Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@asyncapi/specs
Advanced tools
This is a mono repository, which provides all the JSON Schema documents for validating AsyncAPI documents.
This repository contains JSON Schema files for all the versions of AsyncAPI specification. There are two types of JSON Schema files, with and without $id feature. We need two versions of schemas because of the differences it tooling implementation of JSON Schema $ref
and $id
keywords. Some implementations treat $id
by default as prefix reference for $ref
and require it, therefore it is needed to properly correlate $ref
and $id
values. Unfortunately other tools do not understand $id
values and fail dereferencing. This is why we need two different versions of schemas, with and without the $id
.
This repository contains JSON Schema files for official AsyncAPI releases and also for release candidates. Before you decide to use a specific JSON Schema file in production, make sure a corresponding official release of AsyncAPI specification is produced, not a release candidate.
JSON Schema which describes a version of AsyncAPI specification that is not yet officially released is considered an unstable pre-release that can change anytime and is not considered to be a breaking-change.
If you want to make sure you only use stable schemas, you have to make sure that you use only certain schema versions, not all by default.
These JSON Schema files do not reflect 1:1 the specification and shouldn't be treated as specification itself but rather as a tool (e.g., for validation).
These JSON Schema files shouldn't be used as the only tool for validating AsyncAPI documents because some rules described in the AsyncAPI specification can't be described with JSON Schema.
In addition, this repo provides JavaScript and Go modules that make it easier to access JSON Schema files through code. These packages provide access only to schemas with version larger or equal 2.0.0.
If you decide to validate AsyncAPI documents only with the JSON Schema files provided in this repo, your AsyncAPI documents will not be properly validated. It's recommended to use AsyncAPI JavaScript Parser that uses the AsyncAPI JSON Schema files for validation but also implements additional custom validations.
The following additional custom validations need to be provided for documents prior to 3.0.0
:
url
property have a corresponding variable object defined and its example is correct.operationId
s are not duplicated in the document.messageId
s are not duplicated in the document.securitySchemes
definition in components
with the same name.securitySchemes
is an empty array when the security type requires it.servers
property are declared in the top-level servers
object.At the moment, the AsyncAPI JavaScript parser does not cover all validation cases yet. All test cases and parsers coverage can be found here
npm install @asyncapi/specs
// OR by Yarn
yarn add @asyncapi/specs
go get github.com/asyncapi/spec-json-schemas/v2
Grab a specific AsyncAPI version:
const asyncapi = require('@asyncapi/specs');
console.log(asyncapi.schemas['2.0.0'])
console.log(asyncapi.schemasWithoutId['2.0.0'])
// Do something with the schema.
Get a list of supported versions:
const versions = require('@asyncapi/specs').schemas;
console.log(versions);
// Outputs object:
//
// {
// '2.0.0': [Object],
// '2.1.0': [Object],
// ...
// }
console.log(Object.keys(versions));
// Outputs array:
//
// [
// '2.0.0',
// '2.1.0',
// ...
// ]
Note The main export of the package provides only supported versions of AsyncAPI (newer or equal to
2.0.0
). To use older ones (e.g.1.2.0
) please import an absolute path like@asyncapi/specs/schemas/1.2.0
;
Grab a specific AsyncAPI version:
import "github.com/asyncapi/spec_json_schemas/v4"
func Do() {
schema, err := spec_json_schemas.Get("1.1.0")
if err != nil {
panic(err)
}
// Do something with the schema
}
If you are currently using version 2, check out migration guideline to version 3. If you are currently using version 3, check out migration guideline to version 4. If you are currently using version 4, check out migration guideline to version 5. If you are currently using version 5, check out migration guideline to version 6.
This is the current project structure explained:
Changes should not be done manually to the schemas in ./schemas, but instead, be done in their individual definitions located in ./definitions.
These definitions are automatically bundled together on new releases through the npm script prepublishOnly
, which ensures the project is built. This is where the bundler is called.
For example, for 2.2.0, the bundler starts with the asyncapi.json file and recursively goes through all references ($ref
) to create the appropriate bundled version.
npm run startNewVersion --new-version=x.x.x
Where x.x.x
is the new version you want to create.
The manual process of creating a new version is to:
y.y.y
) under definitions (so we have the correct base to make changes from).x.x.x
).y.y.y
) under examples (so we have the correct base to make changes from).x.x.x
).y.y.y
and replace it with x.x.x
.Edit the index.js file adding a new line with the new version. I.e.:
'2.6.0': require('./schemas/2.6.0.json'),
'2.6.0-without-$id': require('./schemas/2.6.0-without-$id.json'),
Edit the index.d.ts file adding a new line with the types for the new version. I.e.:
'2.6.0': JSONSchema7;
'2.6.0-without-$id': JSONSchema7;
Edit the schemas/all.schema-store.json file adding a new entry under the oneOf
keyword with the new version. Remember about adding -without-$id
suffix which points to alternative generated schema without $ids. I.e.:
{
"allOf":[
{
"properties":{
"asyncapi":{
"const":"2.6.0"
}
}
},
{
"$ref":"http://asyncapi.com/schema-store/2.6.0-without-$id.json"
}
]
}
Whenever a Breaking Change is introduced, the following steps should be taken in Go package:
go.mod
file, and increase the version package suffix in the module name. For example, if the current version is v2.0.0
, and you are releasing v3.0.0
, the module name should be github.com/asyncapi/spec-json-schemas/v3
.AsyncAPI JSON Schema is referenced in SchemaStore. In many IDEs, like VSCode, some extensions integrate with SchemaStore, like YAML. This way we enable autocompletion, validation and tooltips that help write AsyncAPI documents.
Whenever you make changes in AsyncAPI JSON Schema, you should always manually verify that the schema is still supported by YAML and that it will be able to fetch and dereference it.
npm run bundle
# yaml-language-server: $schema=YOUR-PROJECTS-DIRECTORY/spec-json-schemas/schemas/2.6.0-without-$id.json
FAQs
AsyncAPI schema versions
The npm package @asyncapi/specs receives a total of 583,973 weekly downloads. As such, @asyncapi/specs popularity was classified as popular.
We found that @asyncapi/specs demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.