Block field suggestions

Prevent returning field suggestions and leaking your schema to unauthorized actors.

In production, this can lead to Schema leak even if the introspection is disabled.

Block field suggestions
- Configuring for GraphQL Armor
- Standalone usage
  - Installation
  - With @envelop/core from @the-guild-org
    - Using the default mask
    - Using custom mask

Configuring for GraphQL Armor

GraphQLArmorConfig({
  blockFieldSuggestion: {
    // Toogle the plugin | default: true
    enabled?: boolean,
    
    // Mask applied to the error message | default: '[Suggestion hidden]'
    mask?: string,
  }
})

Standalone usage

Installation

note

If you want to use the blockFieldSuggestion plugin out of GraphQL Armor, you can install it from npm:

# npm
npm install @escape.tech/graphql-armor-block-field-suggestions

# yarn
yarn add @escape.tech/graphql-armor-block-field-suggestions

With `@envelop/core` from `@the-guild-org`

Using the default mask

import { envelop } from '@envelop/core';
import { blockFieldSuggestionsPlugin } from '@escape.tech/graphql-armor-block-field-suggestions';

const getEnveloped = envelop({
  plugins: [
    // ... other plugins ...
    blockFieldSuggestionsPlugin(),
  ]
});

Using custom mask

import { envelop } from '@envelop/core';
import { blockFieldSuggestionsPlugin } from '@escape.tech/graphql-armor-block-field-suggestions';

const getEnveloped = envelop({
  plugins: [
    // ... other plugins ...
    blockFieldSuggestionsPlugin({
        mask: '<[REDACTED]>'
    }),
  ]
});

Block field suggestions

Configuring for GraphQL Armor​

Standalone usage​

Installation​

With @envelop/core from @the-guild-org​

Using the default mask​

Using custom mask​