Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
@stoplight/json-ref-resolver
Advanced tools
@stoplight/json-ref-resolver is a utility for resolving JSON references ($ref) in JSON documents. It helps in dereferencing and bundling JSON schemas or other JSON documents that contain references to other documents or internal references.
Dereferencing JSON References
This feature allows you to resolve internal JSON references within a document. The example shows how a reference to '#/bar' is resolved to the actual content of 'bar'.
const { resolve } = require('@stoplight/json-ref-resolver');
const document = {
"foo": { "$ref": "#/bar" },
"bar": { "baz": 123 }
};
resolve(document).then(result => {
console.log(result);
// Output: { foo: { baz: 123 }, bar: { baz: 123 } }
});
Resolving External JSON References
This feature allows you to resolve external JSON references by fetching the referenced document from a URL. The example shows how a reference to an external URL is resolved.
const { resolve } = require('@stoplight/json-ref-resolver');
const document = {
"foo": { "$ref": "http://example.com/bar.json" }
};
resolve(document).then(result => {
console.log(result);
// Output will depend on the content of http://example.com/bar.json
});
Custom Resolvers
This feature allows you to define custom resolvers for handling specific types of references. The example shows how to create a custom resolver for a 'custom://' scheme.
const { resolve } = require('@stoplight/json-ref-resolver');
const customResolver = {
canRead: (file) => file.url.startsWith('custom://'),
read: (file) => Promise.resolve({ custom: 'data' })
};
const document = {
"foo": { "$ref": "custom://example" }
};
resolve(document, { resolvers: [customResolver] }).then(result => {
console.log(result);
// Output: { foo: { custom: 'data' } }
});
json-schema-ref-parser is a powerful library for parsing, resolving, and dereferencing JSON Schema $ref pointers. It supports both internal and external references and provides similar functionality to @stoplight/json-ref-resolver. However, it is more focused on JSON Schema specifically.
json-ref-lite is a lightweight library for resolving JSON references. It is simpler and has fewer features compared to @stoplight/json-ref-resolver, making it suitable for basic use cases where performance and simplicity are priorities.
json-refs is another library for resolving JSON references. It provides a comprehensive set of features for both internal and external references, similar to @stoplight/json-ref-resolver. It also includes additional utilities for working with JSON references.
Dereference $ref values in JSON Schema, OpenAPI (Swagger), and any other objects with $ref values inside of them.
http://
, file://
, mongo://
, custom://
... etc.Supported in modern browsers and node.
# latest stable
yarn add @stoplight/json-ref-resolver
All relevant types and options can be found in src/types.ts.
// Import the Resolver class.
import { Resolver } from "@stoplight/json-ref-resolver";
/**
* Create a Resolver instance. Resolve can be called on this instance multiple times to take advantage of caching.
*
* @param globalOpts {IResolverOpts} [{}]
*
* These options are used on every resolve call for this resolver instance.
*
* See `IResolverOpts` interface defined in [src/types.ts](src/types.ts) for available options.
*
* @return IResolver
*/
const resolver = new Resolver(globalOpts);
/**
* Resolve the passed in object, replacing all references.
* @param resolveOpts {any} - The object to resolve.
* @param resolveOpts {IResolveOpts} [{}]
*
* These options override any globalOpts specified on the resolver instance, and only apply during this resolve call.
*
* See `IResolveOpts` interface defined in [src/types.ts](src/types.ts) for available options.
*
* @return IResolveResult - see [src/types.ts](src/types.ts) for interface definition.
*/
const resolved = await resolver.resolve(sourceObj, resolveOpts);
By default, only inline references will be dereferenced.
import { Resolver } from "@stoplight/json-ref-resolver";
const resolver = new Resolver();
const resolved = await resolver.resolve({
user: {
$ref: "#/models/user"
},
models: {
user: {
name: "john"
}
}
});
// ==> result is the original object, with local refs resolved and replaced
expect(resolved.result).toEqual({
user: {
name: "json"
},
models: {
user: {
name: "john"
}
}
});
This will dereference the minimal number of references needed for the given target, and return the target.
In the example below, the address reference (https://slow-website.com/definitions#/address
) will NOT be dereferenced, since
it is not needed to resolve the #/user
jsonPointer target we have specified. However, #/models/user/card
IS dereferenced since
it is needed in order to full dereference the #/user
property.
import { Resolver } from "@stoplight/json-ref-resolver";
const resolver = new Resolver();
const resolved = await resolver.resolve(
{
user: {
$ref: "#/models/user"
},
address: {
$ref: "https://slow-website.com/definitions#/address"
},
models: {
user: {
name: "john",
card: {
$ref: "#/models/card"
}
},
card: {
type: "visa"
}
}
},
{
jsonPointer: "#/user"
}
);
// ==> result is the target object, with refs resolved and replaced
expect(resolved.result).toEqual({
name: "json",
card: {
type: "visa"
}
});
By default only inline references (those that point to values inside of the original object) are dereferenced.
In order to dereference remote URIs (file, http, etc) you must provide resolvers for each URI scheme.
Resolvers are keyed by scheme, receive the URI to fetch, and must return the fetched data.
import { Resolver } from "@stoplight/json-ref-resolver";
// some example http library
import * as axios from "axios";
// if we're in node, we create a file resolver with fs
import * as fs from "fs";
// create our resolver instance
const resolver = new Resolver({
// resolvers can do anything, so long as they define an async read function that resolves to a value
resolvers: {
// this resolver will be invoked for refs with the https protocol
https: {
async resolve(ref: uri.URI) {
return axios({
method: "get",
url: String(ref)
});
}
},
// this resolver will be invoked for refs with the file protocol
file: {
async resolve(ref: uri.URI) {
return fs.read(String(ref));
}
}
}
});
const resolved = await resolver.resolve({
definitions: {
someOASFile: {
$ref: "./main.oas2.yml#/definitions/user"
},
someMarkdownFile: {
$ref: "https://foo.com/intro.md"
}
}
});
// ==> result is the original object, with refs resolved and replaced
expect(resolved.result).toEqual({
definitions: {
someOASFile: {
// ... the data located in the relative file `./main.oas2.yml` and inner json path `#/definitions/user`
},
someMarkdownFile: {
// ... the data located at the url `https://foo.com/intro.md`
}
}
});
If there are relative remote references (for example, a relative file path ../model.json
), then the location of the source
data must be specified via the baseUri
option. Relative references will be dereferenced against this baseUri.
import { Resolver } from "@stoplight/json-ref-resolver";
import * as fs from "fs";
import * as URI from "urijs";
const resolver = new Resolver({
readers: {
file: {
async read(ref: uri.URI) {
return fs.read(String(ref));
}
}
}
});
const sourcePath = "/specs/api.json";
const sourceData = fs.readSync(sourcePath);
// sourceData === {
// user: {
// $ref: "../models/user.json"
// }
// }
const resolved = await resolver.resolve(sourceData, {
// Indicate where the `sourceData` being resolved lives, so that relative remote references can be fetched and resolved.
baseUri: new URI(sourcePath)
});
expect(resolved.result).toEqual({
user: {
// ... the user object defined in `../models/user.json`
}
});
In the above example, the user $ref will resolve to /models/user.json
, because ../models/user.json
is resolved against the baseUri of the current document (which was indicated at /specs/api.json
). Relative references will not work if the source document has no baseUri set.
feature/{name}
, chore/{name}
, or fix/{name}
branch.yarn
.yarn test.prod
.yarn commit
. NOTE: Commits that don't follow the conventional format will be rejected. yarn commit
creates this format for you, or you can put it together manually and then do a regular git commit
.git push
.develop
branch.FAQs
Recursively resolve JSON pointers and remote authorities.
The npm package @stoplight/json-ref-resolver receives a total of 613,358 weekly downloads. As such, @stoplight/json-ref-resolver popularity was classified as popular.
We found that @stoplight/json-ref-resolver demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.