Security News
Crates.io Implements Trusted Publishing Support
Crates.io adds Trusted Publishing support, enabling secure GitHub Actions-based crate releases without long-lived API tokens.
By Sarah Gooding - Jul 16, 2025
You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP →
@stoplight/json-schema-ref-parser
Advanced tools
@stoplight/json-schema-ref-parser
Parse, Resolve, and Dereference JSON Schema $ref pointers
JSON Schema $Ref Parser
Parse, Resolve, and Dereference JSON Schema $ref pointers
The Problem:
You've got a JSON Schema with $ref pointers to other files and/or URLs. Maybe you know all the referenced files ahead of time. Maybe you don't. Maybe some are local files, and others are remote URLs. Maybe they are a mix of JSON and YAML format. Maybe some of the files contain cross-references to each other.
{
"definitions": {
"person": {
// references an external file
"$ref": "schemas/people/Bruce-Wayne.json"
},
"place": {
// references a sub-schema in an external file
"$ref": "schemas/places.yaml#/definitions/Gotham-City"
},
"thing": {
// references a URL
"$ref": "http://wayne-enterprises.com/things/batmobile"
},
"color": {
// references a value in an external file via an internal reference
"$ref": "#/definitions/thing/properties/colors/black-as-the-night"
}
}
}
The Solution:
JSON Schema $Ref Parser is a full JSON Reference and JSON Pointer implementation that crawls even the most complex JSON Schemas and gives you simple, straightforward JavaScript objects.
- Use JSON or YAML schemas — or even a mix of both!
- Supports
$refpointers to external files and URLs, as well as custom sources such as databases - Can bundle multiple files into a single schema that only has internal
$refpointers - Can dereference your schema, producing a plain-old JavaScript object that's easy to work with
- Supports circular references, nested references, back-references, and cross-references between files
- Maintains object reference equality —
$refpointers to the same value always resolve to the same object instance - Tested in Node and all major web browsers on Windows, Mac, and Linux
Example
$RefParser.dereference(mySchema, (err, schema) => {
if (err) {
console.error(err);
}
else {
// `schema` is just a normal JavaScript object that contains your entire JSON Schema,
// including referenced files, combined into a single object
console.log(schema.definitions.person.properties.firstName);
}
})
Or use async/await syntax instead. The following example is the same as above:
try {
let schema = await $RefParser.dereference(mySchema);
console.log(schema.definitions.person.properties.firstName);
}
catch(err) {
console.error(err);
}
For more detailed examples, please see the API Documentation
Installation
Install using npm:
npm install @apidevtools/json-schema-ref-parser
Usage
When using JSON Schema $Ref Parser in Node.js apps, you'll probably want to use CommonJS syntax:
const $RefParser = require("@apidevtools/json-schema-ref-parser");
When using a transpiler such as Babel or TypeScript, or a bundler such as Webpack or Rollup, you can use ECMAScript modules syntax instead:
import $RefParser from "@apidevtools/json-schema-ref-parser";
Browser support
JSON Schema $Ref Parser supports recent versions of every major web browser. Older browsers may require Babel and/or polyfills.
To use JSON Schema $Ref Parser in a browser, you'll need to use a bundling tool such as Webpack, Rollup, Parcel, or Browserify. Some bundlers may require a bit of configuration, such as setting browser: true in rollup-plugin-resolve.
API Documentation
Full API documentation is available right here
Contributing
I welcome any contributions, enhancements, and bug-fixes. File an issue on GitHub and submit a pull request.
Building/Testing
To build/test the project locally on your computer:
-
Clone this repo
git clone https://github.com/APIDevTools/json-schema-ref-parser.git -
Install dependencies
npm install -
Run the tests
npm test
License
JSON Schema $Ref Parser is 100% free and open-source, under the MIT license. Use it however you want.
This package is Treeware. If you use it in production, then we ask that you buy the world a tree to thank us for our work. By contributing to the Treeware forest you’ll be creating employment for local families and restoring wildlife habitats.
Big Thanks To
Thanks to these awesome companies for their support of Open Source developers ❤
FAQs
Parse, Resolve, and Dereference JSON Schema $ref pointers
We found that @stoplight/json-schema-ref-parser demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 18 Mar 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Tracking Protestware Spread: 28 npm Packages Affected by Payload Targeting Russian-Language Users
Undocumented protestware found in 28 npm packages disrupts UI for Russian-language users visiting Russian and Belarusian domains.
By Olivia Brown - Jul 15, 2025
Research
/Security News
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
By Kirill Boychenko - Jul 14, 2025