
Security News
PolinRider: North Korea-Linked Supply Chain Campaign Expands Across Open Source Ecosystems
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.
@fluojs/openapi
Advanced tools
Decorator-based OpenAPI 3.1 document generation with optional Swagger UI for Fluo applications.
English 한국어
Decorator-based OpenAPI 3.1.0 document generation for fluo. Automatically generate and serve your API documentation with zero manual synchronization and optional Swagger UI support.
pnpm add @fluojs/openapi
Register the OpenApiModule and pass sources (or prebuilt descriptors) so the document builder knows which HTTP handlers to include.
import { Controller, Get } from '@fluojs/http';
import { Module } from '@fluojs/core';
import { bootstrapNodeApplication } from '@fluojs/runtime/node';
import { OpenApiModule, ApiOperation, ApiResponse, ApiTag } from '@fluojs/openapi';
@ApiTag('Users')
@Controller('/users')
class UsersController {
@ApiOperation({ summary: 'List all users' })
@ApiResponse(200, { description: 'Success' })
@Get('/')
list() {
return [];
}
}
@Module({
imports: [
OpenApiModule.forRoot({
sources: [{ controllerToken: UsersController }],
title: 'My API',
version: '1.0.0',
ui: true, // Enable Swagger UI at /docs
})
],
controllers: [UsersController]
})
class AppModule {}
const app = await bootstrapNodeApplication(AppModule);
await app.listen(3000);
// OpenAPI JSON: http://localhost:3000/openapi.json
// Swagger UI: http://localhost:3000/docs
If you need to bypass controller discovery, pass descriptors: createHandlerMapping([...]).descriptors instead. OpenApiModule does not infer handlers from @Module({ controllers: [...] }) on its own.
fluo inspects your controllers and methods to build a complete OpenAPI 3.1.0 document. This includes paths, methods, parameters, and request bodies.
Works seamlessly with @fluojs/validation. Your DTO classes are automatically converted to OpenAPI components and referenced in the appropriate operations.
Handles URI-based versioning from @fluojs/http automatically. Your OpenAPI paths will correctly reflect the resolved versioned routes.
Easily document authentication requirements like Bearer tokens or API keys using @ApiBearerAuth() and @ApiSecurity().
When ui: true is enabled, the generated /docs page references an exact swagger-ui-dist asset version so release behavior stays deterministic across package updates.
OpenApiModule: Main entry point for OpenAPI integration.ApiTag, ApiOperation, ApiResponse: Documentation decorators.ApiBearerAuth, ApiSecurity: Security requirement decorators.ApiExcludeEndpoint: Omit specific handlers from documentation.buildOpenApiDocument: Programmatic document builder (low-level).@fluojs/core: Shared metadata utilities.@fluojs/http: Controller and routing integration.@fluojs/validation: Schema and model generation from DTOs.packages/openapi/src/openapi-module.test.ts: Integration tests and usage examples.examples/openapi-swagger: Complete OpenAPI application example.FAQs
Decorator-based OpenAPI 3.1 document generation with optional Swagger UI for Fluo applications.
The npm package @fluojs/openapi receives a total of 34 weekly downloads. As such, @fluojs/openapi popularity was classified as not popular.
We found that @fluojs/openapi demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.

Security News
Open source attacks are accelerating as AI coding agents pull in dependencies faster, with less human review.

Research
/Security News
Malicious Chrome and Firefox extensions posed as free VPNs while stealing clipboard data through later extension updates.