I was wrong.
You can place a middleware in chaining resolvers like this and you can unset author.email there so that it does not return emails in the response.
'ProductReview.author': {
auth: false,
middlewares: [
async (resolve, parent, ...rest) => {
const response = await resolve(parent, ...rest);
if (parent) {
response.value = pick(response.value, ['id', 'username']);
}
return response;
},
],
}