graphql/graphql-js

• 312 files indexed
• 1309 code symbols extracted
• 6846 symbol references tracked
• 0 active memories (0 core, 0 stale)
• Languages: typescript (275), javascript (37)

These are the symbols your codebase depends on most. Changes here have the largest blast radius.

• GraphQLError — 117 references
• parse — 75 references
• GraphQLObjectType — 66 references
• inspect — 48 references
• naturalCompare — 44 references
• GraphQLSchema — 43 references
• devAssert — 38 references
• isNonNullType — 36 references
• invariant — 34 references
• isObjectType — 31 references

Core architectural files — imported by many others.

• src/error/GraphQLError.ts (1.00)
• src/jsutils/invariant.ts (0.75)
• src/language/kinds.ts (0.65)
• src/language/location.ts (0.59)
• src/jsutils/inspect.ts (0.55)
• src/type/definition.ts (0.53)
• src/jsutils/isObjectLike.ts (0.52)
• src/validation/_tests_/harness.ts (0.40)
• src/language/parser.ts (0.39)
• src/utilities/buildASTSchema.ts (0.33)

Named functions with zero detected references. Could be dead code, public API exports, or referenced dynamically.

• collectFieldsImpl — src/execution/collectFields.ts:88
• shouldIncludeNode — src/execution/collectFields.ts:165
• doesFragmentConditionMatch — src/execution/collectFields.ts:188
• getFieldEntryKey — src/execution/collectFields.ts:210
• UniqueFragmentNamesRule — src/validation/rules/UniqueFragmentNamesRule.ts:14
• UniqueOperationNamesRule — src/validation/rules/UniqueOperationNamesRule.ts:14
• UniqueVariableNamesRule — src/validation/rules/UniqueVariableNamesRule.ts:14
• KnownFragmentNamesRule — src/validation/rules/KnownFragmentNamesRule.ts:15
• NoUndefinedVariablesRule — src/validation/rules/NoUndefinedVariablesRule.ts:15
• LoneAnonymousOperationRule — src/validation/rules/LoneAnonymousOperationRule.ts:16

• src/error/GraphQLError.ts (1.00)
• src/jsutils/invariant.ts (0.75)
• src/language/kinds.ts (0.65)
• src/language/location.ts (0.59)
• src/jsutils/inspect.ts (0.55)

Critical (6)

• Command injection risk — integrationTests/integration-test.js:37
• exec(cp -R ${projectPath} ${tmpDir});
• Command injection risk — resources/diff-npm-package.js:86
• const hash = exec(git rev-parse "${revision}");
• Command injection risk — resources/diff-npm-package.js:91
• exec(git archive "${hash}" | tar -xC "${repoDir}");
• Command injection risk — resources/gen-changelog.js:104
• return exec(git rev-parse ${tag}^{});
• Command injection risk — resources/gen-changelog.js:108
• const commitWithParents = exec(git rev-list --parents -n 1 ${commit});
• Command injection risk — resources/gen-changelog.js:119
• return exec(git rev-parse ${ref});

High (6)

• SQL injection (template literal) — integrationTests/integration-test.js:37
• exec(cp -R ${projectPath} ${tmpDir});
• SQL injection (template literal) — resources/diff-npm-package.js:86
• const hash = exec(git rev-parse "${revision}");
• SQL injection (template literal) — resources/diff-npm-package.js:91
• exec(git archive "${hash}" | tar -xC "${repoDir}");
• SQL injection (template literal) — resources/gen-changelog.js:104
• return exec(git rev-parse ${tag}^{});
• SQL injection (template literal) — resources/gen-changelog.js:108
• const commitWithParents = exec(git rev-list --parents -n 1 ${commit});
• SQL injection (template literal) — resources/gen-changelog.js:119
• return exec(git rev-parse ${ref});

• Before refactoring GraphQLError, run sverklo_impact to see the 117 call sites
• src/error/GraphQLError.ts is your most-imported file — changes here cascade widely
• 15+ potential orphans detected — audit for dead code