Impossible to disable Smile_ElasticsuiteCatalogGraphQl via composer by yireo tool

[yutv]

On the projects which don't use any GraphQl functionality there is a good tool to disable all of them via composer https://github.com/yireo/magento2-replace-tools

composer require yireo/magento2-replace-graphql
php bin/mageno setup:upgrade

Unfortunately the Elasticsuite has no a separate GraphQl composer package so it's impossible to disable it that way.

php bin/mageno setup:di:compile
Interface "Magento\CatalogGraphQl\Model\Resolver\Products\Query\ProductQueryInterface" not found

Describe the solution you'd like

The Smile_ElasticsuiteCatalogGraphQl Magento module should be moved to a separate composer package.

[romainruaud]

Hi, we will not do this.

Our experience has proven that separated packages are hard to maintain and often left-behind.

See https://github.com/Smile-SA/magento2-module-elasticsuite-cms-search or https://github.com/Smile-SA/magento2-module-elasticsuite-rating or https://github.com/Smile-SA/magento2-module-elasticsuite-quick-order

They're not really up-to-date. It's also much painful to centralise any potential issues.

To be honest, I don't think there is a gain in disabling Magento2 graphql modules. There are a lot of junk modules that are worth to disable (optional core modules, bundled extensions like vertex, etc...), but the graphQl ones does not really have an impact.

Regards

[ssx]

@romainruaud for those wanting to reduce attack surface areas, removing GraphQL becomes something wanted.

Can you rewrite to not have a hard dependency on it and check whether it's installed so we're not forced to have the entirety of graph-ql installed to use Smile?

[Stevie-Ray]

Having the same issue, trying to remove the unused GraphQL endpoints from Magento because they show a security risk while running the Acunetix vulnerability scanner.

php bin/magento s:d:c
Interface "Magento\CatalogGraphQl\Model\Resolver\Products\Query\ProductQueryInterface" not found

But adding "smile/module-elasticsuite-catalog-graph-ql": "*" doesn't work.

It's still possible to remove the following Magento GraphQL modules and use smile/elasticsuite:

  "replace": {
        "magento/module-async-order-graph-ql": "*",
        "magento/module-authorizenet-graph-ql":"*",
        "magento/module-bundle-graph-ql": "*",
        "magento/module-catalog-cms-graph-ql":"*",
        "magento/module-catalog-customer-ql": "*",
        "magento/module-catalog-customer-graph-ql":"*",
        "magento/module-catalog-inventory-graph-ql": "*",
        "magento/module-catalog-permissions-graph-ql": "*",
        "magento/module-catalog-rule-graph-ql": "*",
        "magento/module-catalog-staging-graph-ql": "*",
        "magento/module-catalog-url-rewrite-graph-ql": "*",
        "magento/module-checkout-agreements-graph-ql":"*",
        "magento/module-cms-graph-ql": "*",
        "magento/module-cms-url-rewrite-graph-ql": "*",
        "magento/module-compare-list-graph-ql": "*",
        "magento/module-configurable-product-graph-ql": "*",
        "magento/module-customer-balance-graph-ql": "*",
        "magento/module-customer-downloadable-graph-ql":"*",
        "magento/module-customer-graph-ql": "*",
        "magento/module-directory-graph-ql": "*",
        "magento/module-downloadable-graph-ql": "*",
        "magento/module-elasticsearch-catalog-permissions-graph-ql": "*",
        "magento/module-gift-card-account-graph-ql": "*",
        "magento/module-gift-card-graph-ql": "*",
        "magento/module-gift-message-graph-ql": "*",
        "magento/module-gift-registry-graph-ql": "*",
        "magento/module-gift-wrapping-graph-ql": "*",
        "magento/module-grouped-product-graph-ql": "*",
        "magento/module-inventory-graph-ql": "*",
        "magento/module-inventory-in-store-pickup-graph-ql": "*",
        "magento/module-inventory-in-store-pickup-quote-graph-ql": "*",
        "magento/module-inventory-quote-graph-ql": "*",
        "magento/module-login-as-customer-graph-ql": "*",
        "magento/module-multiple-wishlist-graph-ql": "*",
        "magento/module-newsletter-graph-ql": "*",
        "magento/module-quote-graph-ql": "*",
        "magento/module-payment-graph-ql": "*",
        "magento/module-paypal-graph-ql": "*",
        "magento/module-re-captcha-webapi-graph-ql": "*",
        "magento/module-related-product-graph-ql":"*",
        "magento/module-review-graph-ql": "*",
        "magento/module-reward-graph-ql": "*",
        "magento/module-rma-graph-ql": "*",
        "magento/module-sales-graph-ql": "*",
        "magento/module-send-friend-graph-ql": "*",
        "magento/module-staging-graph-ql": "*",
        "magento/module-store-graph-ql": "*",
        "magento/module-swatches-graph-ql": "*",
        "magento/module-target-rule-graph-ql": "*",
        "magento/module-tax-graph-ql": "*",
        "magento/module-theme-graph-ql": "*",
        "magento/module-url-rewrite-graph-ql": "*",
        "magento/module-vault-graph-ql": "*",
        "magento/module-versions-cms-url-rewrite-graph-ql": "*",
        "magento/module-weee-graph-ql": "*",
        "magento/module-wishlist-gift-card-graph-ql": "*",
        "magento/module-wishlist-graph-ql": "*"
    }

[cptX]

I hope @romainruaud will reconsider this in the future!