Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@nesto-software/json-schema-ref-parser
Advanced tools
Parse, Resolve, and Dereference JSON Schema $ref pointers
You've got a JSON Schema with $ref
pointers to other files and/or URLs. Maybe you know all the referenced files ahead of time. Maybe you don't. Maybe some are local files, and others are remote URLs. Maybe they are a mix of JSON and YAML format. Maybe some of the files contain cross-references to each other.
{
"definitions": {
"person": {
// references an external file
"$ref": "schemas/people/Bruce-Wayne.json"
},
"place": {
// references a sub-schema in an external file
"$ref": "schemas/places.yaml#/definitions/Gotham-City"
},
"thing": {
// references a URL
"$ref": "http://wayne-enterprises.com/things/batmobile"
},
"color": {
// references a value in an external file via an internal reference
"$ref": "#/definitions/thing/properties/colors/black-as-the-night"
}
}
}
JSON Schema $Ref Parser is a full JSON Reference and JSON Pointer implementation that crawls even the most complex JSON Schemas and gives you simple, straightforward JavaScript objects.
$ref
pointers to external files and URLs, as well as custom sources such as databases$ref
pointers$ref
pointers to the same value always resolve to the same object instance$RefParser.dereference(mySchema, (err, schema) => {
if (err) {
console.error(err);
}
else {
// `schema` is just a normal JavaScript object that contains your entire JSON Schema,
// including referenced files, combined into a single object
console.log(schema.definitions.person.properties.firstName);
}
})
Or use async
/await
syntax instead. The following example is the same as above:
try {
let schema = await $RefParser.dereference(mySchema);
console.log(schema.definitions.person.properties.firstName);
}
catch(err) {
console.error(err);
}
For more detailed examples, please see the API Documentation
Install using npm:
npm install @apidevtools/json-schema-ref-parser
When using JSON Schema $Ref Parser in Node.js apps, you'll probably want to use CommonJS syntax:
const $RefParser = require("@apidevtools/json-schema-ref-parser");
When using a transpiler such as Babel or TypeScript, or a bundler such as Webpack or Rollup, you can use ECMAScript modules syntax instead:
import $RefParser from "@apidevtools/json-schema-ref-parser";
JSON Schema $Ref Parser supports recent versions of every major web browser. Older browsers may require Babel and/or polyfills.
To use JSON Schema $Ref Parser in a browser, you'll need to use a bundling tool such as Webpack, Rollup, Parcel, or Browserify. Some bundlers may require a bit of configuration, such as setting browser: true
in rollup-plugin-resolve.
Full API documentation is available right here
I welcome any contributions, enhancements, and bug-fixes. Open an issue on GitHub and submit a pull request.
To build/test the project locally on your computer:
Clone this repo
git clone https://github.com/APIDevTools/json-schema-ref-parser.git
Install dependencies
npm install
Run the tests
npm test
JSON Schema $Ref Parser is 100% free and open-source, under the MIT license. Use it however you want.
This package is Treeware. If you use it in production, then we ask that you buy the world a tree to thank us for our work. By contributing to the Treeware forest you’ll be creating employment for local families and restoring wildlife habitats.
Thanks to these awesome companies for their support of Open Source developers ❤
FAQs
Parse, Resolve, and Dereference JSON Schema $ref pointers
The npm package @nesto-software/json-schema-ref-parser receives a total of 4 weekly downloads. As such, @nesto-software/json-schema-ref-parser popularity was classified as not popular.
We found that @nesto-software/json-schema-ref-parser demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.