graphql-depth-limit

A GraphQL validation rule that limits the total depth of incoming queries to prevent cyclical or excessively deep queries that could cause denial-of-service attacks. Version 1.1.0 is the latest stable release. Maintained as needed (no recent commits). Compared to alternatives like graphql-query-complexity or graphql-validation-complexity which assign per-field or per-type costs, this library uses a simpler depth-based metric that can catch exponential complexity growth, e.g. from repeated joins. Works with any GraphQL server that supports validation rules, such as express-graphql and koa-graphql.