Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.
/ graphql-playground Public archive
forked from graphql/graphql-playground

🎮 GraphQL IDE for better development workflows (GraphQL Subscriptions, interactive docs & collaboration)

License

MIT license
20 stars 736 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

apollographql/graphql-playground

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,082 Commits
.github
.github
 
 
.vscode
.vscode
 
 
docs/security
docs/security
 
 
packages
packages
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
.gitleaks.toml
.gitleaks.toml
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
package.json
package.json
 
 
renovate.json
renovate.json
 
 
yarn.lock
yarn.lock
 
 

Repository files navigation

Archival

This repo was archived on 2023-05-26 by the Apollo Security team.

This is a fork of graphql/graphql-playground. Please see the upstream repository for issues and new versions.

NOTE: This is a fork of graphql-playground which is meant to be used by Apollo Server. It is not intended to be used directly. Those looking to use GraphQL Playground directly can refer to the upstream repository for usage instructions.

SECURITY WARNING: The upstream fork of graphql-playground repository had a severe XSS Reflection attack vulnerability to unsanitized user input prior to being fixed in [email protected] (note, this is a different version than we publish from this fork on @apollographql/graphql-playground-html. On the @apollographql/graphql-playground-html fork, versions prior to 1.6.25 were theoretically vulnerable if users were using those packages directly. However, the way this package was used by Apollo Server (to provide a default GraphQL Playground experience) did not provide the ability to users to have been dynamically exposed to the attack in the same way as the package's own usage instructions may have encouraged. In order for Apollo Server users to have been affected they would have to had instrumented the package as a separate middleware or explicitly put vulnerable code into the static configuration of the playground property on the ApolloServer constructor. Apollo Server does not provide any ability to do per-request playground configuration. Still, we have fixed this in @apollographql/graphql-playground-html version 1.6.25. More details are available at the upstream repository.

npm version

Future of this repository: This fork aims to be deprecated, eventually. For the upstream fork, see their announcement issue for details.

Releasing

Note: You can omit the HTML or React package instructions below if you're not intending on publishing a package.

# Install it all.
yarn

# Build it all
#   Technically the release does the build too, but I enjoy the pre-flight test.
yarn run build

# Release the @apollographql/graphql-playground-react package.
./scripts/release-react.sh

# Release the @apollographql/graphql-playground-html package.
./scripts/release-html.sh

# Add the package files that were version bumped.
# You'll find that these were altered by the release scripts.
git add ./packages/graphql-playground-react/package.json
git add ./packages/graphql-playground-html/package.json

# It's nice to use the version numbers in the commit summary!
git commit -m 'Released' # e.g. 'Released [email protected] and [email protected]'. 

# Assuming your Git remote "origin" is https://github.com/apollographql/graphql-playground/
git push origin apollo

About

🎮 GraphQL IDE for better development workflows (GraphQL Subscriptions, interactive docs & collaboration)

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

20 stars

Watchers

11 watching

Forks

18 forks
Report repository

Releases

68 tags

Packages

No packages published

Languages

  • TypeScript 84.6%
  • JavaScript 8.2%
  • HTML 6.8%
  • Other 0.4%