Complex GraphQL queries can crash servers without proper limits. A new open-source tool, graphql-complexity-validation, addresses this by adding a lightweight validation rule. It calculates query cost recursively and rejects requests exceeding a set maximum, using native GraphQL validation without extra dependencies.

This library is framework-agnostic, supporting Apollo Server, GraphQL Yoga, Envelop, and NestJS. It's fully typed in TypeScript, ignores introspection by default, and lets you assign custom costs to specific fields. This approach avoids schema traversal or directives, simplifying security and performance tuning.

The tool emerges from a common need to prevent resource-intensive queries from overwhelming backend systems. By setting a `maxComplexity` and defining field costs, developers can enforce query limits at the validation layer. This offers a practical way to maintain API stability without complex custom middleware.