Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@asyncapi/specs
Advanced tools
This is a mono repository, which provides all the JSON Schema documents for validating AsyncAPI documents.
$ref
and $id
keywords. Some implementations treat $id
by default as prefix reference for $ref
and require it, therefore it is needed to properly correlate $ref
and $id
values. Unfortunately other tools do not understand $id
values and fail dereferencing. This is why we need two different versions of schemas, with and without the $id
.If you decide to validate AsyncAPI documents only with the JSON Schema files provided in this repo, your AsyncAPI documents will not be properly validated. It's recommended to use AsyncAPI JavaScript Parser that uses the AsyncAPI JSON Schema files for validation but also implements additional custom validations.
The following additional custom validations need to be provided:
operationId
s are not duplicated in the document.messageId
s are not duplicated in the document.securitySchemes
definition in components
with the same name.securitySchemes
is an empty array when the security type requires it.servers
property are declared in the top-level servers
object.At the moment, the AsyncAPI JavaScript parser does not cover all validation cases yet. All test cases and parsers coverage can be found here
npm install @asyncapi/specs
// OR by Yarn
yarn add @asyncapi/specs
go get github.com/asyncapi/spec-json-schemas/v2
Grab a specific AsyncAPI version:
const asyncapi = require('@asyncapi/specs');
console.log(asyncapi.schemas['2.0.0'])
console.log(asyncapi.schemasWithoutId['2.0.0'])
// Do something with the schema.
Get a list of supported versions:
const versions = require('@asyncapi/specs').schemas;
console.log(versions);
// Outputs object:
//
// {
// '2.0.0': [Object],
// '2.1.0': [Object],
// ...
// }
console.log(Object.keys(versions));
// Outputs array:
//
// [
// '2.0.0',
// '2.1.0',
// ...
// ]
Note The main export of the package provides only supported versions of AsyncAPI (newer or equal to
2.0.0
). To use older ones (e.g.1.2.0
) please import an absolute path like@asyncapi/specs/schemas/1.2.0
;
Grab a specific AsyncAPI version:
import "github.com/asyncapi/spec_json_schemas/v4"
func Do() {
schema, err := spec_json_schemas.Get("1.1.0")
if err != nil {
panic(err)
}
// Do something with the schema
}
If you are currently using version 2, check out migration guideline to version 3. If you are currently using version 3, check out migration guideline to version 4.
This is the current project structure explained:
Changes should not be done manually to the schemas in ./schemas, but instead, be done in their individual definitions located in ./definitions.
These definitions are automatically bundled together on new releases through the npm script prepublishOnly
, which ensures the project is built. This is where the bundler is called.
For example, for 2.2.0, the bundler starts with the asyncapi.json file and recursively goes through all references ($ref
) to create the appropriate bundled version.
npm run startNewVersion --new-version=x.x.x
Where x.x.x
is the new version you want to create.
The manual process of creating a new version is to:
y.y.y
) under definitions (so we have the correct base to make changes from).x.x.x
).y.y.y
) under examples (so we have the correct base to make changes from).x.x.x
).y.y.y
and replace it with x.x.x
.Edit the index.js file adding a new line with the new version. I.e.:
'2.6.0': require('./schemas/2.6.0.json'),
'2.6.0-without-$id': require('./schemas/2.6.0-without-$id.json'),
Edit the index.d.ts file adding a new line with the types for the new version. I.e.:
'2.6.0': JSONSchema7;
'2.6.0-without-$id': JSONSchema7;
Edit the schemas/all.schema-store.json file adding a new entry under the oneOf
keyword with the new version. Remember about adding -without-$id
suffix which points to alternative generated schema without $ids. I.e.:
{
"allOf":[
{
"properties":{
"asyncapi":{
"const":"2.6.0"
}
}
},
{
"$ref":"http://asyncapi.com/schema-store/2.6.0-without-$id.json"
}
]
}
Whenever a Breaking Change is introduced, the following steps should be taken in Go package:
go.mod
file, and increase the version package suffix in the module name. For example, if the current version is v2.0.0
, and you are releasing v3.0.0
, the module name should be github.com/asyncapi/spec-json-schemas/v3
.AsyncAPI JSON Schema is referenced in SchemaStore. In many IDEs, like VSCode, some extensions integrate with SchemaStore, like YAML. This way we enable autocompletion, validation and tooltips that helps writing AsyncAPI documents.
Whenever you make changes in AsyncAPI JSON Schema, you should always manually verify that the schema is still supported by YAML and that it will be able to fetch and dereference it.
npm run bundle
# yaml-language-server: $schema=YOUR-PROJECTS-DIRECTORY/spec-json-schemas/schemas/2.6.0-without-$id.json
FAQs
AsyncAPI schema versions
The npm package @asyncapi/specs receives a total of 583,973 weekly downloads. As such, @asyncapi/specs popularity was classified as popular.
We found that @asyncapi/specs demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.