graphql-playground-middleware-lambda-patched
v1.10.1
Published
GraphQL IDE for better development workflows (GraphQL Subscriptions, interactive docs & collaboration).
Downloads
20
Maintainers
Readme
graphql-playground-middleware-lambda
Koa middleware to expose an endpoint for the GraphQL Playground IDE SECURITY NOTE: All versions of
graphql-playground-middleware-lambda
until1.7.17
or later have a security vulnerability when unsanitized user input is used while invokinglambdaPlayground()
. Read more below
Installation
Using yarn:
yarn add graphql-playground-middleware-lambda
Or npm:
npm install graphql-playground-middleware-lambda --save
Usage
See full example in examples/basic.
minimal example:
const lambdaPlayground = require('graphql-playground-middleware-lambda').default
exports.handler = lambdaPlayground({
endpoint: '/dev',
})
Security Notes
All versions before 1.7.17
were vulnerable to user-defined input to lambdaPlayground()
. Read more in the security notes
Security Upgrade Steps
To fix the issue, you can upgrade to 1.7.17
. If you aren't able to upgrade, see the security notes for a workaround.
yarn:
yarn add graphql-playground-middleware-lambda@^1.7.17
npm:
npm install --save graphql-playground-middleware-lambda@^1.7.17