Product
Reachability for Ruby Now in Beta
Reachability analysis for Ruby is now in beta, helping teams identify which vulnerabilities are truly exploitable in their applications.
By Oskar Haarklou Veileborg -  Nov 17, 2025
🚀 DAY 1 OF LAUNCH WEEK: Reachability for Ruby Now in Beta.Learn more →
@har-sdk/oas
Advanced tools
@har-sdk/oas
[](https://codeclimate.com/github/NeuraLegion/har-sdk/maintainability) [
Transform your Swagger/OAS spec files into a series of HAR request objects.
- Automatically generates fake data for all parameters
- Compatible with Swagger and OAS specifications
- Simple and easy-to-use API
With this library, you can easily generate requests with fake data to test your API using AutoCannon or DevTools.
Setup
To install the library, run the following command:
$ npm i --save @har-sdk/oas
Usage
To covert your specification, use the oas2har function as follows:
import schema from './swagger.json' assert { type: 'json' };
import { oas2har } from '@har-sdk/oas';
const requests = await oas2har(schema);
console.log(requests);
YAML files can also be loaded using js-yaml, as shown below:
import { oas2har } from '@har-sdk/oas';
import { readFile } from 'node:fs/promises';
import yaml from 'js-yaml';
const content = yaml.load(await readFile('./swagger.yaml', 'utf-8'));
const requests = await oas2har(content);
console.log(requests);
If you have your specification hosted remotely, you can use a library like axios to fetch it and then convert it to a HAR. Here's an example:
import axios from 'axios';
import { oas2har } from '@har-sdk/oas';
const url = 'https://example.com/swagger.json';
const response = await axios.get(url);
const requests = await oas2har(response.data);
console.log(requests);
Some specifications may incorporate example values for parameters provided in vendor extension fields, to include such examples in output use the oas2har function as follows:
import schema from './swagger.json' assert { type: 'json' };
import { oas2har } from '@har-sdk/oas';
const requests = await oas2har(schema, { includeVendorExamples: true });
console.log(requests);
Notice the includeVendorExamples option affects Swagger specifications only.
Some specifications may have configuration for Accept header value in request parameters section. The automatically inferred Accept header values may be skipped, to skip these inferred values in output use the oas2har function as follows:
import schema from './swagger.json' assert { type: 'json' };
import { oas2har } from '@har-sdk/oas';
const requests = await oas2har(schema, { skipAcceptHeaderInference: true });
console.log(requests);
License
Copyright © 2023 Bright Security.
This project is licensed under the MIT License - see the LICENSE file for details.
FAQs
[](https://codeclimate.com/github/NeuraLegion/har-sdk/maintainability) [
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
npm Malware Campaign Uses Adspect Cloaking to Deliver Malicious Redirects
Malicious npm packages use Adspect cloaking and fake CAPTCHAs to fingerprint visitors and redirect victims to crypto-themed scam sites.
By Olivia Brown -  Nov 17, 2025
Security News
Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.
By Philipp Burckhardt -  Nov 14, 2025