GraphQLSchema does not completely validate names

[ab-pm]

The validateName function that is used to validate lots of schema parts is currently only checking that names are not reserved:

graphql-js/src/type/validate.ts

Lines 206 to 217 in 6b253e7

	function validateName(
	context: SchemaValidationContext,
	node: { readonly name: string; readonly astNode: Maybe<ASTNode> },
	): void {
	// Ensure names are valid, however introspection types opt out.
	if (node.name.startsWith('__')) {
	context.reportError(
	`Name "${node.name}" must not begin with "__", which is reserved by GraphQL introspection.`,
	node.astNode,
	);
	}
	}

It should also check that the name complies with https://spec.graphql.org/October2021/#Name, e.g. by testing against the regex /^(?!__)[A-Za-z_][A-Za-z0-9_]*$/.
Otherwise it's possible to construct schemas (via the constructor, not by parsing) that upon printing would lead to invalid syntax, or fields which could never be queried.

[benjie]

Hi @ab-pm! Are you using the validateSchema() function to validate your schema has no naming issues or other problems?

[ab-pm]

I personally don't, I just thought it would be useful.
(What I'd need is print calling validateName on AST tokens, since I deal with potentially bogus/malicious AST inputs for query documents - but I understand that in print this might have a noticeable performance impact and it's not really the responsibility of a printer to do validation.)

I just looked through the source of graphql-js (as the GraphQL reference implementation) to see whether there is something useful to validate strings as Names, and found this function which (in the comment) claims to "Ensure names are valid" but doesn't really live up to that.
In a schema-first style of development this will never happen, but I could see some code-first (or even generated) schemas being constructed with invalid names, and an early error might be helpful for their authors. I admit this hasn't happened to me, so feel free to close this if you consider this a non-issue.