValues() 方法。攻击者可通过 mapValues() 方法获取权限。
CVE-2021-43138 MPS-2021-34434
2022-08-08 19:09
css-what存在未明漏洞
css-what是一个CSS选择器解析器。 css-what 5.0.1之前版本存在安全漏洞,该漏洞源于css-what包并不能确保属性解析具有相对于输入大小的线性时间复杂度。目前没有详细漏洞细节提供。
CVE-2021-33587 MPS-2021-7397
2022-08-08 19:09
shelljs 安全漏洞
特权管理不恰当
shelljs是基于Node.js API 的 Unix shell 命令的可移植(Windows/Linux/OS X)实现。 shelljs存在安全漏洞,该漏洞源于不适当的权限管理,攻击者可利用该漏洞进行越权访问。
CVE-2022-0144 MPS-2022-0508
2022-08-08 19:09
NPM url-parse授权绕过漏洞
Url-Parse是一个跨Node.js和浏览器环境无缝工作的小型Url解析器。NPM url-parse 1.5.8之前版本存在授权绕过漏洞,攻击者可利用该漏洞通过用户控制的密钥绕过授权。
CVE-2022-0686 MPS-2022-4464
2022-08-08 19:09
uglify-js 存在ReDoS漏洞
ReDoS
uglify-js 是一个 JavaScript 解析器、压缩器、压缩器和美化工具包。此软件包的受影响版本容易通过 string_template 和 decode_template 函数受到正则表达式拒绝服务 (ReDoS) 的攻击。
MPS-2022-14112
2022-08-08 19:09
Npm Braces资源管理错误漏洞
拒绝服务
Npm Braces是美国Npm公司的一个应用程序。Bash的括号扩展,以JavaScript实现。 Braces 2.3.1之前版本存在安全漏洞,攻击者可利用该漏洞使用正则表达式拒绝服务(ReDoS)攻击。
CVE-2018-1109 MPS-2021-3692
2022-08-08 19:09
Andrey Sitnik postcss 安全漏洞
Andrey Sitnik postcss是Andrey Sitnik开源的一个应用程序,用于使用JS插件进行样式转换。 在漏洞版本中该程序在源映射解析期间受到正则表达式拒绝服务(ReDoS)的攻击。
CVE-2021-23368 MPS-2021-4549
2022-08-08 19:09
Digital Bazaar Forge 输入验证错误漏洞
跨站重定向
Digital Bazaar Forge是美国Digital Bazaar公司的一个 Tls 在 Javascript 中的本机实现以及用于编写基于加密和网络密集型 Web 应用程序的开源工具。 Digital Bazaar Forge 中存在输入验证错误漏洞,该漏洞源于产品允许URL重定向到不受信任的站点。
CVE-2022-0122 MPS-2022-0421
2022-08-08 19:09
cypress 存在缺省权限不正确漏洞
缺省权限不正确
此软件包的受影响版本容易受到不安全配置的影响。
MPS-2022-13616
2022-08-08 19:09
highlight.js 存在拒绝服务漏洞
拒绝服务
highlight.js 是一个用 JavaScript 编写的语法荧光笔。它可以在浏览器和服务器上工作。它几乎适用于任何标记,不依赖于任何框架,并且具有自动语言检测功能。此软件包的受影响版本容易受到正则表达式拒绝服务 (ReDoS) 的攻击,这些攻击通过多语言突出显示中的指数和多项式灾难性回溯进行。
MPS-2022-13759
2022-08-08 19:09
node-forge 存在原型污染漏洞
原型污染
node-forge 是网络传输、密码学、密码、PKI、消息摘要和各种实用程序的 JavaScript 实现。此软件包的受影响版本容易受到通过伪造的原型污染。
MPS-2022-13920
2022-08-08 19:09
github ws 资源管理错误漏洞
github ws是一个应用软件。一种易于使用,运行迅速且经过全面测试的WebSocket客户端和服务器实现的方法。 漏洞版本中“Sec-Websocket-Protocol”标头的一个特殊的值可以用来显著降低ws服务器的速度,从而导致拒绝服务漏洞。
CVE-2021-32640 MPS-2021-7109
2022-08-08 19:09
Sindre Sorhus IS-SVG 安全漏洞
不加限制或调节的资源分配
Sindre Sorhus is-svg是 (Sindre Sorhus)开源的一个应用软件。提供检查字符串或缓冲区是否为SVG功能。 IS-SVG 存在安全漏洞,该漏洞源于当应用程序检查一个精心制作的无效SVG字符串时,就会出现正则表达式拒绝服务(ReDOS)。
CVE-2021-29059 MPS-2021-8684
2022-08-08 19:09
merge 存在拒绝服务漏洞
拒绝服务
merge 是一个库,允许您将多个对象合并为一个,可以选择创建一个新的克隆对象。类似于 jQuery.extend 但更灵活。在 Node.js 和浏览器中工作。此软件包的受影响版本容易受到原型污染。
MPS-2022-13875
2022-08-08 19:09
Digital Bazaar Forge数据伪造问题漏洞
密码学签名的验证不恰当
Digital Bazaar Forge是美国Digital Bazaar公司的一个Tls在Javascript中的本机实现以及用于编写基于加密和网络密集型Web应用程序的开源工具。digitalbazaar Forge 1.3.0之前版本存在数据伪造问题漏洞,该漏洞源于RSA PKCS#1 v1.5签名验证码在解码 `DigestInfo` ASN.1 结构后不检查尾随垃圾字节。攻击者可以删除填充字节利用该漏洞添加垃圾数据以伪造签名。
CVE-2022-24772 MPS-2022-3739
2022-08-08 19:09
nanoid安全漏洞
不正确的类型转换
nanoid是用于 JavaScript 的小型、安全、URL 友好、唯一的字符串 ID 生成器。 nanoid安全中存在漏洞,该漏洞源于nanoid 容易通过 valueOf() 函数受到信息暴露的影响,该函数允许重现最后生成的 id。
CVE-2021-23566 MPS-2021-19605
2022-08-08 19:09
undici < 5.7.1 存在CRLF序列注入漏洞
CRLF注入
undici是一个HTTP/1.1客户端。在小于5.7.1的undici版本中,可以将 CRLF序列注入到 undici 中的请求标头中,从而引起http请求拆分漏洞。
CVE-2022-31150 MPS-2022-11180
2022-08-08 19:09
url-parse 安全漏洞
通过用户控制密钥绕过授权机制
Url-Parse是一个跨 Node.js 和浏览器环境无缝工作的小型 Url 解析器。 url-parse 1.5.7之前版本存在安全漏洞,攻击者可利用该漏洞通过用户控制的密钥绕过授权。
CVE-2022-0639 MPS-2022-4297
2022-08-08 19:09
没有更多内容
加载失败,请刷新页面
点击加载更多
加载中
下一页
0 评论
0 收藏
分享
OSCHINA
登录后可查看更多优质内容
返回顶部
顶部