Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@cappasityinc/json-schema-ref-parser
Advanced tools
Parse, Resolve, and Dereference JSON Schema $ref pointers
You've got a JSON Schema with $ref
pointers to other files and/or URLs. Maybe you know all the referenced files ahead of time. Maybe you don't. Maybe some are local files, and others are remote URLs. Maybe they are a mix of JSON and YAML format. Maybe some of the files contain cross-references to each other.
{
"definitions": {
"person": {
// references an external file
"$ref": "schemas/people/Bruce-Wayne.json"
},
"place": {
// references a sub-schema in an external file
"$ref": "schemas/places.yaml#/definitions/Gotham-City"
},
"thing": {
// references a URL
"$ref": "http://wayne-enterprises.com/things/batmobile"
},
"color": {
// references a value in an external file via an internal reference
"$ref": "#/definitions/thing/properties/colors/black-as-the-night"
}
}
}
JSON Schema $Ref Parser is a full JSON Reference and JSON Pointer implementation that crawls even the most complex JSON Schemas and gives you simple, straightforward JavaScript objects.
$ref
pointers to external files and URLs, as well as custom sources such as databases$ref
pointers$ref
pointers to the same value always resolve to the same object instance$RefParser.dereference(mySchema, (err, schema) => {
if (err) {
console.error(err);
}
else {
// `schema` is just a normal JavaScript object that contains your entire JSON Schema,
// including referenced files, combined into a single object
console.log(schema.definitions.person.properties.firstName);
}
}
Or use async
/await
syntax instead. The following example is the same as above:
try {
let schema = await $RefParser.dereference(mySchema);
console.log(schema.definitions.person.properties.firstName);
}
catch(err) {
console.error(err);
}
For more detailed examples, please see the API Documentation
Install using npm:
npm install json-schema-ref-parser
When using Json-Schema-Ref-Parser in Node.js apps, you'll probably want to use CommonJS syntax:
const $RefParser = require("json-schema-ref-parser");
When using a transpiler such as Babel or TypeScript, or a bundler such as Webpack or Rollup, you can use ECMAScript modules syntax instead:
import $RefParser from "json-schema-ref-parser";
Json-Schema-Ref-Parser supports recent versions of every major web browser. Older browsers may require Babel and/or polyfills.
To use Json-Schema-Ref-Parser in a browser, you'll need to use a bundling tool such as Webpack, Rollup, Parcel, or Browserify. Some bundlers may require a bit of configuration, such as setting browser: true
in rollup-plugin-resolve.
Full API documentation is available right here
I welcome any contributions, enhancements, and bug-fixes. File an issue on GitHub and submit a pull request.
To build/test the project locally on your computer:
Clone this repo
git clone https://github.com/APIDevTools/json-schema-ref-parser.git
Install dependencies
npm install
Run the build script
npm run build
Run the tests
npm test
JSON Schema $Ref Parser is 100% free and open-source, under the MIT license. Use it however you want.
Thanks to these awesome companies for their support of Open Source developers ❤
FAQs
Parse, Resolve, and Dereference JSON Schema $ref pointers
We found that @cappasityinc/json-schema-ref-parser demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.