Beating GraphQL in convenience, performance and security with “ComponentQL”
November 13, 2019
GraphQL is [Graphs All The Way Down](https://graphql.org/learn/thinking-in-graphs/#it-s-graphs-all-the-way-down-https-en-wikipedia-org-wiki-turtles-all-the-way-down). “With GraphQL, you model your business domain as a graph by defining a schema; within your schema, you define different types of nodes and how they connect/relate to one another.” Through schemas, GraphQL has greatly improved the development experience as compared to REST, enabling applications to be shipped faster then ever.
However, GraphQL has its own inherent set of issues that, after several years of trying, nobody has been able to solve on a conclusive manner. Among them, its security is suboptimal, since it enables malicious actors to execute Denial of Service attacks on the database server; it cannot be cached on the server, since it mainly operates through POST requests, adding complexity and processing cost to the application on the client-side; an object type must live on a single location, making it difficult for team members to collaborate (as evidenced by the [deprecation of schema stitching](https://www.apollographql.com/docs/graphql-tools/schema-stitching/) and the over-engineering of the [federation approach](https://www.apollographql.com/docs/apollo-server/federation/introduction/)), more often than not leading to a monolith architecture; it can become tedious to set it up on the server, since each schema must list down all of its objects' properties, leading to an overabundance of code; and executing a query with many levels of depth can become very slow, since its [time complexity to resolve queries can be exponential](http://olafhartig.de/files/HartigPerez_WWW2018_Preprint.pdf).
Luckily, there is a similar approach to graphs for representing information, which does not suffer any of its disadvantages: Components! A component hierarchy can mirror the data structure from a graph, enabling us to obtain the benefits from GraphQL, while at the same time losing none of the advantages from a simple REST architecture. Picture yourself accessing the great development experience of GraphQL, but with the added server-side performance and security from REST, minus the inconvenience of having to set-up thousands of properties on the schema, and allowing the team to split the creation of the data model without any overlapping of tasks or need to set-up special tooling.
A data API based on components is the greatest kept secret... until this presentation demonstrates all about it. Join me for an enlightening journey into the power of components!
About Leonardo Losoviz
Leonardo Losoviz is a freelance open source developer, creator of [PoP](https://github.com/leoloso/PoP) (an API + component-model + framework for building sites on PHP), regular contributor to [Smashing Magazine](https://www.smashingmagazine.com/author/leonardolosoviz), and occasional conference speaker. He spends his days coding for the web on whatever project goes his way, learning new technologies, and writing down what he has learnt to share his experience with others, on his own blog [leoloso.com](https://leoloso.com), on Smashing Magazine, conferences and meetups.