- Home
- Skills
- Physics91
- Claude Vibe
- Graphql Reviewer
graphql-reviewer_skill
- TypeScript
1
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill physics91/claude-vibe --skill graphql-reviewer- SKILL.md13.1 KB
Overview
This skill reviews GraphQL schemas, resolvers, and operations to find performance, correctness, and security problems. It focuses on N+1 detection, query complexity limits, input validation, error handling, and recommended DataLoader patterns. The goal is concrete, prioritized recommendations you can apply to Apollo, Yoga, or Mercurius servers.
How this skill works
The reviewer scans schema files, resolver code, and dependency manifests to detect patterns like per-item resolvers, missing DataLoader usage, unbounded lists, and absent complexity rules. It analyzes resolver implementation for excessive fetching, selection-set ignorance, mutation-in-query anti-patterns, and missing input validation. The output is a concise audit with severity-classified findings and actionable fixes (e.g., DataLoader, Prisma selects, depth/complexity plugins).
When to use it
- When auditing GraphQL schema design or resolver implementations
- When you see terms like N+1, DataLoader, query complexity, or pagination requests
- When project contains .graphql/.gql files or graphql package in dependencies
- During security reviews focusing on DoS, injection, or error leakage risks
- Before production rollout of a GraphQL API or after performance regressions are observed
Best practices
- Batch relationship resolvers with DataLoader or use ORM includes to avoid N+1
- Enforce query depth and complexity limits and add rate limiting in production
- Require cursor-based pagination for large lists; use offset only for small datasets
- Validate and sanitize all mutation inputs server-side (Zod/Yup/schema directives)
- Return structured GraphQL errors with codes and avoid exposing internal stack traces
Example use cases
- Find and fix N+1 issues in post→author and user→posts resolvers using DataLoader or Prisma include
- Add depth-limit and complexity plugins to prevent expensive queries and DoS vectors
- Convert unbounded list fields to Relay-style cursor pagination with totalCount and PageInfo
- Replace raw thrown errors with GraphQLError subclasses including extension codes for client handling
- Add server-side input validation for create/update mutations and map GraphQL input to validated DTOs
FAQ
Yes. The reviewer supports both code-first and SDL-first patterns and detects resolver-level and schema-level issues.
Does it recommend specific libraries or configurations?
It recommends practical fixes such as DataLoader for batching, Prisma selects or ORM includes, graphql-depth-limit, graphql-query-complexity plugins, Zod/Yup for validation, and structured GraphQLError usage.