Avoid shipping GraphQL dev landing or playground plugins without a production guard
Apollo Server dev landing pages, sandbox UIs, and GraphQL Playground-style plugins should not load unconditionally in production builds.
#Metadata
#Why it matters
Interactive GraphQL explorers widen attack surface and often expose schema details beyond what production APIs should advertise by default.
#Remediation
Load sandbox or local landing plugins only outside production, prefer `ApolloServerPluginLandingPageProductionDefault`, or disable interactive explorers behind authentication at the edge.
#Repository path
The generated metadata points to critiq-rules/libs/rules/catalog/rules/typescript/ts.security.apollo-server-graphql-dev-tooling-exposure.rule.yaml.