Depth limiting helps stop queries from asking for too much nested data. This keeps the system fast and safe.
const depthLimit = require('graphql-depth-limit'); const server = new ApolloServer({ typeDefs, resolvers, validationRules: [depthLimit(3)] });
This example uses the graphql-depth-limit package with Apollo Server.
The number 3 means queries can only go 3 levels deep.
validationRules: [depthLimit(2)]validationRules: [depthLimit(5)]validationRules: [depthLimit(1)]This sets up a GraphQL server that limits queries to 2 levels deep. Queries asking for more nested data will be rejected.
const { ApolloServer, gql } = require('apollo-server'); const depthLimit = require('graphql-depth-limit'); const typeDefs = gql` type Query { user: User } type User { id: ID name: String posts: [Post] } type Post { id: ID title: String comments: [Comment] } type Comment { id: ID content: String } `; const resolvers = { Query: { user: () => ({ id: '1', name: 'Alice', posts: [ { id: '101', title: 'Hello World', comments: [ { id: '1001', content: 'Nice post!' }, { id: '1002', content: 'Thanks for sharing.' } ] } ] }) } }; const server = new ApolloServer({ typeDefs, resolvers, validationRules: [depthLimit(2)] }); server.listen().then(({ url }) => { console.log(`Server ready at ${url}`); });
Depth limiting helps protect your server from very complex queries.
Choose the depth limit based on how much nested data your app needs.
Too low a limit might block useful queries; too high might allow heavy loads.
Depth limiting stops queries from going too deep.
It keeps your server safe and fast.
Use it by adding validation rules in your GraphQL server setup.