Koa middleware to expose an endpoint for the GraphQL Playground IDE SECURITY NOTE: All versions of
graphql-playground-middleware-lambda
until1.7.17
or later have a security vulnerability when unsanitized user input is used while invokinglambdaPlayground()
. Read more below
Using yarn:
yarn add graphql-playground-middleware-lambda
Or npm:
npm install graphql-playground-middleware-lambda --save
See full example in examples/basic.
minimal example:
const lambdaPlayground = require('graphql-playground-middleware-lambda').default
exports.handler = lambdaPlayground({
endpoint: '/dev',
})
All versions before 1.7.17
were vulnerable to user-defined input to lambdaPlayground()
. Read more in the security notes
To fix the issue, you can upgrade to 1.7.17
. If you aren't able to upgrade, see the security notes for a workaround.
yarn:
yarn add graphql-playground-middleware-lambda@^1.7.17
npm:
npm install --save graphql-playground-middleware-lambda@^1.7.17