Your profile image makes this comment even more funnier.

One thing I've learned is that if i procrastinate on using the hot new thing for a couple years it always goes away 😂

@@ZM-dm3jg I am also skipping on using nextjs let's see what happens

It’s great not being an early adopter in the web world.

Smart. It’s bullshit

yeh, I've been 'over' aws for a decade. but guess who's still using aws: every employer I've had, and consequently, me.

As I understand (I don't actually use GraphQL), the whole point of is to be flexible. But I thought you're only flexible during development, and the API gets solidified for a given release. As for your (historic) anecdote about rate limits, figuring that out seems to be a one-time cost, while flexibility in development is a continuous benefit.

@@someman7 You have to protect yourself against circular references, massive data pulls, etc… It is a lot of effort to have that flexibility and, for me, it doesn’t make it worth the hassle. Additionally, since it’s more complex when compared with REST, you will have more chances for security bugs in whatever flavor of GraphQL you’re using. It just feels like a solution for a problem that I can solve in less than an hour using REST and, if you are using a language that has strict typing, it shouldn’t be that big of an issue maintaining type safety at least on the server side and you can fail all requests that don’t conform to the data contracts for each endpoint. But I understand that it is a larger issue if your server is running TypeScript/JavaScript, Python, Ruby, or any other programming language that doesn’t have strict data types. So, it’s fine if this works for some, but I think many will start a project with GraphQL with a feeling that it’s the greatest thing ever and then, months later, find it being a source of pain to maintain it.

GraphQL is just another one of those poorly thought out things that got popular because so many devs love to crawl up into the butt cheeks of big tech companies and assume if they’re doing it, it must be the best, and also they’ll seem smart if they do it too.

@@someman7Flexibility is always a trade off, it’s not free. If you don’t know for a fact that you need that level of flexibility, and it’s worth the cost, don’t do it. Way too many devs love to choose stack and design for hypothetical future requirements that 98% of the time never become needed, and they carry that technical baggage around for nothing.

@@jfftck I was told (in a reply to a comment I made in the main thread) that "Most GraphQL systems literally do not allow nested queries. Like the system stops circular references and returns a null." With that in mind, I'm not sure why limiting would be harder than in REST. *shrugs*

What about phoenix vs laravel?

@@iraqinationalist7778 Spring.

@chrishoppner150 don't know, php is hot sh;t rn

This is not true. I can't find a better solution for managing micro services than the graphql federation.

@Ktulhoved better solution is to not build microservices.

I think it’s more like a powersocket next to your front door, but with no fuse . Given a correctly shaped piece of metal anyone can burn down your house. But if you or your neighbour you don’t mind borrowing a socket ever need more power than a normal house fuse can provide it is very convinient. There is little convinience in buttons that blow up your house.

I think the confusion comes from the anyone, the problem is simple resource economy: Is it cheaper to make my house redundant or to make as many mailboxes as there letters. Article (imho correctly) adjusts the needle from some to almost nobody.

Usually they filter the allowed queries to be the exact ones they tested.

Why do we have a prefix like this at my job too 🤣

​@@devinjohnson5759 for api versioning

@@devinjohnson5759 Same here as well!

Your argument is flawed. What endpoints are to an rest API is what queries and mutations are to gql. They are just same shit in different toilets. Think again. Do you really have 1000 REST endpoints with 1000 entities or 1000 RPC endpoints with 1000 backing callbacks. Gql provides a structured way to subset fields and specify filters etc. Other than these, it is really not that different from REST.

@@zhoulingyu lmao yeah no, try again 👍

That statement is in my opinion not true. GraphQL is REST API with extra steps. You can have identical API, doing the same with the easiest and most common communication method. Queries just won't be so elegant. Needing 1000+ endpoints is a sign of not understanding what one is doing. I was able to build and maintain REST APIs for 20+ mobile apps all by myself. My solution: vanilla PHP (no composer, no autoload, direct lib include) + FatFree "framework", served by nginx/apache with URL -> php file mapping, with file per endpoint. You'll endup with an AWS Lambda like solution. Simple, clean, easy to maintain and scale solution. It will be exactly the same stuff, will just less. You haven't build such stuff before and started from graphql, do you?

@@Th3T1redPanda lmao

​@@jly_dev I swear this comment section is packed with people who have never used GraphQL uttering nonsense

Isn't Ruby pretty much a Functional Programming language, other than all those pesky Objects? Somewhat Lisp based, somewhat Smalltalk based. Makes sense Prime doesn't want to learn. It's too close to Haskell!

@@NostraDavid2 ruby has nothing to do with haskell or any fp language. it's a lot more similar to python and javascript. before node was around, everyone was using ruby and php. it's a very simple and easy language to learn.

@@NostraDavid2 Ruby is an expression language and is nowhere functional-everything is mutable and effectful.

nice

This is like saying allowing users to type "rm -rf" into a production database causes issues. Just use persisted queries. Tada.

I just waited till they came to the conclusion it was not it ;). It always happens sooner or later. Bleeding edge dancing is more fails than wins ...

I make 6 figures programming it. Feels good.

@@KevinJDildonik random flex on a random comment section,

@@KevinJDildonik 6 figs only feels good in places where there is no inflation

​@@swojnowski453😂 unfortunately true. Six figures is poverty is San Francisco. "I make six figures" while also on food stamps.

Yeah I wonder why the author completely skipped over that

Authorization is not a problem as well if you have necessary claims in token. Skill issues.

For anyone who doesn't get it: This is like saying allowing user input without sanitization causes problems. Duh. So all modern GraphQL systems (should) have persisted queries where these rules are harshly enforced.

But what is then the point in using GraphQL when you are only limited to persistent queries? Those I can build with REST. The entire point of GraphQL is to enable highly dynamic queries.

@@dominikvonlavante6113 The point is persisted queries can be created by other engineers in your company, so you don't have to keep adding new REST endpoints because one team wants A and another wants B.

It was not added, you always had the option to define queries on the server side. And it is still nothing like REST, even if you are using persisted queries.

Most GraphQL systems literally do not allow nested queries. Like the system stops circular references and returns a null.

And people eat it up anyway.

What's the advantage of using gql for your case? Can't your reporting thing access the api directly?

@@ZoranRavicTech 1. The data is distributed over a lot of services and the node and edges concept of graphql helps a lot there. 2. N+1 on the client is impossible to solve for our legacy public API (in some cases) 3. Flexibility is really nice. We don't need to change our endpoint to allow newer reports. The more reports (and nodes there already are), the easier it gets to add new reports.

@@EikeSchwass sounds like a great use case

They talked about GraphQL like it's completely broken, but I don't think they realize many people wont ever run into those issues.

This sounds like a programmers are human too quote

So you mean, a frontend engineer writes the spec for they want to get from the backend and then a backend engineer can implement that spec? That's called OpenAPI.

@lobovutare no, I mean the backend engineers implement a graphql service for development, the frontend develops and settles on the set of queries they need, then the build step locks in and optimises for just those queries - and doesn't allow others - when deployed to production

Right. I'm tired of these guys writing about issues that they essentially created themselves.

Yeah I feel that unless you're writing your graphql stack from scratch the gql package should have mitigations for many of these issues. But you do have to be very careful about what you expose to your graphql endpoint.

Thanks man. Saved me some time to write.

I mean that's basically an API Gateway plus a Facade.... Which is also what GraphQL framework does anyway

do not oversaturate your app with services, if you are a firefighter you are not a policeman, being everything means being a supermarket, but we all know what's wrong with supermarkets, they sell cheap crap ;)

@@swojnowski453i would also recommend avoiding microservices and graphql for most projects. They are large scale concepts that will drastically overcomplicate things if you choose to implement them before you actually need them. But that doesn’t mean it’s never useful, or a deprecated approach. Our industry is plagued by people who fail to grasp nuance and only remember extremes, ie ”graphql good/bad”. Or people who start projects with a stack and architecture without truly knowing if their choices are appropriate for the project, and they’ve just chosen what’s popular. Sometimes microservices is the right choice. Sometimes you’ll need an api gateway. GraphQL could be benefitial here. Or . This is the nuance and exploration I’m missing in the article.

@@kasper_573 yeah, people only care about 1 thing: am I using the BEST tool right now?

@@swojnowski453 wait, you forgot about "Fire Police" en.wikipedia.org/wiki/Fire_police Yeah, its a thing.

Nothing, necessarily, but the only difference is in GraphQL you have a schema, so you have a map of the whole API, which your restful endpoints won't have. My problem with graphql was less about security, but more about promise trees being slow and no built in caching so have to do a lot of work to make it performant.

Rest has pretty simple rate request limits and caching is much easier

What kind of problems were you running into?

@@ZoranRavicTech Primarily optimization problems. We could never get our head around the exact way data was flowing like we could with a basic REST endpoint. We could never really understand how to best cache things. And every time we reached a point where we could actually benchmark something, the GraphQL request would be upwards of 10x as slow. Genuinely, we thought we were just too stupid to get it and would need to pay a lot of money for some classes or contractors to show us how it's done. The thing we really wanted was response shape validation, and we got that with JSONSchema and a TypeScript monorepo, so we just sort of dropped GQL. I shared this video with my old coworkers so they could also feel less bad about themselves.

21:57 Lmfao

You clearly care more about correctness and robustness than the buzzword technology of the day. How dare you.

I presume "J'SON" is pronounced "Jismal"?

Exactly

But then you lose out on request batching.

Oh there's lots of custom queering in this gay as heck app

graphql-request.... it's so simple I don't know why it's not more popular

did no one tell them that GQL works only for highly relational data?

You don't even need apollo. Idk why is it even popular, considering how little it adds.

SOAP? That's not hip! We need REST. REST? That not hip we need GraphQL! GraphQL that's a shit show, we need REST with a spec! REST with a spec? How's that not SOAP?

XML is cringe

@@karakaaa3371 It's an Extensible Markup Language.

It’s easier to cut bait when you’ve seen how the sausage is made.

@@semyaza555 I do not think that expression (cut bait) means what you think it means. :)

Any source? not to doubt you but I would like to read more about that

It's okay to dislike a technology, but let's not spread false information. Meta hasn't abandoned graphql at all lol, they still heavily use Relay in critical infrastructure.

@@armaandhanji2112 talking about forward facing APIs not private relay where it’s as you mentioned still used in at least half of their service layer.

This is great if your data is only from a DB and doesn’t require external services. My team is building integrations with multiple services and we can’t keep the data in DBs because that would change the source of truth for the data.

@@jfftck yeah that wouldn't work very well. in my case I just call into openai's APIs from a serverless function and all the data is in the db. do you use graphql for your use case? sounds like it could work for you

"Aitch titty pee"

I think Hasura can auto-generate GraphQL for your db. But you also need to have business logic, so I think you still have to write resolvers somewhere.

GraphQL is not only about some SQL queries, the source of data could be also a different server or anything.

Small correction; with GraphQL everything is POST.

You can still have caching with GraphQL. But you need a library that correctly handles different requests.

@@komfyrion Nothing about gql requires you do use POST for everything. The correct method should be GET for queries and POST for mutations. Some libraries only use POST, but that is a limitation of those specific libraries and not anything to do with gql itself.

@@ZoranRavicTech Right, my bad. That's an Apollo Server implementation detail.

@@ZoranRavicTech Yeah, some engines had to create a workaround, by (basically) turning specific queries to REST gets. THe problem keeps being the same, is not prepared for the REST world.

Can you batch your REST api requests?

The issues they mentioned can easily be avoided, at least by devs who have had experience with gql.

That wont mean much for junior devs. If it is not working that way out of the box it may as well be impossible. That's why you see them talking about those all issues that could have been avoided.

The way I understood it is that estimating the query complexity is easy to get wrong unless you have the skill to rewrite graphql; so it's far more difficult than just making REST endpoints the normal way.

@@creativecraving You can skip complexity estimation and instead do the same thing you would do in rest and set a limit on the number of items in a response of a resolver + don't make it possible recursively call resolvers. Also if it is possible to write a rest endpoint then do that. Gql is best for larger or more complex api-s.

You clearly did not work with graphql.

It wouldn't be clickbait if it didn't get both of us to watch the vid.

If you’re going to be doing server side rendering, then you might as well not even bother with graphql and just use htmx.

In gql queries the end users control the servers as much as they do with rest requests.

"I need infrastructure??? But I want to just run a report on your server to do my integration"

@@ricmorris9758 with graphql you don't need any infrastructure to load data for your report, all you need is a single GET request. It's actually much simpler than having a flood of GET requests you would need if you used rest api.

@@ricmorris9758 The best part is no part! And for necessary APIs, I want to do 'Designing and Evaluating Reusable Components'

Who hurt you...

my eye itches when i remember reading xmlspec and: PUT 200 ok, authentication required.

Yes, especially the part about authorization... maybe it's the ruby framework. I work with with springboot and it's so simple to implement!

@@hardcorecode yes, so simple that you have to wait 1 year to upgrade spring boot 2 to spring boot 3 for graphql compatibility because no one use this hyped sh*t anymore

@@Monsieur_Anderson I don't know what you are rumbling about. but basic spring security is straight foward to implement... oh I am still on JAVA 11 so I don't follow no hype train. I pick my tech stack very carefully!

@@hardcorecode Well, if you use GraphQL you are actualy in the hype train. if you upgrade your spring boot app, you are not in a hype train, you just fix critical security issues

@@hardcorecode Dude probably pays for authorization service lol, everything is SaaS now

I'm pretty sure that gql is primarily consumed from the client side of websites and apps.

you could even add GQL on the server side if you really need it, now you can add "friends" field without affecting anyone, without duplicating endpoints, and without updating documentation. People will want to be friends with you now!

As soon as you run into a case where the UI has to be constantly re-rendered you will realize SSR is not an option and writing any kind of non-trivial logic in htmx is next to impossible.