DEV Community

Tristan Kalos
Tristan Kalos

Posted on

12 7

GraphQL Armor: A middleware to make your GraphQL endpoints secure

tl;dr we released github.com/Escape-Technologies/graphql-armor, a developer friendly, free and open source middleware that adds a security layer to any js-based GraphQL server.

"GraphQL is less secure than most REST APIs"

This is something we have heard a lot since GraphQL's inception in 2015.

Our security research team confirmed this when spending a year on evaluating security in the GraphQL ecosystem. (I even gave a talk about the results at GraphQL SF 2022)

We decided the GraphQL ecosystem deserved to be more secure and created GraphQL Armor, a developer friendly middleware that quickly adds a security layer to any js-based GraphQL server.

Out-of-the-box, you get protection against:

  • Bruteforcing
  • Query complexity attacks (Depth, Width, cyclomatic complexity)
  • Information Disclosure (Schema leaks)

But more is to come, we are adding protection against new attacks every week 😎

Link to the repo: https://github.com/Escape-Technologies/graphql-armor

If you use GraphQL, feel free to help us by staring and contributing 🤩

Image of Timescale

🚀 pgai Vectorizer: SQLAlchemy and LiteLLM Make Vector Search Simple

We built pgai Vectorizer to simplify embedding management for AI applications—without needing a separate database or complex infrastructure. Since launch, developers have created over 3,000 vectorizers on Timescale Cloud, with many more self-hosted.

Read full post →

Top comments (1)

Collapse
 
tristankalos profile image
Tristan Kalos •

Also we are very reactive as maintainers so do not hesitate to open issues!

Postmark Image

Speedy emails, satisfied customers

Are delayed transactional emails costing you user satisfaction? Postmark delivers your emails almost instantly, keeping your customers happy and connected.

Sign up