Security News
RubyGems Adds Cooldown Feature to Bundler for Newly Published Gems
RubyGems and Bundler 4.0.13 introduced an opt-in cooldown feature that delays newly published gems during dependency resolution.
By Sarah Gooding - Jun 05, 2026
Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement →
@codespar/api-types
Advanced tools
@codespar/api-types
Shared REST wire contract for the CodeSpar managed-tier API (api.codespar.dev) — Zod schemas + inferred TypeScript types
@codespar/api-types
Shared REST wire contract for the CodeSpar managed-tier API at api.codespar.dev.
Every request body and response shape is defined once, as a Zod schema, and the matching TypeScript type is inferred from it. Both the backend (codespar-enterprise) and the dashboard (codespar-web) import from here — no more hand-rolled mirror types.
Why
Two bugs shipped in a 48-hour window because web and backend independently redeclared the same response types:
- Newly-created API keys rendered as "Revoked" (
revoked_atomitted on the create response, web type assumed present,undefined !== nullwas truthy). - API-key list came back empty (backend returns
{ keys: [...] }, web parseddata.api_keys).
Schemas here are the single source of truth. Parse responses at the fetch boundary and these failures become impossible — missing/renamed fields throw at runtime instead of rendering broken UI.
Usage
import {
ApiKeyRowSchema,
ListApiKeysResponseSchema,
type ListApiKeysResponse,
} from "@codespar/api-types";
const res = await fetch("/v1/api-keys", { headers: { authorization: `Bearer ${token}` } });
const body: ListApiKeysResponse = ListApiKeysResponseSchema.parse(await res.json());
// ^^^^ throws ZodError if the backend drifts
Every module exports both the schema (FooSchema) and the inferred type (Foo). Import whichever side you need.
Coverage
api-keys— create / list / rowprojects— create / update / list / rowconnections— create / list / row / webhook-secret rotationservers— list / row / auth-schemasessions— create / list / row / detail / tool-calls / execute
Versioning
- This package mirrors the
/v1/*REST surface ofapi.codespar.dev. - Additive changes (new field, new endpoint schema) → minor bump.
- Breaking changes (field removed, type narrowed) → major bump, shipped alongside a matching backend release.
Keep TS + Python + backend aligned — drift is the loudest way to break trust.
Need more?
Need governance, budget limits, and audit trails for agent payments? CodeSpar Enterprise adds policy engine, payment routing, and compliance templates on top of these MCP servers.
License
MIT — codespar.dev
FAQs
Shared REST wire contract for the CodeSpar managed-tier API (api.codespar.dev) — Zod schemas + inferred TypeScript types
The npm package @codespar/api-types receives a total of 69 weekly downloads. As such, @codespar/api-types popularity was classified as not popular.
We found that @codespar/api-types demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 01 May 2026
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
pnpm 11.5 Adds Support for Recognizing npm Staged Publishes
pnpm 11.5 now recognizes npm staged publish approvals in release metadata, preventing those releases from being mistaken for lower-trust package publishes.
By Sarah Gooding - Jun 04, 2026
Security News
Federal Audit Finds NIST Wasted Funds With No Plan to Clear NVD Backlog
Federal audit finds NIST lacked a plan to clear the NVD backlog, wasted funds on duplicate work, and delayed use of CISA data.
By Sarah Gooding - Jun 03, 2026