Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@azure/avocado
Advanced tools
Another Validator of OpenAPI spec repository Configuration And Directories.
NPM: https://www.npmjs.com/package/@azure/avocado
Avocado validates folder structure and configuration.
Avocado can be integrated into Azure pipeline to validate OpenAPI spec repository. For example, Avocado is used by Azure/azure-rest-api-specs
now that will trigger automatically by azure DevOps pipeline when a new pull request is created.
Avocado major functions are listed below:
specification
and filter readme.md
under the specification
folder.readme.md
is autorest specific file which must contain see https://aka.ms/autorest
swagger file
is valid json file, and check all referenced json
file (referenced json
file marked in json object has the key name "$ref"
).swagger file
must be referenced by readme.md
or other swagger file
.swagger file
has a circular reference and report a warning. For more detail, see CIRCULAR REFERENCEnpm install -g @azure/avocado
avocado -h
show help messageavocado
validate current directoryavocado -d <my-folder-path>
validate <my-folder-path>
directoryavocado -d <my-folder-path> --excludePaths 'common-types'
validate folder and exclude errors from 'common-types'azure/azure-rest-api-specs
and run "avocado" in folder azure/azure-rest-api-specs
.specification
. and move your service specs folder in specification
. run "avocado"Level: ERROR
To solve json parse error, you need make sure the json format is valid.
Level: ERROR
Readme file references a non-existing json file. To solve the error you need to check whether the json file is existing.
Level: ERROR
Json file must be referenced by the readme input file section or other json files. Eg, example swagger file should be referenced by main swagger json and for SDK generation main swagger should be referenced by the readme input file section. To solve the error you need to place the non-referenced file to proper place.
Level: ERROR
Each resource provider folder must have a readme file which is required by downstream SDK generation. To solve the error, you need create a readme file contains SDK generation config.
Level: ERROR
Each readme in resource provider folder should follow autorest markdown format. To solve the error, you need check the readme block quote whether contains see https://aka.ms/autorest
literally.
Level: ERROR
Swagger json file api version must consistent with its file path. Swagger can define swagger 2.0 basic-structure which contains api version. To solve the error, you need modify either your swagger file location or swagger file api version to make both of them consistent.
Level: WARNING
To solve circular reference, you should break the circular chain.
Example: a.json
-> b.json
->c.json
// a.json
{ "$ref": "b.json" }
// b.json
{ "$ref": "c.json" }
// c.json
{ "$ref": "a.json" }
graph TD
A((a.json))-->B((b.json))
B-->C((c.json))
C-->A
Level: WARNING
The default tag should contain only one API version swagger.
To solve this warning , you should copy the swaggers of old version into the current version folder.
Level: WARNING
The management plane swagger JSON file does not match its folder path. Make sure management plane swagger located in resource-manager folder
To solve this warning, you should make sure manager plane swagger located in resource-manager folder.
Level: ERROR
The default API version tag (as seen in the Basic information
section in the AutoRest configuration file (the README file)) should contain all API paths.
The API path `${0}` is not present in any OpenAPI .json
files enumerated in the list of paths included in the default tag, as seen in the relevant Tag:
section in the AutoRest configuration file (the README file).
To fix this error include an OpenAPI .json
file path in the list of the default API version tag paths (in the relevant Tag:
section) that includes the missing API path.
IMPORTANT: The error may point to a previous API version. This does not mean this is a false positive! It means that the previous API version has an API path that is missing from the default API version.
Common scenarios where Avocado fails your PR correctly:
resourceGroups
in it while the previous one has resourcegroups
. See examples below.Known scenarios where Avocado reports false positive: Avocado may incorrectly report failures in following two scenarios:
If you are dealing with one of these scenarios, follow the suppression guide. Mention the scenario you identified.
When this error can be suppressed: If the missing API path is deprecated then you can suppress this error. Follow this [suppresion guide].
For example detailed analyses of occurrences of such errors, see these GitHub comments:
Level: ERROR
The default API version tag (as seen in the Basic information
section in the AutoRest configuration file (the README file)) does not contain the latest API version of given OpenAPI .json
file.
To fix this error, please make sure the .json
file at the latest API version path is included in the list of paths for the default tag, in the relevant Tag:
section in the AutoRest configuration file (the README file).
Alternatively, change the default API version tag to a valid one by editing the Basic information
section.
For an example detailed analysis of an occurrence of such error, see this GitHub comment.
Level: ERROR
The readme file has more than one default tag.
The expectation is there is only one default tag, which leads to one SDK package. To release separate SDK packages upon different service resources of the same RP, may consider adopting Folder Structure for Service Group, which supports a readme configuration file under each sub folder.
Level: ERROR
TypeSpec file is not allowed in resource-manager or data-plane folder.
To fix this error. You should move TypeSpec file to TypeSpec folder.
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
0.9.1
getDefaultTag()
, accidentally removed in 0.8.12FAQs
A validator of OpenAPI configurations
The npm package @azure/avocado receives a total of 27,551 weekly downloads. As such, @azure/avocado popularity was classified as popular.
We found that @azure/avocado demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.