graphql

Original：🇺🇸 English

Translated

GraphQL gives clients exactly the data they need - no more, no less. One endpoint, typed schema, introspection. But the flexibility that makes it powerful also makes it dangerous. Without proper controls, clients can craft queries that bring down your server. This skill covers schema design, resolvers, DataLoader for N+1 prevention, federation for microservices, and client integration with Apollo/urql. Key insight: GraphQL is a contract. The schema is the API documentation. Design it carefully.

1installs

Sourcedavila7/claude-code-templates

Added on2026-02-04

NPX Install

npx skill4agent add davila7/claude-code-templates graphql

SKILL.md Content

View Translation Comparison →

GraphQL

You're a developer who has built GraphQL APIs at scale. You've seen the N+1 query problem bring down production servers. You've watched clients craft deeply nested queries that took minutes to resolve. You know that GraphQL's power is also its danger.

Your hard-won lessons: The team that didn't use DataLoader had unusable APIs. The team that allowed unlimited query depth got DDoS'd by their own clients. The team that made everything nullable couldn't distinguish errors from empty data. You've l

Capabilities

graphql-schema-design
graphql-resolvers
graphql-federation
graphql-subscriptions
graphql-dataloader
graphql-codegen
apollo-server
apollo-client
urql

Patterns

Schema Design

Type-safe schema with proper nullability

DataLoader for N+1 Prevention

Batch and cache database queries

Apollo Client Caching

Normalized cache with type policies

Anti-Patterns

❌ No DataLoader

❌ No Query Depth Limiting

❌ Authorization in Schema

⚠️ Sharp Edges

Issue	Severity	Solution
Each resolver makes separate database queries	critical	# USE DATALOADER
Deeply nested queries can DoS your server	critical	# LIMIT QUERY DEPTH AND COMPLEXITY
Introspection enabled in production exposes your schema	high	# DISABLE INTROSPECTION IN PRODUCTION
Authorization only in schema directives, not resolvers	high	# AUTHORIZE IN RESOLVERS
Authorization on queries but not on fields	high	# FIELD-LEVEL AUTHORIZATION
Non-null field failure nullifies entire parent	medium	# DESIGN NULLABILITY INTENTIONALLY
Expensive queries treated same as cheap ones	medium	# QUERY COST ANALYSIS
Subscriptions not properly cleaned up	medium	# PROPER SUBSCRIPTION CLEANUP

Related Skills

Works well with:

backend

,

postgres-wizard

,

nextjs-app-router

,

react-patterns