Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@funboxteam/blueprinter
Advanced tools
Replacement of Aglio library for rendering generated AST as HTML page.
Blueprinter is an API Blueprint renderer. It uses API AST in the form of API Elements and generates an HTML page with documentation.
API Blueprint standard is mostly maintained by Apiary, which owns the official parser Drafter. Other enthusiasts help to develop some tools to work with API Blueprint, including renderers.
For a long time, our company had been using Drafter and aglio renderer as a standard set to work with APIB documentation. But we gradually started to understand that functionalities of these tools weren't enough for us.
Blueprinter appeared as a replacement for aglio, since its source code is difficult to read and maintain and used technologies are obsolete. The author of the project has abandoned it and does not accept new change requests. We also replaced Drafter with our own parser Crafter.
Our implementations are written in JavaScript and they are easy to maintain and develop by front-end developers.
npm install --save @funboxteam/blueprinter
Add the next commands in package.json
:
{
"scripts": {
"dev": "blueprinter -i doc.apib -s -p 3000",
"doc": "blueprinter -i doc.apib -o index.html"
}
}
dev
script will run a live server with rendered docs at port 3000 and watch changes in source documentation.
doc
script will generate resulting HTML file with documentation and save it as index.html
.
-i, --input <file>
— sets the source APIB file to render.-o, --output <file>
— sets the name of the output HTML file.-s, --server
— activates live server mode.-h, --host <host>
— sets live server host. Default value is 127.0.0.1
.-p, --port <port>
— sets live server port. Default value is 3000
.--strict
— enables parsing "strict" mode in which any warning will cause build error.--css <file>
— allows to specify path to a custom CSS file. Styles from this files will be attached to page.
Any possible compatibility issues between relevant Blueprinter version and a custom CSS file remain on the conscience of the file developer.--locale <locale>
— sets a locale to be used as UI language. Default value is en
. Available locales are en
, ru
.--favicon <file>
— allows to specify path to a custom favicon. Applicable only in build mode, not in dev mode. Accepts only PNG files.To run Blueprinter as a Docker container execute the next command in the directory with documentation:
docker run \
--rm \
-v $(pwd):/app \
funbox/blueprinter -i doc.apib -o index.html
--rm
option will automatically clean up and remove created container after render completion, and -v
option will
mount current host directory with documentation to some directory in the container.
The default working directory of the image is set to /app
, therefore it is easier to mount
a host directory into the /app
as in the example above. In that case just the name you-doc-file.apib
will work fine.
Otherwise, you should specify path to the APIB file relative to the created in the container path.
To run Blueprinter in Docker as a dev server execute the next command in the directory with documentation:
docker run \
--rm \
-v $(pwd):/app \
-p 3000:3000 \
funbox/blueprinter -i doc.apib -s -p 3000
If you specify -p
parameter for Blueprint which differs from 3000
, don't forget to open access to this port
from your host system and modify Docker option -p port:port
.
Attention! When you stop a dev server process via Ctrl/Cmd + C
, the process just detaches from a terminal
but the container itself still stays running.
To stop container use the next commands:
docker ps # get ID of the running container
docker stop <container> # stop container with specific ID
To run a container in Windows, add a slash (/
) before pwd
:
docker run \
--rm \
-v /$(pwd):/app \
funbox/blueprinter -i doc.apib -o index.html
There is a chance that the mounted directory is empty. In this case, check that your hard drive is marked as shared.
This setting can be found in the settings of Docker Desktop for Windows, Shared Drives section.
If the disk is not shared, mark it as shared
, apply changes, and restart Docker Desktop.
HTML page with rendered documentation has a field to search certain resources. You can set focus on the search field with /
key.
The search is performed on the following entities:
Search result appear in the next order:
If a simple search query as empl
of /list
is not enough, you can apply search modifiers (filters).
The general form of a query is modType:modValue query
where query
is the desired search query. You can filter results
by resource type and by HTTP method.
type:action query
. Available values are type:group query
,
type:resource query
, type:action query
.method:METHOD query
where METHOD
is one of HTTP methods (GET, POST, DELETE, and so on).
Both lowercase and uppercase will do.So, to list only GET requests with href containing employ
, type in the search field:
method:get employ
To apply modifier, search query should start with modType
. It means that if you need to find in doc the phrase
method:get - filter example
, you can use whitespace as the first symbol of the query ( method:get - filter example
).
In this case no modifiers will be applied, leading whitespace won't be considered, and search will be performed
exactly on the phrase method:get - filter example
.
Ctrl/Cmd + F
APIB documentation can contain a lot of diverse entities, so the search field probably won't be helpful in some cases where you need to find an attribute value or a URI parameter. To find something manually we added a separate page with sequential list of all content of a documentation. To access this page, press icon button right to the search field.
The page contains all groups, resources, requests, and responses outputted consequently. All attributes in Attributes
sections are expanded. Therefore, you can search through documentation by browser means, e.g. using Ctrl + F
key combination.
PDF-version of a documentation is optimized for easy viewing. List of content at the beginning of a doc provides easy access to the selected section. All blocks with JSON schemas are hidden.
To save documentation as PDF in Chrome browsers, follow the next steps:
npm install
npm start
Default dev server address is http://localhost:8080.
To build project locally run
npm run build
This project supports multiple locales for UI texts (for now, English and Russian languages are provided).
To mark text as translated, use t
or Trans
from @lingui/macro.
To make translation appear in the actual interface, the next steps should be done:
npm run extract
to update JSON translations catalogs (see src/locales/{locale}/messages
);npm run compile
to compile translation catalogs to JavaScript files;We use JSON API widely in the company, so each day our developers face such issues as describing and approving API documentation, tracking changes, distributing documentation among partners, and so on. That is why we felt a strong need for convenient tools to work with documentation.
Historically, the battle was between API Blueprint and Swagger.
We chose API Blueprint for two reasons. Firstly, the source code of documentation that is described using API Blueprint is more readable to humans.
Secondly, at the time of research conducted, Swagger lacked several important features, as One Of
support.
Awesome logo for the project was made by Igor Garybaldi.
6.0.0 (06.06.2023)
Dropped support for Node.js 12.
Also removed one-letter definitions of some CLI flags.
Check the migration guide for details.
FAQs
Replacement of Aglio library for rendering generated AST as HTML page.
The npm package @funboxteam/blueprinter receives a total of 34 weekly downloads. As such, @funboxteam/blueprinter popularity was classified as not popular.
We found that @funboxteam/blueprinter demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.