Strict excessive property type-checking

[mindplay-dk]

I just realized the client will accept basically any variables in query-calls.

By which I mean, something like this is apparently valid:

await client.mutate({
  mutation: UPDATE_DOCUMENT,
  variables: {
    id,
    filename,
    createdAt,
    propertyThatTotallyDoesntExist: 'whatever', // valid
  },
})

Apparently, this is due to some messed-up type-checking issue they won't/can't fix.

Here's an example demonstrating the issue:

interface Foo {
  one: string
  two: string
  three: string
}

function hello<T extends Foo>(foo: T) { }

hello({
  one: 'one',
  two: 'two',
  three: 'three',
  lol: 'wtf' // ❌
})

hello({
  one: 'one',
  two: 'two',
  // three: 'three',
  lol: 'wtf' // ✅
})

That is, as long as the variables that must be there are there, it will accept anything.

Or in other words, type-checking for excess properties is for some reason conditional on satisfying any required properties.

What this means is your codebase could be full of dead code and you would never know it.

To make matters worse, because the type is generic, any extra properties will appear in an IDE to be real properties:

Not only is it not type-checking, it's also misleading you to think these properties have types and could be in use. 😢

There is a way to make this type-checking stricter:

interface Foo {
  one: string
  two: string
  three: string
}

function hello<T extends Foo & Record<string, never>>(foo: T) { }

hello({
  one: 'one',
  two: 'two',
  three: 'three',
  lol: 'wtf' // ✅
})

hello({
  one: 'one',
  two: 'two',
  // three: 'three',
  lol: 'wtf' // ✅
})

If applied to the query methods in the client, this would obviously be a huge breaking change, however.

Will it break anything that shouldn't be broken though? I'm still kind of new to GraphQL, so I can't say.

I would love to see this addressed though, as I suspect our codebase may be full of dead code that just can't be checked.

What do you think?

[phryneas]

So far we've been mostly relied on Codegen to create variables types that already prevent excessive properties, but generally, this is doable.

We are introducing ways of overriding certain internal Apollo Client types with 4.0, and this might become an addition - allowing users to opt into stricter variable types. That said, I'm not sure if we'll be able to get this into 4.0 or if it will become a follow-up in a minor.

[mindplay-dk]

Why would this be an opt-in?

I think strict type-safety is a major selling point for using GraphQL in the first place.

If someone wants to bypass proper type-safety, that should be an opt-out, in my opinion.

Is there an actual use for untyped extra properties? Is that something people actually use and depend on?

[phryneas]

TypeScript is duck-typed, so it's a normal thing to pass around "matching, but bigger" objects in TypeScript.

I totally expect people to pass in bigger objects and rely on the fact that HttpLink removes all variables that are not part of the operation by default.

So just adding & Record<string, never> would probably cause a lot of type errors in people's code bases and not give them too much benefit.

Where it would benefit them is if we were to apply & Record<string, never> recursively - since HttpLink will not strip out members of variables that might not be part of the schema (after all, the client never knows about the schema).
But that would have the significant downside of a recursive type that might cause performance problems and even errors on circular input types, so it's probably not a good idea that we do that either.

[mindplay-dk]

TypeScript is duck-typed, so it's a normal thing to pass around "matching, but bigger" objects in TypeScript.

Yes, but passing extra props to variables invites bugs and problems:

• you can add a new prop, and you think it's doing something, but the name is misspelled or misformatted.
• nothing prompts you to actually remove dead/removed props: risk of leaving more dead code to calculate those, etc.
• a prop name could be introduced in the future and suddenly the extra prop randomly has some unintended effect.

and so on.

yes, it's a normal thing to pass around objects with extra props - but it's much better practice to keep these separate.

I mean, all of these problems are exactly the kind of problems we hope to solve by having types in the first place, aren't they?

are we optimizing types for users who don't know how to make the most of types? at the expense of users who do?

that's... not great.

but I can understand if you think this is a TS issue and not something we can or should fix - sadly, this is an incredibly old issue, and really unlikely to ever get fixed... boo, TypeScript 🫤

[jerelmiller]

@mindplay-dk I'd be curious if you have better luck with Apollo Client 4.0. We did quite a bit of work in 4.0 around types for variables for all APIs that accept a variables option. In fact we have a type test very similar to your example that checks this: https://github.com/apollographql/apollo-client/blob/52898f7340dd4f6d02f9688968fdba42977b0f37/src/core/__tests__/ApolloClient/general.test.ts#L8732-L8738

Any chance you could try 4.0 and see if it helps? We have a migration guide that should walk you through what has changed.

[mindplay-dk]

@jerelmiller I can't get the codemod to work... or at least, I can't tell if it's working?

I tried npx @apollo/client-codemod-migrate-3-to-4 --verbose 2 --parser babel --extensions js,jsx src and it just says:

Processing 515 files... 
 SKIP src/components/AllDocuments/index.jsx
 SKIP src/components/AssignProcess/Employee.jsx
 SKIP src/components/AssignProcess/EmployeeInfo.jsx
 SKIP src/components/AssignProcess/EmployeePlaceholder.jsx
 SKIP src/components/AssignProcess/EmployeeStartDate.jsx

It just keeps going like that - I haven't seen it print anything other than "SKIP".

It prints at a rate of about 1 line every 5-10 seconds - I've had it running for over half an hour, and it hasn't touched any files. (does it print anything when it does modify a file? does it keep all changes in a temporary folder until the end or something?)

I've tried --run-in-band as well, same thing. (same speed.)

Note that I tried npx @apollo/client-codemod-migrate-3-to-4 src at first, and it just flooded the screen with errors - I think, because this is a mixed codebase? It's a .ts and .tsx project, but there are legacy .js and .jsx modules as well.

Running the documented TS commands might work, but that wouldn't touch the .js and .jsx files (would it?) which need to be migrated as well - since the default command fails, adding --parser babel --extensions js,jsx was my way of trying to process the .js and .jsx files separately, but maybe I'm doing it wrong?

[mindplay-dk]

@jerelmiller no, wait! sorry, it actually finished now! for some reason, it prints all the OK messages in a big chunk at the end. 😅

[mindplay-dk]

@jerelmiller has this tool been known to stall? I ran the ts codemod command - it's been 75 minutes since the last (OK) message - it's at 100% CPU, it has changed a few files, but nothing appears to be happening. (big project but...)

[mindplay-dk]

@jerelmiller for the record, I gave up after about two hours of no activity... on a hunch, I ran the tool again with an --ignore-pattern option for a folder with code-generated graph QL types, and it finished in five minutes. 🤷‍♂️

Note that this folder is listed in .gitignore due to similar problems with other tools - perhaps the tool ought to respect that? Or maybe the docs should recommend this option, as many (most?) GraphQL projects have a large bulk of code-generated types, and apparently these get parsed in full for every single file it processes? (it was using 12GB of RAM during the aborted two-hour run.)

[jerelmiller]

@mindplay-dk that doesn't sound normal at all. Depending on the size of the codebase, this should be 30s to maybe a minute or two, so anything longer than that is a problem.

The codemod is a wrapper around jscodeshift. The --parser option you are passing seems right to me.

Any chance you could extract a file or two into a reproduction for us? (feel free to change component names/queries). That would help us investigate why it might be stalling. I've not seen it stall like that before 😞. I don't know if this is an issue with jscodeshift or something we are doing internally in the codemod, but having a reproduction might help.

[jerelmiller]

On a separate note, I created a bug for this in apollographql/apollo-client#12919. Do you mind if we continue the conversation over there?

[mindplay-dk]

Yeah, sorry for veering off-topic - feel free to hide irrelevant posts here, I'll respond in the new thread. :-)