awesome-repositories.com
المدونة
awesome-repositories.com

اكتشف أفضل مستودعات المصادر المفتوحة باستخدام بحث مدعوم بالذكاء الاصطناعي.

استكشفعمليات بحث منسقةبدائل مفتوحة المصدربرمجيات ذاتية الاستضافةالمدونةخريطة الموقع
المشروعحولكيفية ترتيب النتائجالصحافةخادم MCP
قانونيالخصوصيةالشروط
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

11 مستودعات

Awesome GitHub RepositoriesGraphQL Security

Protective measures for GraphQL APIs including complexity and depth analysis.

Distinguishing note: Focuses on preventing resource exhaustion in GraphQL specifically.

Explore 11 awesome GitHub repositories matching security & cryptography · GraphQL Security. Refine with filters or upvote what's useful.

Awesome GraphQL Security GitHub Repositories

اعثر على أفضل المستودعات باستخدام الذكاء الاصطناعي.سنبحث عن أفضل المستودعات المطابقة باستخدام الذكاء الاصطناعي.
  • payloadcms/payloadالصورة الرمزية لـ payloadcms

    payloadcms/payload

    43,053عرض على GitHub↗

    Payload is a headless content management system and application framework that uses a code-first approach to define data schemas and administrative interfaces. By utilizing a centralized, type-safe configuration object, it automatically generates database schemas, API endpoints, and a fully customizable admin panel. The system is built on a database-agnostic architecture, allowing it to interface with various storage engines while providing a unified, type-safe API for server-side operations, REST, and GraphQL. What distinguishes Payload is its deep extensibility and developer-centric design.

    Protects GraphQL APIs by rejecting queries that exceed defined complexity thresholds.

    TypeScriptcmscontent-managementcontent-management-system
    عرض على GitHub↗43,053
  • owasp/cheatsheetseriesالصورة الرمزية لـ OWASP

    OWASP/CheatSheetSeries

    32,298عرض على GitHub↗

    The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentral

    Limits query depth and enforces field-level authorization to prevent resource exhaustion.

    Pythonapplication-securityappsecbest-practices
    عرض على GitHub↗32,298
  • shieldfy/api-security-checklistالصورة الرمزية لـ shieldfy

    shieldfy/API-Security-Checklist

    23,258عرض على GitHub↗

    This project is a comprehensive API security audit checklist and vulnerability audit framework. It provides a structured guide of security countermeasures for designing, testing, and deploying secure APIs across various protocols. The framework includes specialized guides for securing OAuth 2.0 authorization flows, implementing zero trust networking for service-to-service communication, and protecting GraphQL endpoints from resource exhaustion and information leakage. It also provides standards for integrating static analysis, dynamic scanning, and secret detection into CI/CD delivery pipelin

    Provides specialized protections for GraphQL endpoints to prevent resource exhaustion and introspection leaks.

    apijwtoauth2
    عرض على GitHub↗23,258
  • casbin/casbinالصورة الرمزية لـ casbin

    casbin/casbin

    19,848عرض على GitHub↗

    Casbin is an authorization library that provides a model-based engine for enforcing access control across diverse application environments. It decouples authorization logic from application code by using a configuration-driven approach, allowing developers to define access rules and evaluation logic independently. The system supports a wide range of access control models, including role-based, attribute-based, and relationship-based patterns, which are evaluated at runtime to determine if a subject is permitted to perform an action on a resource. The project distinguishes itself through a hig

    Intercepts GraphQL requests before they reach resolvers to validate permissions against defined authorization policies.

    Goabacaccess-controlacl
    عرض على GitHub↗19,848
  • chentsulin/awesome-graphqlالصورة الرمزية لـ chentsulin

    chentsulin/awesome-graphql

    14,975عرض على GitHub↗

    Awesome GraphQL is a curated directory and resource collection for the GraphQL ecosystem. It serves as a central index for developers to discover libraries, tools, and specifications required for building, testing, and managing data layer implementations across various programming languages. The repository provides access to a comprehensive range of utilities that support the entire GraphQL lifecycle. This includes resources for server-side API development, client-side integration, and schema management. It also highlights tools for security enforcement, such as rate limiting and input valida

    Highlights security measures for GraphQL APIs including rate limiting and permission enforcement.

    awesomeawesome-listgraphql
    عرض على GitHub↗14,975
  • howtographql/howtographqlالصورة الرمزية لـ howtographql

    howtographql/howtographql

    8,708عرض على GitHub↗

    This project is a comprehensive educational resource and fullstack tutorial for GraphQL development. It provides instructional content and guides focused on designing schemas, implementing servers, and managing the end-to-end workflow of building production-ready applications. The material covers the conceptual differences between graph-based data structures and traditional API architectures. It includes a dedicated security course and guides for client integration, teaching users how to fetch data, manage application state, and apply protection measures to secure API endpoints. The scope of

    Includes a dedicated course on applying authentication and protection measures to secure API endpoints.

    TypeScriptapollographqlgraphqlprisma
    عرض على GitHub↗8,708
  • graphql-hive/graphql-yogaالصورة الرمزية لـ graphql-hive

    graphql-hive/graphql-yoga

    8,523عرض على GitHub↗

    Yoga is a GraphQL server framework and runtime-agnostic HTTP handler used to build and deploy GraphQL APIs. It functions as a toolkit for managing schemas and resolvers, providing a spec-compliant environment for hosting APIs across diverse JavaScript runtimes, including Node.js, Deno, Bun, and serverless cloud environments. The project distinguishes itself through its ability to act as an Apollo Federation gateway, composing multiple subgraphs into a single unified supergraph. It also serves as a dedicated subscription server, delivering real-time data streaming via both WebSockets and Serve

    Protects APIs using complexity and depth analysis, internal error masking, and persisted operation enforcement.

    TypeScriptbundenofetch
    عرض على GitHub↗8,523
  • 19majkel94/type-graphqlالصورة الرمزية لـ 19majkel94

    19majkel94/type-graphql

    8,088عرض على GitHub↗

    Type-graphql is a framework for building GraphQL servers that uses TypeScript classes as the single source of truth for schema definitions and types. It provides a schema generator and a resolver framework that allows developers to define queries and mutations using class-based controllers and decorators. The project focuses on a schema-first approach where TypeScript classes and metadata reflection are used to automatically derive GraphQL schemas. It incorporates a dependency injection container to manage the instantiation and lifecycle of resolver classes. The system includes a middleware

    Ships a system of authorization interceptors to restrict access to resolvers via guards.

    TypeScript
    عرض على GitHub↗8,088
  • vendurehq/vendureالصورة الرمزية لـ vendurehq

    vendurehq/vendure

    7,924عرض على GitHub↗

    Vendure is a Node.js e-commerce engine and headless commerce framework built with NestJS and TypeScript. It serves as a multi-channel commerce platform that manages product catalogs, orders, and customers via a strongly typed GraphQL API. The platform is distinguished by its highly extensible architecture, featuring a customizable administrative dashboard where developers can inject custom React components and entity views. It supports multi-channel commerce, allowing the isolation of products, currencies, and regional catalogs from a single unified backend. The engine covers a broad range o

    Protects GraphQL APIs by disabling schema introspection and enforcing query complexity limits.

    TypeScriptecommerceecommerce-apiecommerce-framework
    عرض على GitHub↗7,924
  • rmosolgo/graphql-rubyالصورة الرمزية لـ rmosolgo

    rmosolgo/graphql-ruby

    5,448عرض على GitHub↗

    GraphQL-Ruby هو مكتبة Ruby لبناء واجهات برمجة تطبيقات GraphQL بمخطط مكتوب بقوة ومحرك تنفيذ استعلام مخصص. يوفر إطار عمل شاملاً لربط كائنات التطبيق بنظام أنواع رسمي، مما يتيح جلب البيانات المهيكلة من خلال أدوات حل (Resolvers) محددة. يتميز المشروع بآليات متقدمة للأداء والتسليم، بما في ذلك محمل بيانات (Data Loader) للتجميع والتخزين المؤقت لمنع أنماط استعلام N+1. يدعم تسليم البيانات عالي الأداء من خلال بث الاستجابة التزايدي، واستجابات الاستعلام المؤجلة، وجلب البيانات المتوازي باستخدام الألياف (Fibers). بالإضافة إلى ذلك، يوفر دعماً أصلياً لاتفاقيات Relay، بما في ذلك مساعدين متخصصين للاتصالات وتحديد الكائنات. تغطي المكتبة مساحة واسعة من إدارة واجهة برمجة التطبيقات، وتتميز بالتحكم الدقيق في الوصول، وإصدار المخطط للحفاظ على التوافق مع الإصدارات السابقة، والتحديثات في الوقت الفعلي عبر الاشتراكات. كما تتضمن أدوات إدارة حركة المرور لحماية موارد الخادم، مثل تحديد تعقيد الاستعلام وتحديد معدل الطلب. يتم دعم التطوير وقابلية المراقبة من خلال أدوات تحليل AST، وتتبع التنفيذ، وأدوات اختبار متخصصة للتحقق من التحميل المجمع.

    Provides protective measures including complexity analysis, depth limiting, and object-level authorization to secure the API.

    Ruby
    عرض على GitHub↗5,448
  • graph-gophers/graphql-goالصورة الرمزية لـ graph-gophers

    graph-gophers/graphql-go

    4,755عرض على GitHub↗

    graphql-go is a schema-first GraphQL library and server implementation for Go. It provides a query execution engine and schema parser that converts schema definition strings into executable structures and validates resolver signatures. The library also includes a streaming implementation for real-time GraphQL subscriptions using channels within resolvers. The project distinguishes itself through parallel resolver execution to reduce request latency and the use of buffer-pool memory management to lower garbage collection overhead. It enables the creation of cloneable schema instances from a sh

    Protects GraphQL APIs from resource exhaustion by limiting query depth and complexity.

    Go
    عرض على GitHub↗4,755
  1. Home
  2. Security & Cryptography
  3. GraphQL Security

استكشف الوسوم الفرعية

  • Authorization InterceptorsMiddleware or hooks that validate GraphQL requests against security policies before execution. **Distinct from GraphQL Security:** Distinct from GraphQL Security: focuses on authorization policy enforcement rather than complexity or depth analysis.