diff --git a/.changeset/silent-cooks-visit.md b/.changeset/silent-cooks-visit.md new file mode 100644 index 0000000..de156c4 --- /dev/null +++ b/.changeset/silent-cooks-visit.md @@ -0,0 +1,5 @@ +--- +'dataloader': minor +--- + +Set default maximum batching size to 500 to prevent Denial of Service. diff --git a/README.md b/README.md index 664a043..5b8adcd 100644 --- a/README.md +++ b/README.md @@ -395,7 +395,7 @@ Create a new `DataLoader` given a batch loading function and options. | Option Key | Type | Default | Description | | ----------------- | -------- | ----------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | `batch` | Boolean | `true` | Set to `false` to disable batching, invoking `batchLoadFn` with a single load key. This is equivalent to setting `maxBatchSize` to `1`. | -| `maxBatchSize` | Number | `Infinity` | Limits the number of items that get passed in to the `batchLoadFn`. May be set to `1` to disable batching. | +| `maxBatchSize` | Number | `500` | Limits the number of items that get passed in to the `batchLoadFn`. May be set to `1` to disable batching. | | `batchScheduleFn` | Function | See [Batch scheduling](#batch-scheduling) | A function to schedule the later execution of a batch. The function is expected to call the provided callback in the immediate future. | | `cache` | Boolean | `true` | Set to `false` to disable memoization caching, creating a new Promise and new key in the `batchLoadFn` for every load of the same key. This is equivalent to setting `cacheMap` to `null`. | | `cacheKeyFn` | Function | `key => key` | Produces cache key for a given load key. Useful when objects are keys and two objects should be considered equivalent. | diff --git a/src/index.d.ts b/src/index.d.ts index 136ad88..ee7dae0 100644 --- a/src/index.d.ts +++ b/src/index.d.ts @@ -95,7 +95,7 @@ declare namespace DataLoader { batch?: boolean; /** - * Default `Infinity`. Limits the number of items that get passed in to the + * Default `500`. Limits the number of items that get passed in to the * `batchLoadFn`. May be set to `1` to disable batching. */ maxBatchSize?: number; diff --git a/src/index.js b/src/index.js index 997d85a..a58ceae 100644 --- a/src/index.js +++ b/src/index.js @@ -412,7 +412,7 @@ function getValidMaxBatchSize(options: ?Options): number { } const maxBatchSize = options && options.maxBatchSize; if (maxBatchSize === undefined) { - return Infinity; + return 500; } if (typeof maxBatchSize !== 'number' || maxBatchSize < 1) { throw new TypeError(