Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
github.com/grofers/go-swagger
This package contains a golang implementation of Swagger 2.0 (aka OpenAPI 2.0): it knows how to serialize and deserialize swagger specifications.
Swagger is a simple yet powerful representation of your RESTful API.
Swagger in a nutshell
With the largest ecosystem of API tooling on the planet, thousands of developers are supporting Swagger in almost every modern programming language and deployment environment.
With a Swagger-enabled API, you get interactive documentation, client SDK generation and discoverability. We created Swagger to help fulfill the promise of APIs.
Swagger helps companies like Apigee, Getty Images, Intuit, LivingSocial, McKesson, Microsoft, Morningstar, and PayPal build the best possible services with RESTful APIs. Now in version 2.0, Swagger is more enabling than ever. And it's 100% open source software.
go-swagger
brings to the go community a complete suite of fully-featured, high-performance, API components to work with a Swagger API: server, client and data model.
Our focus with code generation is to produce idiomatic, fast go code, which plays nice with golint, go vet etc.
go-swagger
is now feature complete and has stabilized its API.
Most features and building blocks are now in a stable state, with a rich set of CI tests.
The go-openapi community actively continues bringing fixes and enhancements to this code base.
There is still much room for improvement: contributors and PR's are welcome. You may also get in touch with maintainers on our slack channel.
Q&A contributed by the community:
tl;dr The main difference at this moment is that this one actually works...
The swagger-codegen project only generates a workable go client and even there it will only support flat models. Further, the go server generated by swagger-codegen is mostly a stub.
Motivation Why is this not done as a part of the swagger-codegen project? Because:
- I don't really know java very well and so I'd be learning both java and the object model of the codegen which was in heavy flux as opposed to doing go and I really wanted to go experience of designing a large codebase with it.
- Go's super limited type system makes it so that it doesn't fit well in the model of swagger-codegen
- Go's idea of polymorphism doesn't reconcile very well with a solution designed for languages that actually have inheritance and so forth.
- For supporting types like
[][][]map[string][][]int64
I don't think it's possible with mustacheI gravely underestimated the amount of work that would be involved in making something useful out of it. My personal mission: I want the jvm to go away, it was great way back when now it's just silly (vm in container on vm in vm in container)
Here is an outline of available features (see the full list here):
There is more to that...
go-swagger
is available as binary or docker releases as well as from source: more details.
The main package of the toolkit, go-swagger/go-swagger, provides command line tools to help working with swagger.
The toolkit is highly customizable and allows endless possibilities to work with OpenAPI2.0 specifications.
Beside the go-swagger CLI tool and generator, the go-openapi packages provide modular functionality to build custom solutions on top of OpenAPI.
The CLI supports shell autocompletion utilities: see here.
Most basic use-case: serve a UI for your spec:
swagger serve https://raw.githubusercontent.com/swagger-api/swagger-spec/master/examples/v2.0/json/petstore-expanded.json
To validate a Swagger specification:
swagger validate https://raw.githubusercontent.com/swagger-api/swagger-spec/master/examples/v2.0/json/petstore-expanded.json
To generate a server for a swagger spec document:
swagger generate server [-f ./swagger.json] -A [application-name [--principal [principal-name]]
To generate a client for a swagger spec document:
swagger generate client [-f ./swagger.json] -A [application-name [--principal [principal-name]]
To generate a swagger spec document for a go application:
swagger generate spec -o ./swagger.json
To generate model structures and validators exposed by the API:
swagger generate model --spec={spec}
There are several commands allowing you to transform your spec.
Resolve and expand $ref's in your spec as inline definitions:
swagger expand {spec}
Flatten your spec: all external $ref's are imported into the main document and inline schemas reorganized as definitions.
swagger flatten {spec}
Merge specifications (composition):
swagger mixin {spec1} {spec2}
The diff command allows you to check backwards compatibility.
Type swagger diff --help
for info.
swagger diff {spec1} {spec2}
swagger generate markdown -f {spec} --output swagger.mode
Try go-swagger
in a free online workspace using Gitpod:
The toolkit itself is licensed as Apache Software License 2.0. Just like swagger, this does not cover code generated by the toolkit. That code is entirely yours to license however you see fit.
To name but a few... (feel free to sign in there if you are using this project):
In the list below, we tried to figure out the public repos where you'll find examples on how to use
go-swagger
andgo-openapi
:
3DSIM
Alibaba PouchAPI
CheckR
Cilium
CoreOS
NetBox Community
EVE Central
Iron.io
JaegerTracing
Kubernetes-Helm
Kubernetes
ManifoldCo
Metaparticle.io
Netlify
Nutanix
OAS2
OVH API
RackHD
ScaleFT
StratoScale
Terraform Provider OpenAPI
VMware
...
Changes in the behavior of the generated client regarding defaults in parameters and response headers:
The options for generate model --all-definitions
and --skip-struct
are marked for deprecation.
For now, the CLI continues to accept these options. They will be removed in a future version.
Generating all definitions is now the default behavior when no other option filters the generation scope.
The --skip-struct
option had no effect.
Generated servers no more import the following package (replaced by go1.8 native functionality):
github.com/tylerb/graceful
Spec flattening now defaults to minimal changes to models and should be workable for 0.12 users.
Users who prefer to stick to 0.13 and 0.14 default flattening mode may now use the --with-flatten=full
option.
Note that the --skip-flatten
option has been phased out and replaced by the more explicit --with-expand
option.
Spec flattening and $ref resolution brought breaking changes in model generation, since all complex things generate their own definitions.
You will have to rename some imports:
github.com/go-swagger/go-swagger/httpkit/validate to github.com/go-openapi/validate
github.com/go-swagger/go-swagger/httpkit to github.com/go-openapi/runtime
github.com/naoina/denco to github.com/go-openapi/runtime/middleware/denco
github.com/go-swagger/go-swagger to github.com/go-openapi
Because 0.5.0 and master have diverged significantly, you should checkout the tag 0.5.0 for go-swagger when you use the currently released version.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.