Apollo

About

Apollo provides the following features which should be taken into consideration:

Field Suggestions	Query Depth Limit	Query Cost Analysis	Automatic Persisted Queries	Introspection	Debug Mode	Batch Requests
✅ Enabled by Default	⚠️ Disabled by Default (Supported via External Libraries)	⚠️ Disabled by Default (Supported via External Libraries)	⚠️ Disabled by Default	✅ Enabled if NODE_ENV is not set to 'production'	✅ exception.stacktrace exists if NODE_ENV is not set to 'production' or 'test'	✅ Enabled by Default

Total Validation Count: 34

Apollo is based on graphql-js which validates the following checks when a query is sent:

Document Validations	Operation Validations	Field Validations	Argument Validations	Fragment Validations	Value Validations	Directive Validations	Variable Validations
Executable Definitions	Lone Anonymous Operation	Fields On Correct Type	Known Argument Names	Fragments On Composite Types	Known Type Names	Known Directives	No Undefined Variables
Lone Schema Definition	Unique Operation Names	Overlapping Fields Can Be Merged	Provided Required Arguments	Known Fragment Names	Possible Type Extensions	Unique Directive Names	No Unused Variables
	Unique Operation Types	Scalar Leafs	Unique Argument Definition Names	No Fragment Cycles	Unique Enum Value Names	Unique Directives Per Location	Unique Variable Names
		Single Field Subscriptions	Unique Argument Names	No Unused Fragments	Unique Type Names		Variables Are Input Types
		Unique Field Definition Names		Possible Fragment Spreads	Values Of Correct Type		Variables In Allowed Position
				Unique Fragment Names	Unique Input Field Names

CVE ID	Date	Score	Description
CVE-2021-41249	2021-11-04	7.1	Cross-site Scripting Vulnerability in GraphQL Playground (distributed by Apollo Server)
-	2020-05-04	Moderate	Schema validation rules are not passed to the subscription server, including rules that restrict introspection