graphql-kotlin 正在参加 2021 年度 OSC 中国开源项目评选,请投票支持!
graphql-kotlin 在 2021 年度 OSC 中国开源项目评选 中已获得 {{ projectVoteCount }} 票,请投票支持!
2021 年度 OSC 中国开源项目评选 正在火热进行中,快来投票支持你喜欢的开源项目!
2021 年度 OSC 中国开源项目评选 >>> 中场回顾
graphql-kotlin 获得 2021 年度 OSC 中国开源项目评选「最佳人气项目」 !
授权协议 Apache-2.0 License
开发语言 Java
操作系统 跨平台
软件类型 开源软件
所属分类 大数据数据查询
地区 不详
投 递 者 首席测试
适用人群 未知
收录时间 2021-11-23


GraphQL Kotlin

Continuous Integration Publish Docs Discussions Slack

GraphQL Kotlin is a collection of libraries, built on top of graphql-java, that simplify running GraphQL clients and servers in Kotlin.

Visit our documentation site for more details.

📦 Modules

  • clients - Lightweight GraphQL Kotlin HTTP clients based on Ktor HTTP client and Spring WebClient
  • examples - Example apps that use graphql-kotlin libraries to test and demonstrate usages
  • generator - Code-First schema generator and extensions to build Apollo Federation schemas
  • plugins - Gradle and Maven plugins
  • servers - Common and library specific modules for running a GraphQL server

⌨️ Usage

While all the individual modules of graphql-kotlin are published as stand-alone libraries, the most common use cases are running a server, and genereating a type-safe client.

Server Example

A basic example of how you can run a GraphQL server can be found on our server documentation section.

Client Example

A basic setup of a GraphQL client can be found on our client documentation section.

📋 Documentation

More examples and documentation are available on our documentation site hosted in GitHub Pages. We also have the examples module which can be run locally for testing and shows example code using the libraries.

If you have a question about something you can not find in our documentation, the indivdual module READMEs, or javadocs, feel free to contribute to the docs or start a disucssion and tag it with the question label.

If you would like to contribute to our documentation see the website directory for more information.

🗞 Blog Posts and Videos

The Blogs & Videos page in the GraphQL Kotlin documentation links to blog posts, release announcements, conference talks about the library, and general talks about GraphQL at Expedia Group.

👥 Contact

This project is part of Expedia Group Open Source but also maintained by a dedicated team

If you have a specific question about the library or code, please start a disucssion for the community.

We also have a public channel, (#graphql-kotlin), open on the Kotlin Slack instance ( See the info here on how to join this slack instance.

✏️ Contributing

To get started, please fork the repo and checkout a new branch. You can then build the library locally with Gradle

./gradlew clean build

See more info in

After you have your local branch set up, take a look at our open issues to see where you can contribute.

🛡️ Security

For more info on how to contact the team for security issues or the supported versions that receive security updates, see

⚖️ License

This library is licensed under the Apache License, Version 2.0




点击引领话题📣 发布并加入讨论🔥
{{o.pubDate | formatDate}}


{{parseInt(o.replyCount) | bigNumberTransform}}
{{parseInt(o.viewCount) | bigNumberTransform}}
{{o.pubDate | formatDate}}


{{parseInt(o.replyCount) | bigNumberTransform}}
{{parseInt(o.viewCount) | bigNumberTransform}}
Async 安全漏洞
Async是英国Caolan McMahon个人开发者的一个实用模块。用于使用异步 JavaScript。 Async 3.2.1 及之前版本存在安全漏洞,该漏洞源于 mapValues() 方法。攻击者可通过 mapValues() 方法获取权限。
CVE-2021-43138 MPS-2021-34434
2022-08-08 18:51
Mermaid 输入验证错误漏洞
Mermaid是一个应用软件。使用文本和代码创建图表和可视化。 Mermaid 8.13.8之前版本存在输入验证错误漏洞,攻击者可利用该漏洞通过恶意图表在阅读图表的机器上运行javascript代码。
CVE-2021-43861 MPS-2021-36986
2022-08-08 18:51
Digital Bazaar Forge 数据伪造问题漏洞
Digital Bazaar Forge是美国Digital Bazaar公司的一个 Tls 在 Javascript 中的本机实现以及用于编写基于加密和网络密集型 Web 应用程序的开源工具。 Forge 1.3.0 版本之前 RSA PKCS 存在数据伪造问题漏洞,该漏洞源于 RSA PKCS 签名验证码对摘要算法结构的检查较为宽松。攻击者可以通过精心设计的结构窃取填充字节并在使用低公共指数时使用 PKCS#1 编码消息的未检查部分来伪造签名。
CVE-2022-24771 MPS-2022-3738
2022-08-08 18:51
Digital Bazaar Forge数据伪造问题漏洞
Digital Bazaar Forge是美国Digital Bazaar公司的一个Tls在Javascript中的本机实现以及用于编写基于加密和网络密集型Web应用程序的开源工具。digitalbazaar Forge 1.3.0之前版本存在数据伪造问题漏洞,该漏洞源于RSA PKCS#1 v1.5签名验证码在解码 `DigestInfo` ASN.1 结构后不检查尾随垃圾字节。攻击者可以删除填充字节利用该漏洞添加垃圾数据以伪造签名。
CVE-2022-24772 MPS-2022-3739
2022-08-08 18:51
Digital Bazaar Forge数据伪造问题漏洞
Digital Bazaar Forge是美国Digital Bazaar公司的一个Tls在Javascript中的本机实现以及用于编写基于加密和网络密集型Web应用程序的开源工具。Digital Bazaar Forge1.3.0之前版本存在数据伪造问题漏洞,该漏洞源于SA PKCS#1 v1.5签名验证码无法正确检查DigestInfo以获得正确的 ASN.1 结构。攻击者可以发送特殊的签名利用该漏洞以验证包含无效结构但有效摘要的签名。
CVE-2022-24773 MPS-2022-3740
2022-08-08 18:51
0 评论
0 收藏