Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@airtasker/spot
Advanced tools
**Spot** (_"Single Point Of Truth"_) is a concise, developer-friendly way to describe your API contract.
Spot ("Single Point Of Truth") is a concise, developer-friendly way to describe your API contract.
Leveraging the TypeScript syntax, it lets you describe your API and generate other API contract formats you need (OpenAPI, Swagger, JSON Schema).
You don't need to use TypeScript in your codebase to benefit from using Spot.
Example of an API definition file api.ts
which defines a single POST
endpoint to create a user:
import { api, endpoint, request, response, body } from "@airtasker/spot";
@api({
name: "My API"
})
class Api {}
@endpoint({
method: "POST",
path: "/users"
})
class CreateUser {
@request
request(@body body: CreateUserRequest) {}
@response({ status: 201 })
response(@body body: CreateUserResponse) {}
}
interface CreateUserRequest {
firstName: string;
lastName: string;
}
interface CreateUserResponse {
firstName: string;
lastName: string;
role: string;
}
Get started with writing Spot contracts - Spot Guide
For all available syntax, see Spot Syntax
With yarn installed and initialized add @airtasker/spot
to your project:
yarn add @airtasker/spot
You can pass the definition above to a generator by simply running:
npx @airtasker/spot generate --contract api.ts
At first glance, you may wonder why we bothered building Spot. Why not use OpenAPI (formely known as Swagger) to describe your API?
At the core, we built Spot because we wanted a better developer experience.
OpenAPI documents are stored as YAML files, following a very specific schema. You won’t know that you used the wrong field name or forgot to wrap a type definition into a schema object unless you run a good OpenAPI linter. Most developers who aren’t intimately familiar with the OpenAPI specification end up using a visual editor such as Swagger Editor or Stoplight.
Since Spot leverages the TypeScript syntax, all you need is to write valid TypeScript code. Your editor will immediately tell you when your code is invalid. It will tell you what’s missing, and you even get autocomplete for free. We could have picked any other typed language—TypeScript just happened to be one of the most concise and ubiquitous for us.
We believe that API contracts should be checked into Git, or whichever code versioning system you use. In addition, API contracts should be systematically peer reviewed. It’s far too easy for a backend engineer to incorrectly assume what client engineers expect from an endpoint.
Because of their complex nested structure and the richness of the OpenAPI specification, OpenAPI documents can be difficult to review in a pull request. They’re great for machines, but not always for humans.
Spot aims to be as human-readable as possible. We’ve seen developers become a lot more engaged in discussions on pull requests for Spot contracts, compared to our previous OpenAPI documents.
Depending on what you're trying to achieve (testing, documentation, client code generation…), you'll find tools that only work with OpenAPI 2 (Swagger), and newer tools that only support OpenAPI 3. You may also find tools for a different API ecosystem such as JSON Schema or API Blueprint.
We built Spot with this in mind. Instead of having to juggle various API format converters, Spot can generate every major API document format. This is why we called it "Single Point Of Truth".
To get started and set up an API declaration in the current directory, run:
npx @airtasker/spot init
You can then run a generator with:
npx @airtasker/spot generate --contract api.ts
import { Spot } from "@airtasker/spot";
const contract = Spot.parseContract("./api.ts")
const openApi = Spot.OpenApi3.generateOpenAPI3(contract);
console.log(openApi);
/*
{
openapi: '3.0.2',
info: { title: 'my-api', description: undefined, version: '0.0.0' },
paths: { '/users': { post: [Object] } },
components: {
schemas: { CreateUserRequest: [Object], CreateUserResponse: [Object] },
securitySchemes: undefined
},
security: undefined
}
*/
spot checksum SPOT_CONTRACT
spot docs SPOT_CONTRACT
spot generate
spot help [COMMAND]
spot init
spot lint SPOT_CONTRACT
spot mock SPOT_CONTRACT
spot validate SPOT_CONTRACT
spot validation-server SPOT_CONTRACT
spot checksum SPOT_CONTRACT
Generate a checksum for a Spot contract
USAGE
$ spot checksum SPOT_CONTRACT
ARGUMENTS
SPOT_CONTRACT path to Spot contract
OPTIONS
-h, --help show CLI help
EXAMPLE
$ spot checksum api.ts
See code: build/cli/src/commands/checksum.js
spot docs SPOT_CONTRACT
Preview Spot contract as OpenAPI3 documentation. The documentation server will start on http://localhost:8080.
USAGE
$ spot docs SPOT_CONTRACT
ARGUMENTS
SPOT_CONTRACT path to Spot contract
OPTIONS
-h, --help show CLI help
-p, --port=port [default: 8080] Documentation server port
EXAMPLE
$ spot docs api.ts
See code: build/cli/src/commands/docs.js
spot generate
Runs a generator on an API. Used to produce client libraries, server boilerplates and well-known API contract formats such as OpenAPI.
USAGE
$ spot generate
OPTIONS
-c, --contract=contract (required) Path to a TypeScript Contract definition
-g, --generator=generator Generator to run
-h, --help show CLI help
-l, --language=language Language to generate
-o, --out=out Directory in which to output generated files
EXAMPLE
$ spot generate --contract api.ts --language yaml --generator openapi3 --out output/
See code: build/cli/src/commands/generate.js
spot help [COMMAND]
display help for spot
USAGE
$ spot help [COMMAND]
ARGUMENTS
COMMAND command to show help for
OPTIONS
--all see all commands in CLI
See code: @oclif/plugin-help
spot init
Generates the boilerplate for an API.
USAGE
$ spot init
OPTIONS
-h, --help show CLI help
EXAMPLE
$ spot init
Generated the following files:
- api.ts
- tsconfig.json
- package.json
See code: build/cli/src/commands/init.js
spot lint SPOT_CONTRACT
Lint a Spot contract
USAGE
$ spot lint SPOT_CONTRACT
ARGUMENTS
SPOT_CONTRACT path to Spot contract
OPTIONS
-h, --help show CLI help
--has-discriminator=(error|warn|off) Setting for has-discriminator
--has-request-payload=(error|warn|off) Setting for has-request-payload
--has-response=(error|warn|off) Setting for has-response
--has-response-payload=(error|warn|off) Setting for has-response-payload
--no-inline-objects-within-unions=(error|warn|off) Setting for no-inline-objects-within-unions
--no-nullable-arrays=(error|warn|off) Setting for no-nullable-arrays
--no-nullable-fields-within-request-bodies=(error|warn|off) Setting for no-nullable-fields-within-request-bodies
--no-omittable-fields-within-response-bodies=(error|warn|off) Setting for no-omittable-fields-within-response-bodies
--no-trailing-forward-slash=(error|warn|off) Setting for no-trailing-forward-slash
EXAMPLES
$ spot lint api.ts
$ spot lint --has-descriminator=error
$ spot lint --no-nullable-arrays=off
See code: build/cli/src/commands/lint.js
spot mock SPOT_CONTRACT
Run a mock server based on a Spot contract
USAGE
$ spot mock SPOT_CONTRACT
ARGUMENTS
SPOT_CONTRACT path to Spot contract
OPTIONS
-h, --help show CLI help
-p, --port=port (required) [default: 3010] Port on which to run the mock server
--pathPrefix=pathPrefix Prefix to prepend to each endpoint path
--proxyBaseUrl=proxyBaseUrl If set, the server will act as a proxy and fetch data from the given
remote server instead of mocking it
--proxyFallbackBaseUrl=proxyFallbackBaseUrl Like proxyBaseUrl, except used when the requested API does not match
defined SPOT contract. If unset, 404 will always be returned.
--proxyMockBaseUrl=proxyMockBaseUrl Like proxyBaseUrl, except used to proxy draft endpoints instead of
returning mocked responses.
EXAMPLE
$ spot mock api.ts
See code: build/cli/src/commands/mock.js
spot validate SPOT_CONTRACT
Validate a Spot contract
USAGE
$ spot validate SPOT_CONTRACT
ARGUMENTS
SPOT_CONTRACT path to Spot contract
OPTIONS
-h, --help show CLI help
EXAMPLE
$ spot validate api.ts
See code: build/cli/src/commands/validate.js
spot validation-server SPOT_CONTRACT
Start the spot contract validation server
USAGE
$ spot validation-server SPOT_CONTRACT
ARGUMENTS
SPOT_CONTRACT path to Spot contract
OPTIONS
-h, --help show CLI help
-p, --port=port [default: 5907] The port where application will be available
EXAMPLE
$ spot validation-server api.ts
FAQs
**Spot** (_"Single Point Of Truth"_) is a concise, developer-friendly way to describe your API contract.
The npm package @airtasker/spot receives a total of 1,882 weekly downloads. As such, @airtasker/spot popularity was classified as popular.
We found that @airtasker/spot demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.