PHPackages yireo/magento2-custom-graph-ql-query-limiter - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [API Development](/categories/api) 4. / 5. yireo/magento2-custom-graph-ql-query-limiter ActiveMagento2-module[API Development](/categories/api) yireo/magento2-custom-graph-ql-query-limiter ============================================ Magento 2 module to sync a GraphQL session with the regular session 0.0.6(9mo ago)534.0k↑30%5OSL-3.0PHPPHP ^8.0CI passing Since Feb 18Pushed 9mo ago1 watchersCompare [ Source](https://github.com/yireo/Yireo_CustomGraphQlQueryLimiter)[ Packagist](https://packagist.org/packages/yireo/magento2-custom-graph-ql-query-limiter)[ Docs](https://github.com/yireo/Yireo_CustomGraphQlQueryLimiter)[ Fund](https://www.paypal.me/yireo)[ GitHub Sponsors](https://github.com/yireo)[ RSS](/packages/yireo-magento2-custom-graph-ql-query-limiter/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (5)Dependencies (5)Versions (7)Used By (0) Yireo CustomGraphQlQueryLimiter =============================== [](#yireo-customgraphqlquerylimiter) Magento 2 module to customize settings for the GraphQL Query Limiter to enhance performance and security of your headless Magento. ### Installation [](#installation) Install via composer (`composer require yireo/magento2-custom-graph-ql-query-limiter`), enable the module `Yireo_CustomGraphQlQueryLimiter`, refresh caching and do your magic with DI compilation, static content and database upgrades. ### Usage [](#usage) The [Yireo CustomGraphQlQueryLimiter](CustomGraphQlQueryLimiter) module allows you to modify the query depth and the query complexity in an easy way, by simply letting you change these values from the **Magento Admin Panel**. Simply navigate to the **Store Configuration** in your backend and then to **Yireo > Yireo CustomGraphQlQueryLimiter > Settings** and set the desired values. Additionally, it also enables these settings in the Developer Mode, while Magento by default only enables this in Production Mode. It makes it easier to test things, instead of bumping into potential issues early. Once you update the settings, make sure to test this with an entire client-side app including complexer GraphQL queries, mutations and fragments (for instance, within Magento PWA Studio), because it potentially break your app. ### Introduction [](#introduction) Magento 2.3+ ships with a GraphQL API that allows you to make simple queries like these: ``` { products(filter: {name: {match: "jacket"}}) { items { sku } } } ``` Based upon the same kind of query, you can also create a recursive lookup of products and categories, which might be looking like this: ``` { products(filter: {name: {match: "jacket"}}) { items { sku categories { products { items { sku categories { products { items { sku categories { products { items { sku } } } } } } } } } } } } ``` In my development environment, this quickly leads to timeouts, proofing that this type of query might not be benefiting a production environment, to put it lightly. Magento 2 its GraphQL system is based on the [Webonyx GraphQL PHP library](https://github.com/webonyx/graphql-php/), which offers a couple of security mechanisms to prevent this kind of query from being handled: Query depth and query complexity. The Magento 2 core uses a DI type to set values for this, which could be overridden using your own DI type: ``` 20 300 ``` Looking at the culprit query above, the depth is 10: Simply counting the opening curly braces `{` from the start of the return statement (`items`). By setting the `queryDepth` to 7 or 8, the query would generate an error instead: ``` { "errors": [ { "message": "Max query depth should be 7 but got 10.", "extensions": { "category": "graphql" } } ] } ``` ### Setting the complexity [](#setting-the-complexity) The complexity could be modified as well. Looking at the culprit query above, the complexity is 15. It proves that the complexity of a GraphQL query might be quite low, but still the impact could be high. However, setting the complexity to 300 seems rather high. Perhaps in your case, setting it to 50 might be a better idea. The Webonyx library also allows you to add a complexity function to a specific field definition. Theoretically, this is something that would need to be customized per query (`categories`, `products`). What makes a specific query less performant and would therefore need to be labeled as *complex*? Note that setting an empty value on either query depth or complexity in the database, will make the value to be skipped. At that moment, the original DI configuration is taken into account. ### Health Score 42 — FairBetter than 90% of packages Maintenance58 Moderate activity, may be stable Popularity36 Limited adoption so far Community10 Small or concentrated contributor base Maturity52 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~409 days Total 5 Last Release 278d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/1373981?v=4)[Yireo](/maintainers/yireo)[@yireo](https://github.com/yireo) --- Top Contributors [![jissereitsma](https://avatars.githubusercontent.com/u/7670482?v=4)](https://github.com/jissereitsma "jissereitsma (50 commits)") --- Tags magento2-modulemagentocomposer-installer ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/yireo-magento2-custom-graph-ql-query-limiter/health.svg) ``` [![Health](https://phpackages.com/badges/yireo-magento2-custom-graph-ql-query-limiter/health.svg)](https://phpackages.com/packages/yireo-magento2-custom-graph-ql-query-limiter) ``` ### Alternatives [smile/elasticsuite Magento 2 merchandising and search engine built on ElasticSearch 8044.5M33](/packages/smile-elasticsuite)[mollie/magento2 Mollie Payment Module for Magento 2 1121.6M10](/packages/mollie-magento2)[yireo/magento2-googletagmanager2 Add Google Tag Manager to Magento 167930.4k5](/packages/yireo-magento2-googletagmanager2)[yireo/magento2-graph-ql-rate-limiting Magento 2 module to add rate limiting to GraphQL resources 1419.8k](/packages/yireo-magento2-graph-ql-rate-limiting)[yireo/magento2-checkouttester2 Checkout Tester for Magento 2 93477.4k1](/packages/yireo-magento2-checkouttester2)[yireo/magento2-emailtester2 Preview transactional emails and test send them in your backend 33394.9k](/packages/yireo-magento2-emailtester2) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)