Product
Socket Now Supports uv.lock Files
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
@stoplight/spectral
Advanced tools
Warning This is still a prototype and not ready for general use.
This is an enhanced version of the speccy project. Differences between this project and speccy include:
Lint rules can be applied to any JSON object, not just OAS3 specifications.
All dependencies on the oas-kit repository have been removed, since rules are no longer OAS-specific.
The rule structure has been modified slightly to use
JSONPath path
parameters instead
of the object
parameters (which were OAS-specific).
Rules are more clearly defined (thanks to TypeScript typings) and now require
specifying a type
parameter.
Some rule types have been enhanced to be a little more flexible. An example of
this includes the ability to specify the object to be linted in the path
parameter itself, instead of relying on rule-specific options to be applied.
Ported to TypeScript.
Things that speccy has, but spectral does not (though they would be easy to add):
A 'server' and CLI mode
The ability to add rules from file
The ability for rule files to specify a dependency on other rule files
import { Spectral } from '@stoplight/spectral';
import { defaultRuleset } from '@stoplight/spectral/rulesets';
// an OASv2 specification
var myOAS = {
[...]
responses: {
'401asdf': {
description: '',
schema: {
$ref: '#/definitions/error-response',
},
},
},
[...]
};
// create a new instance of spectral with all of the baked in rulesets
const spectral = new Spectral({ rulesets: [defaultRuleset()] });
// run!
console.log(spectral.run({ spec: 'oas2', target: myOAS }));
// [ {
// path: '$.responses',
// rule:
// { type: 'pattern',
// name: 'all-responses-must-be-numeric',
// path: '$..responses',
// enabled: true,
// description: 'reference components should all match regex ^[0-9]+',
// pattern: { property: '*', value: '^[0-9]+$' } },
// error:
// Error {
// operator: 'to be',
// expected: true,
// message: 'reference components should all match regex ^[0-9]+',
// showDiff: true,
// actual: false,
// stackStartFunction: [Function: assert],
// negate: false,
// assertion:
// Assertion {
// obj: false,
// anyOne: false,
// negate: false,
// params: [Object],
// onlyThis: undefined,
// light: false } } } ]
FAQs
[![Demo of Spectral linting an OpenAPI document from the CLI](./docs/img/readme-header.svg)](https://stoplight.io/api-governance?utm_source=github&utm_medium=spectral&utm_campaign=readme) [![CircleCI](https://img.shields.io/circleci/build/github/stoplight
The npm package @stoplight/spectral receives a total of 18,658 weekly downloads. As such, @stoplight/spectral popularity was classified as popular.
We found that @stoplight/spectral demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 34 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.