Security News
NVD Backlog Tops 20,000 CVEs Awaiting Analysis as NIST Prepares System Updates
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
@microsoft/api-extractor
Advanced tools
Validate, document, and review the exported API for a TypeScript library
@microsoft/api-extractor is a tool for managing and analyzing the public API surface of a TypeScript library. It helps in generating API reports, creating API documentation, and ensuring API compatibility.
Generate API Report
This feature allows you to generate an API report for your TypeScript library. The report includes details about the public API surface, which can be used for documentation and compatibility checks.
const { Extractor, ExtractorConfig } = require('@microsoft/api-extractor');
const path = require('path');
const configPath = path.join(__dirname, 'api-extractor.json');
const extractorConfig = ExtractorConfig.loadFileAndPrepare(configPath);
const extractorResult = Extractor.invoke(extractorConfig, {
localBuild: true,
showVerboseMessages: true
});
if (extractorResult.succeeded) {
console.log('API Extractor completed successfully');
} else {
console.error(`API Extractor completed with ${extractorResult.errorCount} errors`);
}
Generate API Documentation
This feature allows you to generate API documentation from the TypeScript library. The documentation is based on the public API surface and can be used for reference and development purposes.
const { Extractor, ExtractorConfig } = require('@microsoft/api-extractor');
const path = require('path');
const configPath = path.join(__dirname, 'api-extractor.json');
const extractorConfig = ExtractorConfig.loadFileAndPrepare(configPath);
const extractorResult = Extractor.invoke(extractorConfig, {
localBuild: true,
showVerboseMessages: true
});
if (extractorResult.succeeded) {
console.log('API documentation generated successfully');
} else {
console.error(`API documentation generation failed with ${extractorResult.errorCount} errors`);
}
Ensure API Compatibility
This feature allows you to ensure API compatibility by comparing the current API surface with a previously generated API report. It helps in maintaining backward compatibility and avoiding breaking changes.
const { Extractor, ExtractorConfig } = require('@microsoft/api-extractor');
const path = require('path');
const configPath = path.join(__dirname, 'api-extractor.json');
const extractorConfig = ExtractorConfig.loadFileAndPrepare(configPath);
const extractorResult = Extractor.invoke(extractorConfig, {
localBuild: true,
showVerboseMessages: true
});
if (extractorResult.succeeded) {
console.log('API compatibility check passed');
} else {
console.error(`API compatibility check failed with ${extractorResult.errorCount} errors`);
}
TypeDoc is a documentation generator for TypeScript projects. It generates API documentation directly from the source code, similar to how @microsoft/api-extractor generates API reports and documentation. However, TypeDoc focuses more on generating comprehensive documentation rather than managing API surfaces.
API Documenter is another tool from Microsoft that works in conjunction with API Extractor. It generates Markdown documentation from the API reports produced by API Extractor. While API Extractor focuses on analyzing and managing the API surface, API Documenter focuses on creating readable documentation.
TSDoc is a standard for documenting TypeScript code. It provides a consistent way to write comments and generate documentation. While TSDoc itself is not a tool, it is often used in conjunction with tools like TypeDoc and API Extractor to ensure consistent and comprehensive documentation.
API Extractor helps you build better TypeScript library packages. Suppose for example that your company has published an NPM package called "awesome-widgets" that exports many classes and interfaces. As developers start to depend on your library, you may encounter issues such as...
Determining versions: The SemVer standard uses version numbers to communicate the impact of upgrading to your consumers. But when it's time to publish a new release, how to determine whether it should be a "major", "minor", or "patch" version? For an active project with many source files, it's often not obvious how the API contract has changed.
Accidental breaks: People keep reporting that their code won't compile after a supposedly "minor" update. To address this, you boldly propose that every awesome-widgets pull request must be approved by an experienced developer from your team. But that proves unrealistic -- nobody has time to look at every single PR! What you really need is a way to detect PRs that change API contracts, and flag them for review. That would focus attention in the right place... but how to do that?
Missing exports: Suppose the awesome-widgets package exports an API function AwesomeButton.draw()
that requires a parameter of type DrawStyle
, but you forgot to export this enum. Things seem fine at first, but when a developer tries to call that function, they discover that there's no way to specify the DrawStyle
. How to avoid these oversights?
Accidental exports: You meant for yourDrawHelper
class to be kept internal, but one day you realize it's being exported by your package. When you try to remove it, you learn that some consumers are now relying on it. How do we avoid this in the future?
Alpha/Beta graduation: You want to release previews of new APIs that are not ready for prime time yet. If you did a major SemVer bump every time you change these definitions, the villagers would be after you with torches and pitchforks. A better approach is to designate certain classes/members as "alpha" quality, then promote them to "beta" and finally to "public" when they're mature. But how to indicate this to your consumers? (And how to detect scoping mistakes? A "public" function should never return a "beta" result.)
Online documentation: You have faithfully annotated each TypeScript member with nice JSDoc descriptions. Now that your library is published, you should probably set up a nicely formatted API reference. Which tool should we use to generate that? (What!? There aren't any good ones!?)
API Extractor provides an integrated, professional-quality solution for all these problems. It is invoked at build time by your toolchain and leverages the TypeScript compiler engine to:
The GitHub wiki has complete, up-to-date documentation: https://aka.ms/extractor
FAQs
Analyze the exported API for a TypeScript library and generate reviews, documentation, and .d.ts rollups
The npm package @microsoft/api-extractor receives a total of 1,205,980 weekly downloads. As such, @microsoft/api-extractor popularity was classified as popular.
We found that @microsoft/api-extractor demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.