Max Depth

Limit the depth of a GraphQL document.

It is used to prevent too large queries that could lead to overfetching or DOS attack.

How to use?

Install the plugin:


npm install @escape.tech/graphql-armor-max-depth


pnpm add @escape.tech/graphql-armor-max-depth


yarn add @escape.tech/graphql-armor-max-depth


bun add @escape.tech/graphql-armor-max-depth

Then, add it to your plugins:

gateway.config.ts


import { maxDepthPlugin } from '@escape.tech/graphql-armor-max-depth'
import { defineConfig } from '@graphql-hive/gateway'
 
export const gatewayConfig = defineConfig({
  plugins: () => [
    maxDepthPlugin({
      // Toggle the plugin | Default: true
      enabled: true,
      // Depth threshold | default: 6
      n: 6,
      // Do you want to propagate the rejection to the client? | default: true
      propagateOnRejection: true,
      // List of queries that are allowed to bypass the plugin
      allowList: [],
 
      /* Advanced options (use here on your own risk) */
 
      // Callbacks that are ran whenever a Query is accepted
      onAccept: [],
 
      // Callbacks that are ran whenever a Query is rejected
      onReject: []
    })
  ]
})

References

https://github.com/advisories/GHSA-mh3m-8c74-74xh