Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
github.com/jerbob92/go-swagger
Development of this toolkit is sponsored by VMware:
This API is not stable yet, when it is stable it will be distributed over gopkg.in
There is a code coverage report available in the artifacts section of a build. Unfortunately using coveralls made the build unstable.
Contains an implementation of Swagger 2.0. It knows how to serialize and deserialize swagger specifications.
Swagger is a simple yet powerful representation of your RESTful API.
With the largest ecosystem of API tooling on the planet, thousands of developers are supporting Swagger in almost every modern programming language and deployment environment.
With a Swagger-enabled API, you get interactive documentation, client SDK generation and discoverability. We created Swagger to help fulfill the promise of APIs.
Swagger helps companies like Apigee, Getty Images, Intuit, LivingSocial, McKesson, Microsoft, Morningstar, and PayPal build the best possible services with RESTful APIs. Now in version 2.0, Swagger is more enabling than ever. And it's 100% open source software.
Install or update:
go get -u github.com/go-swagger/go-swagger/cmd/swagger
The implementation also provides a number of command line tools to help working with swagger.
Currently there is a spec validator tool:
swagger validate https://raw.githubusercontent.com/swagger-api/swagger-spec/master/examples/v2.0/json/petstore-expanded.json
To generate a server for a swagger spec document:
swagger generate server [-f ./swagger.json] -A [application-name [--principal [principal-name]]
To generate a client for a swagger spec document:
swagger generate client [-f ./swagger.json] -A [application-name [--principal [principal-name]]
To generate a swagger spec document for a go application:
swagger generate spec -o ./swagger.json
Much improved documentation is in the works and will actually explain how to use this tool in much more depth. To learn about which annotations are available and how to use them for generating a spec from any go application (generating a spec is not opinionated), you can take a look at the files used for testing the parser.
There are several other sub commands available for the generate command
Sub command | Description
------------|----------------------------------------------------------------------------------
operation | generates one or more operations specified in the swagger definition
model | generates model files for one or more models specified in the swagger definition
support | generates the api builder and the main method
server | generates an entire server application
client | generates a client for a swagger specification
spec | generates a swagger spec document based on go code
For now what exists of documentation on how all the pieces fit together, is described in this doc
For a V1 I want to have this feature set completed:
/path/{}
is not valid) (Error)name
and in
combination (Error)operationId
(Error)array
(Error)After the v1 implementation extra transports are on the roadmap.
Many of these fall under the maybe, perhaps, could be nice to have, might not happen bucket:
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.