Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@microsoft/api-extractor
Advanced tools
Validate, document, and review the exported API for a TypeScript library
@microsoft/api-extractor is a tool for managing and analyzing the public API surface of a TypeScript library. It helps in generating API reports, creating API documentation, and ensuring API compatibility.
Generate API Report
This feature allows you to generate an API report for your TypeScript library. The report includes details about the public API surface, which can be used for documentation and compatibility checks.
const { Extractor, ExtractorConfig } = require('@microsoft/api-extractor');
const path = require('path');
const configPath = path.join(__dirname, 'api-extractor.json');
const extractorConfig = ExtractorConfig.loadFileAndPrepare(configPath);
const extractorResult = Extractor.invoke(extractorConfig, {
localBuild: true,
showVerboseMessages: true
});
if (extractorResult.succeeded) {
console.log('API Extractor completed successfully');
} else {
console.error(`API Extractor completed with ${extractorResult.errorCount} errors`);
}
Generate API Documentation
This feature allows you to generate API documentation from the TypeScript library. The documentation is based on the public API surface and can be used for reference and development purposes.
const { Extractor, ExtractorConfig } = require('@microsoft/api-extractor');
const path = require('path');
const configPath = path.join(__dirname, 'api-extractor.json');
const extractorConfig = ExtractorConfig.loadFileAndPrepare(configPath);
const extractorResult = Extractor.invoke(extractorConfig, {
localBuild: true,
showVerboseMessages: true
});
if (extractorResult.succeeded) {
console.log('API documentation generated successfully');
} else {
console.error(`API documentation generation failed with ${extractorResult.errorCount} errors`);
}
Ensure API Compatibility
This feature allows you to ensure API compatibility by comparing the current API surface with a previously generated API report. It helps in maintaining backward compatibility and avoiding breaking changes.
const { Extractor, ExtractorConfig } = require('@microsoft/api-extractor');
const path = require('path');
const configPath = path.join(__dirname, 'api-extractor.json');
const extractorConfig = ExtractorConfig.loadFileAndPrepare(configPath);
const extractorResult = Extractor.invoke(extractorConfig, {
localBuild: true,
showVerboseMessages: true
});
if (extractorResult.succeeded) {
console.log('API compatibility check passed');
} else {
console.error(`API compatibility check failed with ${extractorResult.errorCount} errors`);
}
TypeDoc is a documentation generator for TypeScript projects. It generates API documentation directly from the source code, similar to how @microsoft/api-extractor generates API reports and documentation. However, TypeDoc focuses more on generating comprehensive documentation rather than managing API surfaces.
API Documenter is another tool from Microsoft that works in conjunction with API Extractor. It generates Markdown documentation from the API reports produced by API Extractor. While API Extractor focuses on analyzing and managing the API surface, API Documenter focuses on creating readable documentation.
TSDoc is a standard for documenting TypeScript code. It provides a consistent way to write comments and generate documentation. While TSDoc itself is not a tool, it is often used in conjunction with tools like TypeDoc and API Extractor to ensure consistent and comprehensive documentation.
API Extractor helps you build better TypeScript library packages. Suppose for example that your company has published an NPM package called "awesome-widgets" that exports many classes and interfaces. As developers start to depend on your library, you may encounter issues such as...
Accidental breaks: People keep reporting that their code won't compile after a supposedly "minor" update. To address this, you boldly propose that every awesome-widgets pull request must be approved by an experienced developer from your team. But that proves unrealistic -- nobody has time to look at every single PR! What you really need is a way to detect PRs that change API contracts, and flag them for review. That would focus attention in the right place... but how to do that?
Missing exports: Suppose the awesome-widgets package exports an API function AwesomeButton.draw()
that requires a parameter of type DrawStyle
, but you forgot to export this enum. Things seem fine at first, but when a developer tries to call that function, they discover that there's no way to specify the DrawStyle
. How to avoid these oversights?
Accidental exports: You meant for your DrawHelper
class to be kept internal, but one day you realize it's being exported. When you try to remove it, consumers complain that they're using it. How do we avoid this in the future?
Alpha/Beta graduation: You want to release previews of new APIs that are not ready for prime time yet. But if you did a major SemVer bump every time these definitions evolve, the villagers would be after you with torches and pitchforks! A better approach is to designate certain classes/members as alpha quality, then promote them to beta and finally to public as they mature. But how to indicate this to your consumers? (And how to detect scoping mistakes? A public function should never return a beta result.)
*.d.ts rollup: You webpacked your library into a nice *.js bundle file -- so why ship your typings as a messy tree of lib/*.d.ts files full of private definitions? Can't we consolidate them into a tidy *.d.ts rollup file? And if you publish internal/beta/public releases, each release type should get its own *.d.ts file with appropriate trimming. Developers building a production project don't want to see a bunch of internal and beta members in their VS Code IntelliSense!
Online documentation: You have faithfully annotated each TypeScript member with nice JSDoc descriptions. Now that your library has shipped, it's time to set up a nicely formatted API reference. What tool to use?
API Extractor provides an integrated, professional-quality solution for all these problems. It is invoked at build time by your toolchain and leverages the TypeScript compiler engine to:
Best of all, API Extractor is free and open source. Join the community and create a pull request!
The GitHub wiki has complete, up-to-date documentation: https://aka.ms/extractor
FAQs
Analyze the exported API for a TypeScript library and generate reviews, documentation, and .d.ts rollups
We found that @microsoft/api-extractor demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.