Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@phryneas/experimental-oazapfts
Advanced tools
Generate TypeScript clients to tap into OpenAPI servers.
oazapfts
does not use templates to generate code but uses TypeScript's built-in API to generate and pretty-print an abstract syntax tree.npm install oazapfts
NOTE: With version 3.0.0 oazapfts has become a runtime dependency and the generated code does no longer include all the fetch logic.
oazapfts <spec> [filename]
Options:
--exclude, -e tag to exclude
--include, -i tag to include
Where <spec>
is the URL or local path of an OpenAPI or Swagger spec (in either json or yml) and <filename>
is the location of the .ts
file to be generated. If the filename is omitted, the code is written to stdout.
The generated file exports a defaults
constant that can be used to override the basePath
, provide a custom fetch
implementation or to send additional headers with each request:
import * as api from "./api.ts";
import nodeFetch from "node-fetch";
api.default.basePath = "https://example.com/api";
api.defaults.headers = {
access_token: "secret",
};
api.defaults.fetch = nodeFetch;
For each operation defined in the spec the generated API will export a function with a name matching the operationId
. If no id is specified, a reasonable name is generated from the HTTP verb and the path.
The last argument of each function is an optional RequestOpts
object that can be used to pass options to the fetch
call, for example to pass additional headers or an AbortSignal
to cancel the request later on.
Each function returns a Promise for an ApiResponse
which is an object with a status
and a data
property, holding the HTTP status code and the properly typed data from the response body. Since an operation can return different types depending on the status code, the actual return type is a union of all possible responses, discriminated by their status.
Consider the following code generated from the petstore.json
example:
export function getPetById(petId: number, opts?: RequestOpts) {
return fetchJson<
| {
status: 200;
data: Pet;
}
| {
status: 400;
data: string;
}
| {
status: 404;
data: string;
}
>(`/pet/${petId}`, {
...opts,
});
}
In this case the data
property is typed as Pet|string
. We can use a type guard to narrow down the type to Pet
:
const res = await api.getPetById(1);
if (res.status === 200) {
const pet = res.data;
// pet is properly typed as Pet
}
if (res.status === 404) {
const message = res.data;
// message is a string
} else {
// handle the error
}
The above code can be simplified by using the handle
helper:
import { handle } from "oazapfts";
await handle(api.getPetById(1), {
200(pet) {
// pet is properly typed as Pet
},
404(message) {
// message is as string
},
});
The helper will throw an HttpError
error for any unhanled status code unless you add a default
handler:
await handle(api.getPetById(1), {
200(pet) {
// ...
},
default(status, data) {
// handle error
},
});
Instead of handling errors right in place we can also use the ok
helper:
import { ok } from "oazapfts";
const pet = await ok(api.getPetById(1));
With this pattern pet
will be typed as Pet
and a HttpError
will be thrown in case of an error.
You can even turn your whole API into an optimistic one:
import { optimistic } from "oazapfts";
import * as rawApi from "./api.ts";
const api = optimistic(rawApi);
const pet = await api.getPetById(1);
Since version 3.1.0 you can also use the --optimistic
flag on the command line to generate an optimistic API by default.
The name comes from a combination of syllables oa (OpenAPI) and ts (TypeScript) and is pronounced 🗣 like the Bavarian O'zapt'is! (it's tapped), the famous words that mark the beginning of the Oktoberfest.
MIT
FAQs
OpenApi TypeScript client generator
The npm package @phryneas/experimental-oazapfts receives a total of 1 weekly downloads. As such, @phryneas/experimental-oazapfts popularity was classified as not popular.
We found that @phryneas/experimental-oazapfts demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.