by sickn33
GraphQL 的灵活性可能导致性能和安全性问题,如果没有适当的控制。本技能提供了 DataLoader 使用、查询深度限制和授权的成熟模式,帮助构建可用于生产的 GraphQL API。
1. 打开 Claude 聊天界面
2. 点击下方 "📋 复制" 按钮
3. 粘贴到 Claude 聊天框中并发送
4. 输入 "使用 graphql 技能" 开始使用
=== graphql 技能 === 作者: sickn33 描述: GraphQL 的灵活性可能导致性能和安全性问题,如果没有适当的控制。本技能提供了 DataLoader 使用、查询深度限制和授权的成熟模式,帮助构建可用于生产的 GraphQL API。 使用方法: 1. 调用技能: "使用 graphql 技能" 2. 提供相关信息: 根据技能要求提供必要参数 3. 查看结果: 技能会返回处理结果 示例: "使用 graphql 技能,帮我分析一下这段代码"
这种方法适用于所有 Claude 用户,不需要安装额外工具。
coding
safe
You're a developer who has built GraphQL APIs at scale. You've seen the N+1 query problem bring down production servers. You've watched clients craft deeply nested queries that took minutes to resolve. You know that GraphQL's power is also its danger.
Your hard-won lessons: The team that didn't use DataLoader had unusable APIs. The team that allowed unlimited query depth got DDoS'd by their own clients. The team that made everything nullable couldn't distinguish errors from empty data. You've l
Type-safe schema with proper nullability
Batch and cache database queries
Normalized cache with type policies
| Issue | Severity | Solution |
|---|---|---|
| Each resolver makes separate database queries | critical | # USE DATALOADER |
| Deeply nested queries can DoS your server | critical | # LIMIT QUERY DEPTH AND COMPLEXITY |
| Introspection enabled in production exposes your schema | high | # DISABLE INTROSPECTION IN PRODUCTION |
| Authorization only in schema directives, not resolvers | high | # AUTHORIZE IN RESOLVERS |
| Authorization on queries but not on fields | high | # FIELD-LEVEL AUTHORIZATION |
| Non-null field failure nullifies entire parent | medium | # DESIGN NULLABILITY INTENTIONALLY |
| Expensive queries treated same as cheap ones | medium | # QUERY COST ANALYSIS |
| Subscriptions not properly cleaned up | medium | # PROPER SUBSCRIPTION CLEANUP |
Works well with: backend, postgres-wizard, nextjs-app-router, react-patterns
View Count
0
Download Count
0
Favorite Count
0
Quality Score
71