Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
github.com/allencloud/go-swagger
Development of this toolkit is sponsored by VMware:
Contains an implementation of Swagger 2.0. It knows how to serialize and deserialize swagger specifications.
Swagger is a simple yet powerful representation of your RESTful API.
With the largest ecosystem of API tooling on the planet, thousands of developers are supporting Swagger in almost every modern programming language and deployment environment.
With a Swagger-enabled API, you get interactive documentation, client SDK generation and discoverability. We created Swagger to help fulfill the promise of APIs.
Swagger helps companies like Apigee, Getty Images, Intuit, LivingSocial, McKesson, Microsoft, Morningstar, and PayPal build the best possible services with RESTful APIs. Now in version 2.0, Swagger is more enabling than ever. And it's 100% open source software.
tl;dr The main difference at this moment is that this one will actually work.
The swagger-codegen project only generates a client and even there it will only support flat models.
Why is this not done in the swagger-codegen project? Because:
Because 0.5.0 and master have diverged significantly, you should checkout the tag 0.5.0 for go-swagger when you use the currently released version.
You will have to rename some imports:
github.com/go-swagger/go-swagger/httpkit/validate to github.com/go-openapi/validate
github.com/go-swagger/go-swagger/httpkit to github.com/go-openapi/runtime
github.com/naoina/denco to github.com/go-openapi/runtime/middleware/denco
github.com/go-swagger/go-swagger to github.com/go-openapi
go-swagger is distributed as binaries that are built of signed tags. It is published as github release, rpm, deb and docker image.
docker pull quay.io/goswagger/swagger
alias swagger="docker run --rm -it -v $HOME:$HOME -w $(pwd) quay.io/goswagger/swagger"
swagger version
brew tap go-swagger/go-swagger
brew install go-swagger
You can download a binary for your platform from github:
https://github.com/go-swagger/go-swagger/releases/latest
latestv=$(curl -s https://api.github.com/repos/go-swagger/go-swagger/releases/latest | jq -r .tag_name)
curl -o /usr/local/bin/swagger -L'#' https://github.com/go-swagger/go-swagger/releases/download/$latestv/swagger_$(echo `uname`|tr '[:upper:]' '[:lower:]')_amd64
chmod +x /usr/local/bin/swagger
This repo will work for any debian, the only file it contains gets copied to /usr/bin
echo "deb https://dl.bintray.com/go-swagger/goswagger-debian ubuntu main" | sudo tee -a /etc/apt/sources.list
This repo should work on any distro that wants rpm packages, the only file it contains gets copied to /usr/bin/
wget https://bintray.com/go-swagger/goswagger-rpm/rpm -O bintray-go-swagger-goswagger-rpm.repo
Install or update from source:
go get -u github.com/go-swagger/go-swagger/cmd/swagger
The implementation also provides a number of command line tools to help working with swagger.
Currently there is a spec validator tool:
swagger validate https://raw.githubusercontent.com/swagger-api/swagger-spec/master/examples/v2.0/json/petstore-expanded.json
To generate a server for a swagger spec document:
swagger generate server [-f ./swagger.json] -A [application-name [--principal [principal-name]]
To generate a client for a swagger spec document:
swagger generate client [-f ./swagger.json] -A [application-name [--principal [principal-name]]
To generate a swagger spec document for a go application:
swagger generate spec -o ./swagger.json
Bash completion is supported and can be activated as follows:
source ./cmd/swagger/completion/swagger.bash-completion
Note that this does require you already setup bash completion, which can be done in 2 simple steps:
install bash-completion
using your favourite package manager;
run source /etc/bash_completion
in bash;
Zsh completion is supported and can be copied/soft-linked from:
./cmd/swagger/completion/swagger.zsh-completion
In case you're new to adding auto-completion to zsh completion, here is how you could enable swagger's zsh completion step by step:
create a folder used to store your completions (eg. $HOME/.zsh/completion
);
append the following to your $HOME/.zshrc
file:
# add auto-completion directory to zsh's fpath
fpath=($HOME/.zsh/completion $fpath)
# compsys initiatlization
autoload -U compinit
compinit
./cmd/swagger/completion/swagger.zsh-completion
to $HOME/.zsh/completion/_swagger
;The toolkit itself is licensed as Apache Software License 2.0. Just like swagger, this does not cover code generated by the toolkit. That code is entirely yours to license however you see fit.
For a V1 I want to have this feature set completed:
Documentation site
Play nice with golint, go vet etc.
An object model that serializes to swagger yaml or json
A tool to work with swagger:
validate a swagger spec document:
validate against jsonschema
validate extra rules outlined here
/path/{}
is not valid) (Error)name
and in
combination (Error)operationId
(Error)array
(Error)serve swagger UI for any swagger spec file
code generation
generate api based on swagger spec
generate go client from a swagger spec
spec generation
generate spec document based on the code
Middlewares:
serve spec
routing
validation
additional validation through an interface
authorization
swagger docs UI
Typed JSON Schema implementation
extended string formats
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.