
Security News
PolinRider: North Korea-Linked Supply Chain Campaign Expands Across Open Source Ecosystems
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.
@kubb/ast
Advanced tools
Spec-agnostic AST layer for Kubb. Defines the node tree, visitor pattern, factory functions, and type guards used across all code generation plugins.
Defines the node tree, visitor pattern, factory functions, and type guards used across every Kubb code generation plugin.
| Path | Contents |
|---|---|
@kubb/ast | Runtime: node definitions, guards, visitor, macro engine, constants |
ast.factory (via @kubb/ast) | Node constructors (createSchema, createFile, and friends), the ts.factory analogue |
@kubb/ast/macros | Built-in macro presets: macroDiscriminatorEnum, macroSimplifyUnion, macroEnumName |
@kubb/ast/types | Types only: all node interfaces, type aliases, visitor types |
@kubb/ast/utils | Spec-agnostic string and identifier helpers, ref helpers |
RootNode
├── schemas: SchemaNode[]
└── operations: OperationNode[]
├── parameters: ParameterNode[] → SchemaNode
├── requestBody?: SchemaNode
└── responses: ResponseNode[] → SchemaNode?
SchemaNode (discriminated union)
object → properties: PropertyNode[] → SchemaNode
array | tuple → items: SchemaNode[]
union | intersection → members: SchemaNode[]
enum | ref | string | number | integer | bigint
boolean | null | any | unknown | void
date | datetime | time | uuid | email | url | blob
Constructors are available as ast.factory from @kubb/ast, mirroring ts.factory.createX.
import { ast } from '@kubb/ast'
const { createInput, createSchema, createProperty } = ast.factory
const root = createInput({
schemas: [
createSchema({
name: 'Pet',
type: 'object',
properties: [
createProperty({
name: 'id',
schema: createSchema({ type: 'integer' }),
required: true,
}),
createProperty({
name: 'name',
schema: createSchema({ type: 'string' }),
required: true,
}),
],
}),
],
})
import { walk, transform, collect } from '@kubb/ast'
// Side effects
await walk(root, {
schema(node) {
console.log(node.type)
},
})
// Immutable transformation
const updated = transform(root, {
schema(node) {
return { ...node, description: 'generated' }
},
})
// Extraction
const types = collect<string>(root, {
schema(node) {
return node.type
},
})
import { narrowSchema, schemaDef } from '@kubb/ast'
import type { Node } from '@kubb/ast/types'
function process(node: Node) {
if (schemaDef.is(node)) {
const obj = narrowSchema(node, 'object')
obj?.properties?.forEach((p) => console.log(p.name))
}
}
import { extractRefName } from '@kubb/ast/utils'
extractRefName('#/components/schemas/Pet') // 'Pet'
Adding a node touches three files. The barrels and visitor tables derive the rest.
src/nodes/*.ts file. Call defineNode and export the resulting fooDef, the createFoo constructor, and the node's type.fooDef to the nodeDefs array in src/registry.ts.createFoo from src/factory.ts.Everything else follows from there. @kubb/ast/types picks up the node type through export type *, the @kubb/ast barrel picks up fooDef through export * from './registry.ts', and the visitor tables (VISITOR_KEYS, VISITOR_KEY_BY_KIND, nodeRebuilders) come from the def's children, visitorKey, and rebuild fields. registry.test.ts fails when a def has no matching factory.create*, so missing wiring is caught in CI.
Kubb is an open source project, and its development is funded entirely by sponsors. If you would like to become a sponsor, please consider:
FAQs
Spec-agnostic AST layer for Kubb. Defines nodes, visitor pattern, and factory functions used across codegen plugins.
The npm package @kubb/ast receives a total of 54,135 weekly downloads. As such, @kubb/ast popularity was classified as popular.
We found that @kubb/ast demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.

Security News
Open source attacks are accelerating as AI coding agents pull in dependencies faster, with less human review.

Research
/Security News
Malicious Chrome and Firefox extensions posed as free VPNs while stealing clipboard data through later extension updates.