GraphQL is powerful, but without limits, complex queries can easily overwhelm your server.
That’s why I built graphql-complexity-validation:
a lightweight, framework-agnostic GraphQL validation rule that limits query complexity using native GraphQL validation.
✨ Features
- Zero runtime dependencies
- Fully typed (TypeScript)
- Supports fragments & inline fragments
- Introspection ignored by default
-
Works with:
- Apollo Server
- GraphQL Yoga
- Envelop
- NestJS
📦 Installation
npm install graphql-complexity-validation
🧠 How it works
Each field has a cost (default: 1).
Nested fields accumulate cost recursively.
If the total exceeds the configured maximum, validation fails.
No directives.
No schema traversal.
No framework lock-in.
🧪 Example
createComplexityLimitRule({
maxComplexity: 20,
fieldCosts: {
posts: 3,
comments: 2,
},
});
🔗 Links
- npm: https://www.npmjs.com/package/graphql-complexity-validation
- GitHub: https://github.com/Mateodiaz401/graphql-complexity-validation
Feedback, issues, and contributions are welcome 🙌
If you find it useful, please consider starring the repo ⭐
Top comments (0)