@rhoas/spectral-ruleset
Advanced tools
A custom ruleset for Spectral following the RHOAS API Guidelines.
npm is required to use Spectral.
To use this Spectral ruleset add the following to your .spectral.yaml:
extends: 'node_modules/@rhoas/spectral-ruleset/dist/ruleset.yaml'
Alternatively you need to create new ruleset
echo 'extends: node_modules/@rhoas/spectral-ruleset/dist/ruleset.yaml' > .spectral.yaml
Run the Spectral CLI with yarn:
yarn add @rhoas/spectral-ruleset
yarn spectral lint ./path/to/openapi.yaml
or npm:
npm i -g @rhoas/spectral-ruleset
spectral lint ./path/to/openapi.yaml
The RHOAS ruleset extends the Spectral built-in "oas" ruleset (except operation-tags, openapi-tags). You can see the full list of rules from that ruleset here
OpenAPI schemas should be a minimum of v3.
openapi: 3.0
Recommended: Yes
Severity: warning
The servers OpenAPI object must be defined and must specify at minimum the following URLs:
servers:
- url: https://api.openshift.com
- url: https://api.stage.openshift.com
- url: http://localhost:8000
- url: /
Recommended: Yes
Severity: warning
The info.license.name field must be "Apache 2.0".
info:
license:
name: 'Apache 2.0'
Recommended: Yes Severity: warning
The info.license.url field must have the correct link for Apache 2.0.
info:
license:
url: 'https://www.apache.org/licenses/LICENSE-2.0'
Recommended: Yes
Severity: warning
All paths must match the specified regular expression: \/api\/([a-z_]*){1,}(\/v[0-9]*(alpha|beta)?)(\/{?[a-z_]*}?){0,}$.
/api/api/kafkas_mgmt) and may only be snake_case.v1 or a channel-version such as v1beta, v1alpha.snake_case and can only contain alphabetical characters along and underscores but can be repeated (e.g. /api/kafkas_mgmt/v1/kafkas/{id}/useful_metrics)Recommended: Yes Severity: warning
The content type for all responses must be application/json.
Recommended: Yes
Severity: warning
All error response bodies must reference #/components/Schemas/Error
Recommended: Yes
Severity: error
All API response bodies must be an object with three required properties:
type: object
required: [id, kind, href]
properties:
id:
type: string
kind:
type: string
href:
type: string
Recommended: Yes
Severity: error
All JSON schema objects defined in components.schemas must follow PascalCase.
Recommended: Yes
Severity: warning
All JSON schema properties defined must follow snake_case.
Recommended: Yes
Severity: error
components.schema MUST have a valid Error object.
Error:
type: object
required: [id, kind, href, code, reason]
properties:
id:
type: string
kind:
type: string
href:
type: string
code:
type: string
reason:
type: string
Recommended: Yes
Severity: warning
components.schema MUST have a valid ObjectReference object.
ObjectReference:
type: object
required: [id, kind, href]
properties:
id:
type: string
kind:
type: string
href:
type: string
Recommended: Yes
Severity: warning
components.schema MUST have a valid List object.
List:
required:
- kind
- page
- size
- total
- items
type: object
properties:
items:
type: array
kind:
type: string
page:
type: integer
size:
type: integer
total:
type: integer
Recommended: Yes
Severity: warning
$ref values cannot be a relative path to an external file. Please use the absolute URL or convert it to an internal $ref.
Recommended: Yes
Severity: error
NOTE: This project uses Yarn workspaces for easier development.
Install dependencies:
yarn install
Build:
yarn build
Running examples
Validate OpenAPI files using the uncompiled ruleset:
yarn build
yarn spectral-lint ./examples/openapi-valid.yaml
FAQs
Spectral ruleset
The npm package @rhoas/spectral-ruleset receives a total of 36 weekly downloads. As such, @rhoas/spectral-ruleset popularity was classified as not popular.
We found that @rhoas/spectral-ruleset demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket CEO Feross Aboukhadijeh discusses the recent npm supply chain attacks on PodRocket, covering novel attack vectors and how developers can protect themselves.
Security News
Maintainers back GitHub’s npm security overhaul but raise concerns about CI/CD workflows, enterprise support, and token management.
Product
Socket Firewall is a free tool that blocks malicious packages at install time, giving developers proactive protection against rising supply chain attacks.