UNPKG

graphql-playground-middleware-lambda

Version:

GraphQL IDE for better development workflows (GraphQL Subscriptions, interactive docs & collaboration).

github.com/graphcool/graphql-playground/tree/main/packages/graphql-playground-middleware-lambda

graphcool/graphql-playground

47 lines (29 loc) 1.36 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# graphql-playground-middleware-lambda > Koa middleware to expose an endpoint for the GraphQL Playground IDE > **SECURITY NOTE**: All versions of `graphql-playground-middleware-lambda` until `1.7.17` or later have a security vulnerability when unsanitized user input is used while invoking `lambdaPlayground()`. [Read more below](#security-notes) ## Installation Using yarn: ```console yarn add graphql-playground-middleware-lambda ``` Or npm: ```console npm install graphql-playground-middleware-lambda --save ``` ## Usage See full example in [examples/basic](https://github.com/prisma/graphql-playground/tree/main/packages/graphql-playground-middleware-lambda/examples/basic). minimal example: ```js const lambdaPlayground = require('graphql-playground-middleware-lambda').default exports.handler = lambdaPlayground({ endpoint: '/dev', }) ``` ## Security Notes All versions before `1.7.17` were vulnerable to user-defined input to `lambdaPlayground()`. Read more in [the security notes](https://github.com/prisma/graphql-playground/tree/SECURITY.md) ### Security Upgrade Steps To fix the issue, you can upgrade to `1.7.17`. If you aren't able to upgrade, see the security notes for a workaround. **yarn:** `yarn add graphql-playground-middleware-lambda@^1.7.17` **npm:** `npm install --save graphql-playground-middleware-lambda@^1.7.17`