S
SkillsMD 发现、学习和掌握最新的 AI 技术 Skills。基于真实社区数据,为开发者提供最权威的 AI 工具导航。
关于 聚焦 AI 技术 Skills 每周数据更新 中英双语文档 © 2026 SkillsMD. All rights reserved.
GraphQL专家最佳实践指南:性能优化、安全与模式设计规则 | SkillsMD
首页 / Skills / graphql-expert-best-practices GraphQL专家最佳实践指南:性能优化、安全与模式设计规则 graphql-expert-best-practices by wispbit-ai/skills
npx skills add https://github.com/wispbit-ai/skills --skill graphql-expert-best-practices🇨🇳 中文介绍 GraphQL 专家最佳实践
GraphQL API 的全面性能优化与最佳实践指南。包含解析器优化、查询性能、数据获取模式和模式设计的规则,按影响优先级排序,以指导自动化重构和代码生成。
适用场景
在以下情况下参考本指南:
编写 GraphQL 模式、解析器或类型定义时
实现数据获取和解析器逻辑时
审查 GraphQL 代码以查找性能问题时
重构现有 GraphQL API 时
优化查询执行或解析器性能时
设计 GraphQL 服务器架构时
按优先级划分的规则类别
优先级 类别 影响程度 前缀 1 查询优化 关键 dataloader-2 模式设计 关键-高 schema-3 变更设计 关键-高
广告位招租
在这里展示您的产品或服务
触达数万 AI 开发者,精准高效
联系我们
快速参考
dataloader-n-plus-one - 使用 DataLoader 批量查询,防止 N+1 性能问题query-unique-identifiers - 使用唯一标识符而非复合参数,简化 API 接口schema-no-json-filters - 禁止任意 JSON 过滤标量,防止 NoSQL 注入漏洞schema-no-binary-data - 避免在模式中使用大型二进制数据,防止负载膨胀和内存问题schema-stable-identifiers - 使用全局稳定的不透明标识符,防止信息泄露和枚举攻击schema-structured-types - 使用结构化类型而非非结构化 String/JSON 字段,提高类型安全性schema-split-types-by-role - 按角色拆分类型,防止隐私字段泄露并消除运行时授权schema-prefer-deprecation - 优先使用弃用而非版本控制,实现持续 API 演进schema-field-overload - 避免查看者与用户之间的字段重载,防止安全问题并提高 API 清晰度schema-minimize-nullable-args - 最小化可为空参数,提高 API 清晰度和类型安全性schema-no-duplicate-fields - 防止通过嵌套对象访问重复字段,维护单一数据源mutation-no-file-uploads - 避免通过 GraphQL 上传文件,防止内存耗尽和安全漏洞mutation-single-input-object - 使用单个输入对象参数而非多个标量,提高 API 可演进性mutation-union-result-types - 返回包含专用成功和特定错误类型的联合类型,实现类型安全的错误处理mutation-explicit-actions - 围绕显式操作而非通用更新模式设计变更mutation-separate-input-types - 为创建和更新操作分离输入类型,提高类型安全性mutation-avoid-validation-scalars - 避免自定义验证标量,防止多请求错误循环pagination-no-default-totalcount - 避免在连接中默认包含 totalCount,防止性能下降security-complexity-limits - 要求设置复杂度和查询节点限制,防止资源耗尽攻击security-disable-introspection - 在生产环境中禁用自省,防止模式泄露operations-require-client-headers - 要求客户端标识头信息,便于调试和监控
使用方法 rules/dataloader-n-plus-one.md
rules/query-unique-identifiers.md
rules/schema-no-json-filters.md
rules/schema-no-binary-data.md
rules/schema-stable-identifiers.md
rules/schema-structured-types.md
rules/schema-split-types-by-role.md
rules/schema-prefer-deprecation.md
rules/schema-field-overload.md
rules/schema-minimize-nullable-args.md
rules/schema-no-duplicate-fields.md
rules/mutation-no-file-uploads.md
rules/mutation-single-input-object.md
rules/mutation-union-result-types.md
rules/mutation-explicit-actions.md
rules/mutation-separate-input-types.md
rules/mutation-avoid-validation-scalars.md
rules/pagination-no-default-totalcount.md
rules/security-complexity-limits.md
rules/security-disable-introspection.md
rules/operations-require-client-headers.md
规则重要性的简要说明
何时使用及何时不使用该模式
实现要求
错误代码示例及说明
正确代码示例及说明
额外上下文和参考资料
🇺🇸 English GraphQL Expert Best Practices
Comprehensive performance optimization and best practices guide for GraphQL APIs. Contains rules for resolver optimization, query performance, data fetching patterns, and schema design, prioritized by impact to guide automated refactoring and code generation.
When to Apply
Reference these guidelines when:
Writing GraphQL schemas, resolvers, or type definitions
Implementing data fetching and resolver logic
Reviewing GraphQL code for performance issues
Refactoring existing GraphQL APIs
Optimizing query execution or resolver performance
Designing GraphQL server architecture
Rule Categories by Priority
Priority Category Impact Prefix 1 Query Optimization CRITICAL dataloader-2 Schema Design CRITICAL-HIGH schema-3 Mutation Design CRITICAL-HIGH mutation-4 Pagination HIGH pagination-5 Security CRITICAL-MEDIUM security-6 Operations MEDIUM operations-
Quick Reference
dataloader-n-plus-one - Use DataLoader to batch queries and prevent N+1 performance issuesquery-unique-identifiers - Use unique identifiers over composite parameters to simplify API surfaceschema-no-json-filters - Ban arbitrary JSON filter scalars to prevent NoSQL injection vulnerabilitiesschema-no-binary-data - Avoid large binary data in schema to prevent payload bloat and memory issuesschema-stable-identifiers - Use globally stable opaque identifiers to prevent information leakage and enumeration attacksschema-structured-types - Use structured types over unstructured String/JSON fields to improve type safetyschema-split-types-by-role - Split types by role to prevent privacy field leakage and eliminate runtime authorizationschema-prefer-deprecation - Prefer deprecation over versioning to enable continuous API evolution
How to Use
Read individual rule files for detailed explanations and code examples:
rules/dataloader-n-plus-one.md
rules/query-unique-identifiers.md
rules/schema-no-json-filters.md
rules/schema-no-binary-data.md
rules/schema-stable-identifiers.md
rules/schema-structured-types.md
rules/schema-split-types-by-role.md
rules/schema-prefer-deprecation.md
rules/schema-field-overload.md
rules/schema-minimize-nullable-args.md
rules/schema-no-duplicate-fields.md
rules/mutation-no-file-uploads.md
rules/mutation-single-input-object.md
rules/mutation-union-result-types.md
rules/mutation-explicit-actions.md
rules/mutation-separate-input-types.md
rules/mutation-avoid-validation-scalars.md
rules/pagination-no-default-totalcount.md
rules/security-complexity-limits.md
rules/security-disable-introspection.md
rules/operations-require-client-headers.md
Each rule file contains:
Brief explanation of why it matters
When to use and when not to use the pattern
Implementation requirements
Incorrect code example with explanation
Correct code example with explanation
Additional context and references
Weekly Installs
91
Repository
wispbit-ai/skills
GitHub Stars
6
First Seen
Feb 10, 2026
Security Audits
Gen Agent Trust HubPass SocketPass SnykPass
Installed on
opencode91
cursor85
claude-code80
codex25
kimi-cli25
gemini-cli24
lark-cli 共享规则:飞书资源操作指南与权限配置详解
39,000 周安装
schema-field-overload - Avoid field overloads for viewer vs user to prevent security issues and improve API clarity
schema-minimize-nullable-args - Minimize nullable arguments to improve API clarity and type safety
schema-no-duplicate-fields - Prevent duplicate fields accessible through nested objects to maintain single source of truth
mutation-no-file-uploads - Avoid file uploads through GraphQL to prevent memory exhaustion and security vulnerabilities
mutation-single-input-object - Use single input object argument instead of multiple scalars to improve API evolvability
mutation-union-result-types - Return union types with dedicated success and specific error types for type-safe error handling
mutation-explicit-actions - Design mutations around explicit actions rather than generic update patterns
mutation-separate-input-types - Separate input types for create and update to improve type safety
mutation-avoid-validation-scalars - Avoid custom validation scalars to prevent multi-request error loops
pagination-no-default-totalcount - Avoid default totalCount in connections to prevent performance degradation
security-complexity-limits - Require complexity and query node limits to prevent resource exhaustion attacks
security-disable-introspection - Disable introspection in production to prevent schema disclosure
operations-require-client-headers - Require client identification headers for debugging and monitoring