graphql-no-batched-queries

GraphQL validation rule to prevent batched queries and mutations, mitigating denial-of-service and brute-force attacks. Current version is 2.0.2, released with TypeScript type definitions and supporting GraphQL v16+. The rule limits the number of root operation fields per request (default 1) and supports custom error messages. Unlike rate-limiting middleware, this is a validation-only approach that integrates directly into GraphQL execution pipelines (e.g., express-graphql, graphql-yoga, graphql-http). Also offers an optional Envelop plugin.