Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/saturn4er/go-swagger
Development of this toolkit is sponsored by VMware:
This API is not stable yet, when it is stable it will be distributed over gopkg.in
There is a code coverage report available in the artifacts section of a build. Unfortunately using coveralls made the build unstable.
Contains an implementation of Swagger 2.0. It knows how to serialize and deserialize swagger specifications.
Swagger is a simple yet powerful representation of your RESTful API.
With the largest ecosystem of API tooling on the planet, thousands of developers are supporting Swagger in almost every modern programming language and deployment environment.
With a Swagger-enabled API, you get interactive documentation, client SDK generation and discoverability. We created Swagger to help fulfill the promise of APIs.
Swagger helps companies like Apigee, Getty Images, Intuit, LivingSocial, McKesson, Microsoft, Morningstar, and PayPal build the best possible services with RESTful APIs. Now in version 2.0, Swagger is more enabling than ever. And it's 100% open source software.
Install or update:
go get -u github.com/go-swagger/go-swagger/cmd/swagger
The implementation also provides a number of command line tools to help working with swagger.
Currently there is a spec validator tool:
swagger validate https://raw.githubusercontent.com/swagger-api/swagger-spec/master/examples/v2.0/json/petstore-expanded.json
To generate a server for a swagger spec document:
swagger generate server [-f ./swagger.json] -A [application-name [--principal [principal-name]]
To generate a client for a swagger spec document:
swagger generate client [-f ./swagger.json] -A [application-name [--principal [principal-name]]
To generate a swagger spec document for a go application:
swagger generate spec -o ./swagger.json
Much improved documentation is in the works and will actually explain how to use this tool in much more depth. To learn about which annotations are available and how to use them for generating a spec from any go application (generating a spec is not opinionated), you can take a look at the files used for testing the parser.
There are several other sub commands available for the generate command
Sub command | Description
------------|----------------------------------------------------------------------------------
operation | generates one or more operations specified in the swagger definition
model | generates model files for one or more models specified in the swagger definition
support | generates the api builder and the main method
server | generates an entire server application
client | generates a client for a swagger specification
spec | generates a swagger spec document based on go code
For now what exists of documentation on how all the pieces fit together, is described in this doc
For a V1 I want to have this feature set completed:
/path/{}
is not valid) (Error)name
and in
combination (Error)operationId
(Error)array
(Error)After the v1 implementation extra transports are on the roadmap.
Many of these fall under the maybe, perhaps, could be nice to have, might not happen bucket:
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.